Moody's offers a look at the blockchain, and some of the risks it presents.
Cryptocurrency sector vulnerabilities.
A report from Moody’s says that the cryptocurrency ecosystem’s vulnerability to cyberattacks is restricting the sector’s growth. Moody’s says this trend was most recently highlighted by the hacks sustained by FTX shortly after the exchange filed for Chapter 11 bankruptcy last week.
Blockchain-powered apps’ complexity.
Moody’s explains that applications built on the blockchain rely on a “tangle of technologies” that opens them up to attacks:
“The ecosystem relies on a series of technological layers, such as the user interface, smart contracts, the blockchain program and the hardware infrastructure. Each segment can be susceptible to vulnerabilities. In particular, smart contracts, programs running automatically when predetermined conditions are met, present novel challenges. Whereas bugs can remain hidden for a long time in conventional applications, hackers can easily identify flaws in a smart contract because their code is often open source. Their automated nature and ability to hold crypto assets also enable thieves to exploit logical errors to steal funds.”
More attacks targeting DeFi.
The researchers note that more attacks are now targeting decentralized finance (DeFi) companies compared to centralized finance (CeFi):
“Many reasons explain why hackers are focusing on DeFi. Some decentralized applications hold large sums of money, making them attractive targets for theft. As of 24 October, the total amount of funds deposited in DeFi protocols, also known as the total value locked, stood at $53 billion, according to research firm DefiLlama, up from $595 million at year-end 2019.”
“Moreover, the DeFi ecosystem is fragmented and comprises many startups, which sometimes rush to release products without conducting thorough security checks.”
“DeFi is also subject to specific vulnerabilities. Like other segments of digital finance, some DeFi smart contracts rely on oracles, systems retrieving and sending data from outside the blockchain. This data is susceptible to manipulation by hackers, a tactic known as an oracle attack.”
FTX fiasco highlights crypto risks.
CoinDesk describes a hack sustained by FTX several hours after the exchange filed for bankruptcy. Unknown hackers stole more than $600 million from FTX crypto wallets. FTX stated in its Telegram channel, “FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go on FTX site as it might download Trojans.”
WIRED outlines the efforts industry and law enforcement are taking to track the stolen funds. Michelle Lai, a cryptocurrency consultant, told WIRED that the thieves will likely be identified if they try to withdraw the funds, but it’s unlikely that they’ll be apprehended if they live in Russia or North Korea.
WIRED also describes suspicions that the theft may have been an inside job. Reuters reports that FTX’s CEO Sam Bankman-Fried had what’s been described as a “backdoor” that allowed him to quietly withdraw funds from the exchange. The story is still developing quickly, however, and there’s no hard evidence for these accusations.