Cryptocurrency offers many positive opportunities, but because it’s so new and there’s so much money involved, it's attractive for hackers. The history of crypto is riddled with high-profile hacks that resulted in millions or billions of losses. Sadly, many businesses, start-ups, and investors lost all their crypto to hackers.
So how can cryptocurrency be hacked, and what can people do to protect their digital assets? Learning more about crypto hacks can help you defend your hard-earned crypto.
How does blockchain security work?
Blockchain technology has many built-in security features that make it difficult for hackers to corrupt. While a cryptocurrency hacker can take over a blockchain, they can likely steal tokens from sources such as a wallet or a cryptocurrency exchange.
Why is it so difficult to attack a blockchain? First, blockchains run, meaning they don't have a single point of failure. Also, cryptocurrencies use advanced encryption technologies, public ledgers, and consensus mechanisms to enhance security.
All transactions on blockchains like Bitcoin (BTC) are publicly viewable. In fact, everyone who wants to run a node on the Bitcoin blockchain needs to download the entire Bitcoin transaction history. This high degree of transparency helps prevent malicious actions from sending invalid transactions.
Consensus mechanisms like proof-of-work (PoW) and proof-of-stake (PoS) help a blockchain's participants validate transactions without relying on a third party. PoW requires that computers solve challenging algorithmic puzzles to confirm new transactions on the blockchain. Whereas in PoS, validators must lock crypto on the blockchain to confirm a new transaction.
The people mining or staking on blockchains are incentivized to play by the rules. Validators and miners only get token rewards if they perform their duties. Indeed, many PoS chains will "slash" a validator's crypto if the network detects an invalid transaction.
If someone wanted to corrupt a PoW chain, they’d need to have enough computing power to take over half of the network. In the case of PoS, a hacker would need to stake more than half of the total staking pool.
So while hacking a blockchain is possible, it's unlikely on large networks like Bitcoin or Ethereum (ETH). If a cryptocurrency hacker were to corrupt a blockchain, they’d likely focus on smaller altcoin projects.
What is a 51% attack?
Remember, a crypto hacker would need to take control of more than half a blockchain to corrupt the transaction history. This crypto hack is known as a 51% attack.
Most successful 51% attacks in crypto history took place on small- or mid-cap blockchains. For example, hackers were able to take over 51% of the mining power of Ethereum Classic (ETC) at least three times in 2020. The hackers were able to alter data on thousands of ETC blocks and make off with millions.
These 51% attacks are only practical on smaller blockchains because of the lower cost of taking over the network. Since Bitcoin's network is so large, it would require billions of dollars in hardware and electricity to maintain a sustained 51% attack.
Can cryptocurrency be hacked due to bug vulnerabilities?
Besides 51% attacks, skilled hackers may exploit vulnerabilities they find in a blockchain's code. There's always a risk that blockchain developers make mistakes when coding their projects. If the developers don't catch these flaws in time, it can lead to losses worth millions of dollars.
However, battle-tested blockchains like Bitcoin are more resilient to bug exploits than smaller blockchains. For instance, North Korean hackers were able to exploit the new Ronin blockchain in 2022 for more than $620 million. The Vietnamese company Sky Mavis created this Ethereum sidechain to reduce gas fees on its popular play-to-earn game Axie Infinity.
What are the most common crypto attacks?
Since it's relatively difficult to attack a blockchain, most crypto hackers focus on other aspects of the crypto ecosystem. Here are a few common targets crypto hackers focus on:
Many crypto hackers try to exploit vulnerabilities in a software crypto wallet's code. For example, hackers successfully drained Solana-based wallets in 2022, thanks to a bug in the Slope wallet. It's estimated investors lost Solana tokens worth around $8 million in this exploit.
In addition to attacking crypto wallets directly, hackers can use phishing attacks to get personal information from wallet holders. For instance, people who use the popular MetaMask wallet may have received phishing emails asking for personal information in 2022. Often, these phishing messages ask users for their cryptocurrency wallet's private key so hackers can access crypto funds.
Centralized crypto exchanges
Since centralized crypto exchanges (CEXs) store billions of dollars worth of crypto, they’re the prime targets for hackers. The Mt. Gox hack is the most famous example of a CEX hack in crypto history.
In 2014, a hacker stole 850,000 BTC from the Mt. Gox exchange, eventually leading Mt. Gox's management to file for bankruptcy. It wasn't until 2022 that those affected by the Mt. Gox hack were able to claim a portion of their lost crypto.
The scale of the Mt. Gox hack forced CEXs to put more security and insurance measures in place. Most high-profile CEXs keep their crypto in cold storage, and many use extra security measures like two-factor authentication.
However, major exchanges like Coinbase, Binance, and Crypto.com have suffered significant hacks in recent years. The CEX technically owns your crypto until you withdraw it to a private wallet. Also, although some CEXs offer insurance protections, there's never a guarantee they’ll reimburse customers during a hack.
Smart contracts are blockchain-based programs that can perform various functions without human intervention. A well-designed smart contract should be able to detect when predetermined conditions are met and perform its duty. A few common uses of smart contracts include token swaps on decentralized exchanges (DEXs) and minting NFTs (non-fungible tokens).
Similar to the underlying blockchain, a smart contract's security is only as good as its code. If developers miss details in their smart contract, a hacker can modify it and redeem crypto funds.
One of the most consequential smart contract hacks was the "DAO hack." DAO, or decentralized autonomous organization, refers to a smart contract-based governance structure prevalent in DeFi (decentralized finance). In the DAO hack, the DAO refers to a specific project on Ethereum that was used for decentralized venture capital funding.
In 2016, hackers were able to drain this DAO of about $60 million due to a weakness in the smart contract code. This incident led Ethereum developers to fork a new blockchain to reimburse investors. Ethereum Classic is the original blockchain, while the forked Ethereum became the world's second-largest digital currency.
Cross-chain bridges are designed to migrate tokens from one blockchain to another. While the goal of a cross-chain bridge is simple to understand, the technology behind them has proven difficult to perfect. Many headline-grabbing crypto hacks in recent years have occurred on this novel technology.
For instance, hackers could steal roughly $300 million from the Solana-to-Ethereum Wormhole bridge in 2022. Later, the cross-chain bridge on the Harmony blockchain lost $100 million to hackers.
Because crypto is anonymous, so are hackers. Many theorize that hackers often are actually the people who develop the protocols. The idea is that they leave a vulnerability and wait until the amount they can steal grows before exploiting. It is difficult to know the identity of hackers.
Tips to secure your crypto assets against hacks
Nobody can predict a crypto attack, but there are ways you can reduce the odds of losing your digital tokens to hackers and cybercriminals. Here are a few tips that’ll decrease your risk of losing your crypto:
- Never share your wallet's private keys: The private keys give anyone who has access to the crypto in a digital wallet. Therefore, crypto holders must place the highest importance on guarding their private keys. When setting up a crypto wallet, carefully write down this string of words and keep this note in a secure place such as a fireproof safe.
- Use two-factor authentication (2FA): High-quality crypto wallets and exchanges should allow users to enable 2FA with an authenticator app like Google Authenticator. Adding this second step to the sign-in process reduces the risk of a hack.
- Invest in a hardware wallet: Also called "cold wallets," hardware crypto wallets store your private keys offline in a USB-like device. While these devices aren't free like many software wallets, they have a lower risk of hacks.
- Be wary of small and unknown crypto projects: It's the safest option to stick with crypto exchanges, tokens, and dApps (decentralized apps) that have a large following and a long track record for success. The smaller a crypto project is, the more likely it’ll be an easy target for hackers.
Worldcoin is committed to improving the safety on Web3 without sacrificing values like decentralization and privacy. Our Orb technology can verify which crypto wallets have a unique human owner without requiring a personal ID. To learn more about how Worldcoin is working to reduce crypto hacks and scams and improve cybersecurity, subscribe to our blog.
Not only this, but we also aim to put a share of our crypto in the hands of every individual on the planet for free. We’re also airdropping free DAI to anyone who downloads our app.