It is every cryptocurrency project’s nightmare: Well-resourced hackers — perhaps backed by a rogue state such as North Korea — strike out of nowhere, dismantling cyberdefenses and making off with millions of dollars in customer funds.
Many crypto outfits have been permanently damaged this way. Yet across the industry, start-ups strapped for cash after a prolonged funding drought have cut security spending even as soaring digital-asset prices tempt hackers, firms that sift through code for weaknesses have found.
That leaves the cryptosphere vulnerable as the number of exploits targeting the industry skyrockets, undermining efforts to establish it as a viable alternative to traditional finance. In particular, hackers linked to North Korea, among the most sophisticated in the business, are showing no signs of letting up.
“The only way to stop exploits is to stop them from happening in the first place. That means hardening cyberdefenses,” said Ari Redbord, global head of policy at TRM Labs, which uses blockchain forensics to track crypto crimes.
Hacks and scams cost the crypto industry an estimated US$1.8 billion last year, down about 50 percent from 2022, said Immunefi, which runs a platform where companies offer bounties to those who locate and flag security flaws in their software.
A drop in the very biggest heists, such as the roughly US$600 million one related to blockchain game Axie Infinity two years ago, explains why the total value fell, but the number of incidents almost doubled, to 319, Immunefi said.
Lazarus Group, associated with North Korea, accounted for nearly one-fifth of total losses, Immunefi data showed.
A separate report from Chainalysis Inc in January showed that the number of North Korea-linked crypto hacks jumped to a record last year.
Crypto thieves have stalked the industry almost since its inception. In what remains perhaps the most famous incident to date, Japan-based Bitcoin exchange Mt. Gox was struck in 2011. Over time, the hackers made off with tokens worth billions of dollars based on the current market price.
Mt.Gox eventually went bankrupt and its users have yet to recover their losses.
As the number of blockchains and projects built upon them multiplied over the following years, so did the target surface area for hackers. Exploits mushroomed, creating a lucrative niche for security firms and “white-hat” hackers who earn bounties reaching into the millions of dollars for uncovering crypto vulnerabilities.
“When you have a really big incident, when you lose customer funds — you are either well funded enough that you or your investors can bail out your customers, or you don’t reimburse your users,” said Oliver Horr, director of operations at security firm Hats Finance. “Obviously if you don’t reimburse them, your product is dead, but both outcomes are pretty devastating.”
Despite the stakes, many firms find themselves having to make tough choices. While there is not any data tracking code-auditing spending by crypto firms, executives at outfits that provide such services say demand has cooled.
Even after the cost of a typical crypto audit dropped roughly 50 percent since 2022 to about US$20,000 per week, “projects are still unable to afford that,” said Hind Kurhan, who in September founded security auditing firm Thesis Defense and aims to establish an industry standard for audits.
At crypto-auditing start-up Halborn, “inbound interest” dropped 60 percent last year, CEO Robert Behnke said.
Rates for auditing a type of smart contract built on the Ethereum blockchain fell as much as 20 percent, he said.
Diligence, the auditing arm of ConsenSys, has seen the waiting time for its security screenings shrink.
Some companies are forgoing labor-intensive manual code audits in favor of using less-precise automated tools to scan for weaknesses, security experts say.
To be sure, audits are no guarantee that cyber defenses will hold.
Euler Finance, a decentralized lending protocol, was drained of almost US$200 million in cryptocurrencies by hackers in March last year, even after being audited “at great expense,” founder Michael Bentley said.
North Korea in particular poses a formidable threat to the industry.
The UN Security Council’s Panel of Experts said in a report this month that it is investigating 58 suspected cyberattacks by North Korean leader Kim Jong-un’s regime on crypto-related companies that took place between 2017 and last year and were valued at about US$3 billion, which “reportedly help to fund the country’s development of weapons of mass destruction.”
North Korean hacks were 10 times as damaging as those linked to other thieves, TRM said in a January report.
In June alone, Lazarus was responsible for high-profile heists targeting crypto companies Alphapo, CoinsPaid and Atomic Wallet, the FBI said.
“Over the last few years we have seen North Korea attack crypto projects at alarming speed and scale,” Redbord said. “It is absolutely critical that if you are building today in the crypto space — centralized or decentralized — that cybersecurity is foundational infrastructure.”
The US dollar was trading at NT$29.7 at 10am today on the Taipei Foreign Exchange, as the New Taiwan dollar gained NT$1.364 from the previous close last week. The NT dollar continued to rise today, after surging 3.07 percent on Friday. After opening at NT$30.91, the NT dollar gained more than NT$1 in just 15 minutes, briefly passing the NT$30 mark. Before the US Department of the Treasury's semi-annual currency report came out, expectations that the NT dollar would keep rising were already building. The NT dollar on Friday closed at NT$31.064, up by NT$0.953 — a 3.07 percent single-day gain. Today,
‘SHORT TERM’: The local currency would likely remain strong in the near term, driven by anticipated US trade pressure, capital inflows and expectations of a US Fed rate cut The US dollar is expected to fall below NT$30 in the near term, as traders anticipate increased pressure from Washington for Taiwan to allow the New Taiwan dollar to appreciate, Cathay United Bank (國泰世華銀行) chief economist Lin Chi-chao (林啟超) said. Following a sharp drop in the greenback against the NT dollar on Friday, Lin told the Central News Agency that the local currency is likely to remain strong in the short term, driven in part by market psychology surrounding anticipated US policy pressure. On Friday, the US dollar fell NT$0.953, or 3.07 percent, closing at NT$31.064 — its lowest level since Jan.
The New Taiwan dollar and Taiwanese stocks surged on signs that trade tensions between the world’s top two economies might start easing and as US tech earnings boosted the outlook of the nation’s semiconductor exports. The NT dollar strengthened as much as 3.8 percent versus the US dollar to 30.815, the biggest intraday gain since January 2011, closing at NT$31.064. The benchmark TAIEX jumped 2.73 percent to outperform the region’s equity gauges. Outlook for global trade improved after China said it is assessing possible trade talks with the US, providing a boost for the nation’s currency and shares. As the NT dollar
The Financial Supervisory Commission (FSC) yesterday met with some of the nation’s largest insurance companies as a skyrocketing New Taiwan dollar piles pressure on their hundreds of billions of dollars in US bond investments. The commission has asked some life insurance firms, among the biggest Asian holders of US debt, to discuss how the rapidly strengthening NT dollar has impacted their operations, people familiar with the matter said. The meeting took place as the NT dollar jumped as much as 5 percent yesterday, its biggest intraday gain in more than three decades. The local currency surged as exporters rushed to
RSS