Crypto losses to bad actors have significantly increased in the last two years, but cybersecurity experts believe there is no cause for concern, as most new tech is exploited during the early days of its use.
According to blockchain security firm CertiK’s annual Web3 security report for 2022, malicious actors drained over $3.7 billion in value from Web3 protocols last year, representing a 189% increase over the $1.8 billion lost in 2021.
CertiK’s report for the first quarter of 2023 also revealed that hackers accessed over $320 million in the first three months of the year.
Kang Li, the chief security officer at CertiK, told Cointelegraph that new technology is often a target for exploitation and the crypto industry is just the latest to suffer from its own success.
“As new technologies emerge, they often become targets for malicious activities, simply because they present new vulnerabilities and possibilities for exploitation,” Li said.
“This has been seen throughout history, from the early days of the internet to the rise of email and, more recently, with the advent of blockchain and cryptocurrency,” he added.
According to Li, because the industry is still relatively new and rapidly evolving, some players are more focused on growth and innovation than on security, making them vulnerable to attacks and potentially contributing to the large number of losses recorded.
Data gathering platform Statista predicts that the crypto industry, which has seen massive growth since 2017, will keep expanding, with revenue projected to reach $64.87 billion and total global users expected to hit 994 million by 2027.
Li says this rapid rise in users and revenue, combined with some of the industry’s innovations, could also contribute to protocols being exploited.
“Blockchain technology and the smart contracts that underpin many cryptocurrencies are highly complex; this complexity can create security vulnerabilities that skilled hackers can exploit,” he said, adding, “Cryptocurrencies also hold real value and can be exchanged for traditional currency in many places around the world; this makes them an attractive target for hackers who can transfer and potentially liquidate stolen cryptocurrencies quickly.”
In the long run, Li says, as security around the crypto space improves and Web3 matures, we will see a decrease in successful hacks, exploits and scams.
However, he thinks it will always be a continuous battle between bad actors and blockchain security experts as they both fight to achieve their goals in an ever-changing industry.
Recent: Debunking the myth: Cryptocurrency is used for criminal activity
“It’s essential to note that while hacks and exploits pose serious risks, they should not deter us from appreciating the enormous potential and innovative capabilities of blockchain and cryptocurrency technology,” Li said.
“Rather than a cause for retreat, they should serve as a clarion call for us to redouble our efforts to ensure that these transformative technologies can be used securely and responsibly.”
Artificial intelligence could be next
Artificial intelligence (AI) has become a hot topic in the last year, with some pointing out its potential implications for the workforce, while others, including tech entrepreneur Elon Musk, advise caution around its development.
Li believes it’s likely that as AI becomes more widely used, it will experience its own security issues, just like Web3 and other forms of transformative technology.
According to Li, as AI becomes more ingrained in our daily lives, especially in security-sensitive areas such as autonomous vehicles or financial systems, the potential for hacks, exploits and scams will likely increase.
Recent: EU legislators call for ‘safe’ AI as Google’s CEO cautions on rapid development
“AI systems can be exploited in several ways, from manipulating machine learning algorithms to data poisoning and adversarial attacks,” he said.
“There are also discussions happening around sensitive data leaking out of large language models, as humans interact and share information with AI chat platforms like ChatGPT,” he added.
Omer Greisman, head of security services at blockchain cybersecurity firm OpenZeppelin, told Cointelegraph that it’s still early to judge if bad actors will flock to exploit AI.
He says there is no immediate financial incentive at this stage, with most malicious activity focused on direct financial gain and no clear payoff yet for exploiting an AI.
“However, certain AI capabilities may facilitate a more sophisticated suite of attack vectors,” Greisman said.
“It’s also true that machine learning can be leveraged by security…
cointelegraph.com