Couldn’t you attend Transform 2022? View all Summits right now in our on-demand library! See here.
Last month, hackers stole nearly $100 million in cryptocurrency from the Harmony blockchain bridge. This looks like another wave of recent hurricanes that started about a year ago. In August 2021, DeFi Poly Network was breached with $600 million robbed from user accounts. Then, in February 2022, hackers stole $320 million from users of the crypto trading firm Wormhole. This was followed by another breach in March when hackers took advantage of the crypto payment system Ronin Network to earn nearly $600 million in crypto from an online gaming company.
For less sophisticated users, it may seem that blockchain technology is insecure, which is not necessarily true. For example, some “core” blockchain code such as bitcoin can still be trusted because it is based on strong cryptography and has been scrutinized by millions of users, including hackers, over the years. But new technology like Harmony must be in beta testing for months or years before it can be considered safe.
It’s unbelievable how people trust unverified code without even checking their money. Traditional financial and payment software undergoes extreme testing and regulatory compliance certifications before going into production, yet security incidents are still there. But crypto software is not regulated, so no testing requirements or certifications exist.
New Crypto Fintech Era
It seems that crypto fintech is going through the same saga as that experienced by the payment card industry during the 2000s and 2010s. During that time, card data breaches were unfolding daily, exposing millions of records of cardholders’ sensitive information. In many cases, hackers sold data on the darknet to other criminal gangs for further “monetization”. Those secondary groups specialize in creating counterfeit plastic cards using stolen cardholder information and redeeming them by online or in-store purchases.
The payment card industry cracked down on those security issues by creating the Payment Card Industry Security Standard (PCI DSS) and forcing players such as merchants, banks and payment processors to comply with the rules. Another strong measure to fight payment card fraud was the implementation of new payment security technologies such as point-to-point encryption, chip and PIN (smart cards), and secure online payment processors such as PayPal.
Crypto fintech does not yet have all those security standards and technologies. Coins and tokens are bare and unprotected like plastic payment cards with magnetic stripe account numbers embossed on them. Note: Such cards still exist, but are more secure today. It took years for the payment card industry to realize that an existential threat must be addressed. The latest mega crypto breaches indicate that the blockchain industry needs to recognize this and start learning from the lessons of its predecessor. And users should be careful and think twice before trusting their money to adventurous technology.
Slava Gomzin is the Director of Payments and Cyber Security at Toshiba Global Commerce Solutions and an expert in blockchain technology. He is the author of Crypto Basics, hacking point of sale And bitcoin for non-mathematicians, He is also the co-founder of Lyra Blockchain.
data decision maker
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovations.
Join us at DataDecisionMakers if you want to read about cutting-edge ideas and up-to-date information, best practices and the future of data and data technology.
You might even consider contributing an article of your own!
Read more from DataDecisionMakers