In the early hours of Saturday Afternoon in early December, long-term Coinbase user David* received a text.
Seemingly legitimate, the message said someone had changed his Coinbase password, and a transaction was pending. Moments later, he received a call claiming the same thing.
Skeptical at first, his fears were subdued when the caller opened a legitimate ticket with Coinbase, receiving a case reference number he was asked to quote for “security purposes.” No specific sensitive information was exchanged, and a password reset was conducted on Coinbase.com. Days later, he found that he had been hacked.
David* is one of many targeted in the spreading rash of cyber hacks plaguing the fintech industry.
DeFi hacks roll on unabated
While companies fight to keep reports of the frequency of security breaches under wraps, there is a quiet and present danger of increased hack-sophistication seeping into the digital landscape.
Last year was the year of crypto hacks. Despite the dwindling valuations of tokens, almost $3 billion was stolen over the year. DeFi seemed to be the target of choice, accounting for two-thirds of all cyber hacks.
The effects of these hacks are still prevalent. An attack on Harmony Bridge executed on June 24, 2022, was exploited over the last weekend (Jan. 14, 2023) by the infamous Lazarus Group. A total of $63.5 million was moved in an attempt to launder the funds, adding to the estimated $2 billion in crypto heists the group has been accredited with.
Binance and Huobi have since claimed to have frozen some of the stolen assets, recovering 124 BTC, using the event as an opportunity to claim a need for CeFi in DeFi protocols.
The question stands, with all the foretold security and transparency of blockchain technology – why the focus of hackers on DeFi?
New technology creates vulnerabilities
“Hackers use various methods such as phishing (creating fake websites of popular services), installing malware on the victims’ devices to get access to one’s private keys, etc.,” said Slava Demchuk, CEO and Co-founder of AMLSafe.
It seems that hackers’ focus on DeFi comes down to the risk of using technology that is still relatively new.
“There is a clear trend (especially in 2021-22) that hackers attack decentralized arrangements such as bridges and protocols, as it is a new technology that is not tested with time,” he continued. “As a result, the technology is more vulnerable. Centralized entities have become more robust and incorporated defense mechanisms that reduce their vulnerabilities.”
“DeFi hacks hit record-high numbers in 2022 in terms of stolen funds. The reasons behind the successful hacks are vulnerabilities in smart contracts. The technology of smart contracts is relatively new, and hackers use the weaknesses in a system to steal funds.”
“Over time, they use more advanced social techniques such as emails, text messages, and other communication channels, enabling them to access private keys. The developing AI technologies, such as Deep Voice, also aid fraudsters in their attacks.”
Centralized storage of customers’ data could hold risk
In the recent case of Harmony Bridge, an advantage of involving centralized entities is very apparent. Due to Binance and Huobi’s control of the addresses, the companies were able to freeze and recover assets. Without their oversight and centralized control, this would have been unlikely.
However, this does not account for the full scope of the risk.
In the case of David’s* Coinbase attack, customers’ exploited information used by the hackers was said to have been obtained from a hack of the centralized exchange, Gemini.
In a separate attack, referenced by Binance CEO Chengpeng Zhao, Telegram was targeted to obtain email information and used to send a malicious code in the guise of an Excel file.
In both cases, centralized entities were targeted for the theft of something much more mundane than blockchain addresses — emails and phone numbers. These then provided a gateway for malware to attack.
Currently, the majority of crypto transactions are made through centralized exchanges. The market is now primarily dominated by Binance, holding 66.7% of the market share. Collecting such a large portion of customers’ data in a singular entity could make Binance a sitting duck for attempted hacks.
Like the alleged hack of Gemini leading to the theft of Coinbase customers, phishing attempts using vehicles such as customer emails could be acquired from a singular breach of the Binance database.
While the centralized exchanges bring with them the possibility of recuperating lost funds, in the case of David, Coinbase showed little interest in how the attack took place. He was left to fill out the application for reimbursement with little hope of redemption.
Avoiding the hack
It seems inevitable that the move to digital, with all the promise of new technology, includes an increased instance of cyber hacks, at least for the time being.
So how can one protect oneself? In short, it is difficult, primarily as new technology also benefits hackers. However, more companies are developing to curb the threat of cyber attacks on centralized businesses and, as a result, their clientele.
For the individual, the advice is “stay alert” and “don’t download unknown files” – a feeble cry in the face of the increased sophistication. While this may deter the novice hacker, email accounts and social media are increasingly used to infiltrate the digital community, resulting in malicious software delivered by real-life connections the unwitting user knows and trusts.
Heightened caution may be our only saving grace, short of burrowing into a life devoid of a digital footprint.
RELATED: Recent hacks teach valuable Web3 lessons
* The source under the name “David” has asked to be kept anonymous, but we have verified the account of the incident.