Hackers have recently stolen cryptocurrency in the neighborhood of $326 million dollars from a decentralized platform, making this the fourth-largest cryptocurrency theft ever
The following written content from Aaron M. Lane
News emerged overnight of the potential theft of more than US$326 million (A$457.7 million) of Ethereum tokens from a blockchain bridge (which connects two blockchains so cryptocurrency can be exchanged between them).
It’s no surprise. Crypto crime has been on the rise – especially since the pandemic began. How are these crimes committed? And what can you do to stay ahead of scammers?
Direct theft vs scams
There are two main ways criminals obtain cryptocurrency: stealing it directly, or using a scheme to trick people into handing it over.
In 2021, crypto criminals directly stole a record US$3.2 billion (A$4.48 billion) worth of cryptocurrency, according to Chainalysis. That’s a fivefold increase from 2020. But schemes continue to overshadow outright theft, enabling scammers to lure US$7.8 billion (A$10.95 billion) worth of cryptocurrency from unsuspecting victims.
Crypto crime is a fast-growing enterprise. The rise of the crypto economy and decentralised finance (or DeFi), coupled with record cryptocurrency prices in 2021, has provided criminals with lucrative opportunities.
Australian data confirm the global trends. The Australian Consumer and Competition Commission reported more than A$26 million was lost to scams involving cryptocurrency in 2020 from 1,985 reports. In December, federal police told the ABC crypto scam losses for 2021 exceeded A$100 million. That’s despite many incidents likely left unreported, often due to embarrassment by victims.
Theft from exchanges
Most consumers obtain cryptocurrency from an exchange. This involves opening an account and depositing currency, such as Australian dollars, before converting it to a chosen cryptocurrency.
Typically the cryptocurrency is held in a “custodial wallet”. That means it’s assigned to the consumer’s account, but the private keys that control the cryptocurrency are held by the exchange. In other words, the exchange stores the cryptocurrency on the consumer’s behalf.
But just as a bank doesn’t hold all of its deposits in cash, an exchange will only hold enough cryptocurrency in “hot” wallets (connected to the internet) to facilitate customer transactions. For security, the remainder is held in “cold” wallets (not connected to the internet).
Unlike a bank, however, the government does not have a financial claims scheme to guarantee cryptocurrency deposits if the exchange goes bust.
The recent BitMart hack is a cautionary tale. On December 4, the exchange announced it had “identified a large-scale security breach” resulting in the theft of about US$150 million (A$210.6 million) in crypto assets from hot wallets.
BitMart temporarily suspended withdrawals and later promised it would use its “own funding to cover the incident and compensate affected users”. It’s unclear when this will happen, with the CNBC reporting in January that customers were still unable to access their cryptocurrency. BitMart wasn’t the first exchange to be hacked, and it won’t be the last.
Similarly, consumers may be left with losses if an exchange fails for commercial reasons, rather than theft. Australians were left stranded in December when liquidators were appointed over Melbourne-based exchange myCryptoWallet.
One way consumers can protect themselves from exchange theft, or insolvency, is to transfer their cryptocurrency from the exchange to a software wallet (a secure application installed on a computer or smartphone) or a hardware wallet (a hardware device that can be disconnected from the computer and internet).
The cryptocurrency will then be under your direct control. But be warned. Read more from The Conversation