Crypto hacks are getting more expensive

The target on the back of the crypto

Hackers and scammers have had a great time, striking on multiple fronts over the past few weeks. Online games, stablecoins, crypto wallets: nothing seems safe.

Even Elon Musk took notice. One of his complaints about Twitter is the prevalence of crypto scammers. The attacks underscore the vulnerability of DeFi and the complexity of securing decentralized blockchain operations.

Scammers exploit weak points and hit the jackpot. Willie Sutton maybe never said that he’s robbed banks “because that’s where the money is”, but that’s certainly a reason for recent hacks.

• Hackers stole over $650 million in ether and stablecoins from the Axie Infinity breach. This attack shed light on sidechains, networks that connect blockchains, known to be vulnerable to hacking.
• The Axie attack also highlighted how crypto scams are becoming a national security concern. The FBI said the attack was carried out by Lazarus Group and APT38, which are associated with North Korea. Experts believe that the money will fund North Korea’s weapons programs.
• Hackers got away with over $180 million in stablecoins from Magic Bean Farms by manipulating network governance processes, according to William Callahan, director of government and strategic affairs at Blockchain Intelligence Group. The thieves used “flash loans,” which allow users to borrow tokens without collateral, and used them to gain the voting power that allowed them to drain funds, Callahan told Protocol.
• Metamask also warned Apple device users that their wallet seed phrases could be exposed via automatic iCloud backups. Phishing scams look for users’ iCloud credentials.

Crypto hacks can be devastating for a DeFi project like Beanstalk. “There are no funds left,” a developer wrote on the project’s Discord chat server.

• Breaches are not necessarily fatal for DeFi projects. Shortly after the hack, Axie Infinity owner Sky Mavis announced funding of $150 million round led by Binance.
• “We know trust has to be earned,” Axie Infinity said. The VC money would surely come in handy to bolster its anti-piracy defenses.
• Investors’ portfolios are not unlimited, however, and VCs cater to their limited partners. Can Sand Hill Road take on hackers backed by nation states?

This is good news for anyone who wants to fight bad guys for a living. Hiring is through the roof.

• Cybersecurity and Blockchain are two big growth areas for tech jobs. Put them together and it’s a recruiting frenzy.
• Ripple is recruiting security engineers. So is kraken. Circle wants someone who can assess the risks of third-party providers. Even a16z Crypto is hiring a security specialist to “harden” the business, including implementing “automated security detection and response capabilities across our entire infrastructure.”
• But the biggest shortcoming may be in decentralized networks, where responsibility for security is distributed. If it’s everyone’s problem, it’s nobody’s problem.
• The challenge is to stay ahead of hackers, who have plenty of resources and motivation to attack blockchain networks that move ever-increasing amounts of digital assets.

It is a security arms race. The protocols are generally open source, which means anyone can spot vulnerabilities. The community aspect of crypto projects leaves them open to social engineering. The challenge is to fix these vulnerabilities faster than they are exploited. Bad actors “learned to take advantage of bugs in code,” Callahan said. Sutton actually said he robs banks because he enjoys it. It’s time for crypto to spoil the hacker fun.

—Benjamin Pimentel (E-mail | Twitter)

A MESSAGE FROM PwC

Mergers and acquisitions and workforce reorganization can create a wealth of opportunities for companies seeking rapid growth, transformation and market expansion. In fact, 47% of executives say continued business mergers and acquisitions, joint ventures, and alliances are their top growth drivers in 2022. Unfortunately, nearly half of executives say acquisition and Talent retention is the biggest hurdle.

Learn more

on the money

On protocol: Senator Elizabeth Warren, along with Representatives Katie Porter and Brad Sherman, accused TurboTax of defrauding consumers in a letter to the company, saying more tax filing services should be free.

Manchester City’s club chips, like many others, are proving disappointing. Reviews to pretend that fan tokens have little tangible benefit for fans, so people get tired of them pretty quickly.

DiDi is moving forward with its delisting plans in the United States. The Chinese carpooling giant has schedule a meeting of shareholders for May 23 to vote in favor of delisting from the New York Stock Exchange. The company, which has come under fire from Chinese regulators, said it would not apply to be listed on any other stock exchange before delisting.

Bank of America is increasingly going digital. The bank’s first-quarter earnings call showed that about 53% of its consumer sales came from digital channelsamounting to $1.7 billion, an increase of 4% compared to a year ago.

Andreessen Horowitz formalizes its Start program. Founders of startups in six categories can now apply for the program, with partners across multiple verticals, including fintech.