BLOCKCHAIN HACKING

As hundreds of millions of dollars were siphoned off the cryptocurrency exchange hours after it declared bankruptcy, the collapse of FTX, already one of the most spectacular financial disasters in history, got worse.

2022 was on pace to be the worst year ever for money lost to hackers and exploits, according to Chainalysis. As of the last count, $3 billion had been taken. Every day brings news of a new hack involving 100s of millions of dollars in the blockchain industry.

However, when it occurs, thousands of users lose a significant portion of their savings, and protocols (or cryptocurrency as a whole), lose some of their trust.

2022 cyberattacks and frauds have severely hurt cryptocurrency investors. The fact that fraudsters have discovered a particularly practical way to access them — bridges — is one explanation.

Part of bridge vulnerability can be attributed to sloppy engineering.

For instance, the low number of validators needed for transaction approval made the hack on Harmony’s Horizon bridge conceivable. Only two out of a total of five accounts had to be compromised for hackers to gain the passwords required for fund withdrawals.

The same thing happened to Ronin. To unlock the crypto that was locked inside the system, hackers only needed to persuade five out of the nine validators on the network to hand over their private keys.

In Nomad’s situation, it was considerably easier for hackers to manipulate the bridge. Attackers may input any value and subsequently extract money from the system, even if there weren’t enough assets deposited in the bridge. They didn’t require any programming knowledge, and as a result of their success, many copycats joined in, resulting in the eighth-largest crypto heist in history, according to Elliptic.

With DeFi, rather than having centralized parties handle all financial transactions, programmable computer code known as smart contracts do the heavy lifting. This contract executes when certain criteria are met and is recorded on a public blockchain like ethereum or solana, eliminating the need for a central mediator.

Developers will need to make blockchains interoperable as the DeFi market continues to develop in order to guarantee that assets and data may move freely between networks.

• In spite of everything, hacking has certain positives. New approaches to a problem are developed by people, who then market them.
• The concept receives support from the market. (Whether they purchase or not, whether the product performs as expected…)
• Given the market’s reaction, a new idea that builds on the original is discovered.

Every technology suffers from this, and web3 is no different. The first year of Bitcoin’s existence did not see the implementation of all protocols, payments, decentralized games, DEFI, security, and so on.

Instead, they were introduced gradually.

Part 2 of this Scheme is where hacking is located. Some “bad actors” in the market might abuse or hack the system to their advantage, however in part 3 additional safeguards are established for these hacks/abuses, some of which might be used beyond the parameters of the concept.

And this is true for many new technologies that were developed as a result of hacking, like ZK-knowledge, decentralization, and several others.

Web2 was also incredibly unsafe

Web2 was initially extremely unsafe, with hacks being both widespread and easily exploitable (at least if you had the required tools).

These days, anyone, even a teenager, with a little technical know-how, may ruin a website.

Web2 hacks continue to occur, but their frequency and severity have significantly decreased in relation to the overall number of websites.

More secure than ever, the internet. It was actually pretty simple to “hack” a website 10–15 years ago:

• Before 2015, you had to pay a monthly subscription to use HTTPS on your website, thus intercepting communications and obtaining passwords was simple. This was because the HTTPS protocol, which encrypts communications, wasn’t that widely used.
• Instead of using safe frameworks created by experts with more experience than they do, users built software on their own. (Consider modifying the ERC20 open-zeppelin library in order to deploy a token.)
• A significant number of code lessons were flawed, and the majority of developers weren’t even aware of basic security holes (such SQL injections, XSS, and so forth).

This is no longer the truth, as any (real) institution or online course will educate you on how to prevent these blunders.

In order to grasp web2 security, hackers must aim for a higher entry level.

The same will apply to Web 3. Initially, “simple hacks” (such as the absence of onlyOwner or an integer overrun) were quite profitable.

However, it won’t be a problem because developers are becoming more and more aware of the various pitfalls they can encounter.

Additionally, security-enhancing technologies like compilers that alert you or generate an error in the event of integer overflow and initialized pointers may become available. As a result, since Solidity 0.8.0, these weaknesses are virtually impossible to exploit.

Hacks improve DEFI’s security and assist in identifying new, more effective ways to address issues.

Here is what blockchain hacking/auditing might look like in five or ten years:

Smart contract audits will necessitate the use of more specific skills (such as mathematics, cryptography, and EVM). (Especially as ZK knowledge becomes more accessible)

Fortunately, there is yet hope. When it comes to code auditing, network activity monitoring, and establishing definite attack response strategies when an exploit does happen, protocols may step up their game. Years like these may no longer exist if the industry pays attention and implements these protections.

Closing Notes

Since Solidity 0.8.0, owing to the compiler and the efforts of developers, it is already practically difficult to exploit integer overflow and uninitialized references. Simple flaws (such reentrancy and tx.origin) will essentially vanish.

While some auditing solutions (like web2) may perform better than others, they cannot completely replace hand audits (even if an AI like chat GPT is involved)

A worrying flurry of attacks and exploits have plagued the crypto industry over the last 12 months. Too many have occurred for anyone to keep count; urgent action is required.

New to trading? Try crypto trading bots or copy trading on best crypto exchanges