One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing.
Decentralization is a hot-button topic in 2022.
To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the flow of information, and bad data privacy and data monetization practices. Proponents of distributed blockchain technology offer web3 as the decentralized solution to these problems, but web3 has some kinks to work out before it can replace the established infrastructure of web2.
One of those kinks involves...
The full story behind the first major crypto hack and how much really was lost.
MtGox was one of the very first platforms on which people could buy, sell, and trade bitcoin.
Launched in July 2010, by 2014 the Tokyo-based company was handling over 70% of all BTC transactions globally. It was on a trajectory that could have put it alongside or even in place of the major exchanges we know today, such as Coinbase, Kraken, Binance, etc. In fact, the domain name ‘mtgox.com’ was initially purchased in 2007 by the MtGox founder, Jed McCaleb, with the intention of building a...
Many believe total anonymity is possible using privacy enhanced cryptocurrencies. It might not always be the case.
Are popular cryptocurrencies like Bitcoin and Ethereum private?
Absolutely not.
There are privacy enhancing tools and techniques that can be used to obscure crypto transactions, but in general most cryptocurrencies leave a very convenient trail to trace for investigators and law enforcement.
But not all cryptocurrencies are made the same.
This article will provide a brief overview of the most private cryptocurrencies, how they’re used for user privacy and sometimes to avoid detection of fraud or other cybercrimes, and how they can still be traced by professional...
One key to fighting money laundering is understanding its process and the vulnerabilities in each stage of it. In the first stage, the Placement stage, money launderers deposit their criminal revenues in financial institutions.
In that stage, detection teams proficient in Know Your Customer (KYC)/Customer Due Diligence (CDD) practices for combatting money laundering do extensive investigations to detect efforts to place illicit funds in their financial institution. Unfortunately, many placements still succeed.
That moves the battle that KYC/CDD teams fight to the second money laundering stage, Layering. Layering involves building a complex web of money transfers to obscure the funds’ criminal...
Verified crypto-exchange accounts have become a hot commodity on the dark web, with login credentials available for as little as $20, according to May data from threat intelligence firm Privacy Affairs. But the price for verified crypto accounts has been steadily rising, with some ‘logs,’ a darknet slang term for stolen or nominee credentials, fetching as much as $2,650 per account, Privacy Affairs research shows.
While the U.S.-based Bittrex crypto exchange hosts the cheapest logs, Germany’s N26 mobile banking platform claims the most expensive ones. This price increase has occurred despite a generally bearish market environment for crypto assets. Fueled...
Wallet Attacks: A Deep-dive
Wallets are a logical target for cyber-attacks, along with the emerging institutions that hold custody of them on users’ behalf. While secured with technically unbreakable code, hackers have found numerous ways to gain illicit access to user wallets, whether by deception, theft, or ingenuity. In responding to this threat, the crypto-industry must consider whether to opt for traditional KYC-based measures or to seek crypto-native solutions to this perennial issue. If the industry fails to agree, it could lead to a two-tier system of ‘pure’ crypto institutions and players that embrace centralized and a certain necessary degree...
The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. I suspect a larger one is just behind the corner)
It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but I wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while I was conducting my research; that’s how I know this will be the most accurate and up-to-date list of the top 12 hacking incidents in...
What Are Blockchains Layers 0, 1, and 2?
A blockchain is a complex, multi-layered system. Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network. Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top of the blockchain.
In addition to these various layers within a blockchain, there is now the concept of Layer 0, 1, and 2 blockchain solutions. Each of these “layers” is intended to describe a particular function that has been added to or abstracted from the blockchain.
In...
Recent advances in Distributed Ledger Technology (DLT) / Blockchain have significant implications for the global economy and financial services FinTech and Decentralized Finance (DeFi) solutions.
Blockchain is a set of technologies that through distributed computing and mathematics can now deliver Trust to an enterprise, consumer or financial institution remotely and without human intervention. Blockchain continues to improve at a torrid pace, driven first by Moore’s law and second by extraordinary advances in software and connectivity. As technology advances, the rapidly increasing number of use cases being developed on top of blockchain are illustrating the transformative potential of the technology to...
In the U.S. alone, SIM-swapping attacks resulted in $72 million worth of losses last year, four-million dollars more than 2021, according to the Federal Bureau of Investigation. In a 2022 public service announcement, the FBI defined SIM swapping as a “malicious technique where criminal actors target mobile carriers to gain access to victims' bank accounts, virtual currency accounts, and other sensitive information.”
The PSA noted that threat actors “primarily conduct SIM swap schemes using social engineering, insider threat, or phishing techniques.” Threat actors execute their SIM swap attacks via social-engineering ruses, where they impersonate authorized mobile-carrier account holders and dupe...
Money laundering is a crime that many people consider irrelevant to them. If a problem at all, they consider it a problem only for banks. That is far from true. Money laundering has massive effects not only on financial institutions, but also on governments, industries, economies and all individuals.
What are the effects of these widespread crimes that fly under the radar of much of the population? And why are these effects so massive?
Understanding the economic cost
It’s hard to pin down a dollar amount for what money laundering costs the global economy. Normal economic activity measurements can’t track funds generated...
The utopian view of the blockchain as an unhackable alternative to the status quo is a pipedream. Many traditional cyberattacks are effective in a blockchain-based setting, and even cryptographically-secured processes are prone to errors and exploits. Understanding the potential attack vectors is a prerequisite to building a stable blockchain-based alternative to today’s centralized networks.
Introduction
The capacity for blockchain to alter the modern-day economy and society is immense. This potential goes well beyond the creation of cryptocurrencies and trustless payment systems.
While still early in their evolution, blockchain networks have been shown to enable new means of exchanging value (tokenization), making agreements...
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack
The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance.
A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is needed. Instead, the borrower needs to set up a series of trades using smart contracts that can all be executed at once, and they must...
Network Attacks: A Deep-dive
Network attacks are a class of exploits that focus on the isolation and manipulation of individual nodes or groups of nodes. While blockchain networks are theoretically robust against such attempts, both hackers and academics have found loopholes that can be used not only to defraud and damage individuals, but also scale up to take down entire exchanges. While easily overlooked, the list of network attacks is likely to grow in the years ahead, and is worth preparing for.
Introduction
A blockchain network is powered by the exchange of information between nodes. These are the individual ‘worker ants’ whose...
Cyber-Attack Strategies in the Blockchain Era - A Framework for Categorizing the Emerging Threats to the Crypto Economy
Market attacks
Rely on the mass-manipulation of investors through asymmetric information
Pump-and-dump
Parties conspire to artificially inflate (pump) the price of an asset using various manipulation tactics (spoofing, wash selling, layering), in advance of selling (dumping) their stake. The reverse technique can be used to acquire an asset below fair value in a short-selling strategy.
Exit scam
A project such as an ICO or DAO raises substantial capital from investors, before unexpectedly terminating all operations. Rather than returning the capital to investors, the founders disappear with all...