Reflecting On The Biggest Crypto Hack Ever
The gaming and crypto worlds have reacted strongly to the news of a major attack that cost one crypto-gaming network upwards of $625 million in assets. The Ronin hack is among the largest crypto heists in history and when the dust settles, the incident may wear that crown alone. The story of this crypto-gaming company holds valid lessons for any organization that is watching.
Big Pity for Crypto
Crypto is known to the masses as an investment vehicle and to some it is known as a payment source for scams and hacks. Since the beginning, crypto has provided a fascinating ride, but bad actors have inevitably been there all along. Along the way, they ruined some parties.
As it stands, the yearly damage for crypto theft and fraud activity worldwide is estimated at over $10 billion per year (and growing). These statistics have created doubt over secured capabilities in the cryptocurrency industry. The Ronin hack holds clues to that uncertain crypto future.
Breaking Down the Heist
Parties behind the Ronin network reported that validator nodes were subverted using hacked private keys, later leveraged to forge crypto withdrawals. These nodes bridged into a popular game known as “Axie Infinity” – notable for its thorough NFT and crypto monetization. The attackers were able to exploit a back door within a node that was part of the network’s validation protections. With unfettered access, the attackers were able to withdraw 173,600 ether and 25.5 million in USDC. Now, the network must hope that government law enforcement agencies can assist in recovering the stolen assets.
Shortcuts and Bad Decisions
Sky Mavis, the company behind the Axie Infinity game shared that the attack was possible in part because “immense user load” drove the company to take a self-described “shortcut”. Let’s be clear. This looks like a bad decision that lost sight of the risks. Fixing this specific flaw might be a minor technical affair, but the company must now release a substantial plan that addresses how they technically and philosophically plan to prevent this sort of issue from happening again. In this matter again and again, assets became liabilities, and they were blind to recognizing when that transition occurred.
If risks continue to be treated this way, by anyone, flawed decisions will continue to be a costly problem. The currency at risk can consist of data, crypto, passwords, cash transactions, or anything you would seemingly want to protect and provide. Let us run down specifics on why this is a growing problem for organizations that rely on crypto assets.
1. Cyber liability insurance – It will not cover all your losses. As a matter of fact, the entire cyber insurance industry is being reborn with skyrocketing premiums as it evolves to adapt to heightened threats, ransom amounts, and costs.
- Activity surge – Billions of crypto assets are stolen each year. Reports indicate that the figure is in the tens of billions and growing. Many parties are engaged in these activities, including North Korea which boasted of its $1.7 B of stolen crypto in 2021.
- Crypto nature – Crypto happens to be the medium of choice for online crime in part because it is difficult to trace, has no central controlling authority, yet is accessible throughout the world. It is also difficult for law enforcement to recover.
- The Private Key is GOLD – The possessor of a cryptocurrency account private key wields total and exclusive control. Stealing a private key is like theft of any other traditional piece of info. Scammers will use any means at their disposal to gain access, including Social Engineering, email scams, phishing, and more.
Safe Crypto for Us
On a personal level, it makes sense to protect your assets using multi-factor authentication (MFA) for sensitive accounts and integrating your notifications correctly. Any major activities surrounding your account should be tracked, and they should alert you. You should also:
- Protect your secret keys well – this means using strong passwords, combined with MFA. Never share your keys.
- Avoid public networks and Wi-Fi – Keep your transactions on secured and trusted networks only.
- Strong, unique passwords – Do not use MFA alone, or combined with weak passwords. Never share it.
- Keep your crypto secure – Use crypto hardware wallets and never store it on virtual storage.
- Make sure your apps and exchanges are secure – If you’re using mobile, review and validate every app and crypto exchange you use for security features and reputation.
Safe Crypto for Business
When protected by constant security measures, cryptocurrency in the enterprise can be a safe and viable business feature that can be implemented in exchanges, consumer and business transactions, in application features, building a marketplace and more.
This should not be a surprise, but it turns out that cryptocurrency security is no different than IT security, making it very secure when implemented correctly. At its core, cryptocurrency relies on the blockchain – by design, it features changes and updates that are immutable, publicly distributed, made in multiple copies, and continually validated by means of encrypted key transactions along every step.
Blockchain alone is great – but when it comes to business, you need reassurances, and you need awareness. These are fundamental components of comprehensive security, which is the way to go in protecting crypto in the enterprise.
Protecting crypto systems in the enterprise depends on ensuring the base platform is fully safe and secure with a comprehensive security approach. After all, not all platforms are equal. You then must make sure that the security state stays that way, assuring that the internals of your crypto foundation are continuously known. If anything goes wrong or changes, you should know immediately, leading you to another critical lynchpin in comprehensive security – monitoring systems.
We all expect these sorts of protections to financial transactions. It makes sense for crypto as well, even in a game.