It is every cryptocurrency project’s nightmare: Well-resourced hackers — perhaps backed by a rogue state such as North Korea — strike out of nowhere, dismantling cyberdefenses and making off with millions of dollars in customer funds.
Many crypto outfits have been permanently damaged this way. Yet across the industry, start-ups strapped for cash after a prolonged funding drought have cut security spending even as soaring digital-asset prices tempt hackers, firms that sift through code for weaknesses have found.
That leaves the cryptosphere vulnerable as the number of exploits targeting the industry skyrockets, undermining efforts to establish it as a viable alternative to traditional finance. In particular, hackers linked to North Korea, among the most sophisticated in the business, are showing no signs of letting up.
“The only way to stop exploits is to stop them from happening in the first place. That means hardening cyberdefenses,” said Ari Redbord, global head of policy at TRM Labs, which uses blockchain forensics to track crypto crimes.
Hacks and scams cost the crypto industry an estimated US$1.8 billion last year, down about 50 percent from 2022, said Immunefi, which runs a platform where companies offer bounties to those who locate and flag security flaws in their software.
A drop in the very biggest heists, such as the roughly US$600 million one related to blockchain game Axie Infinity two years ago, explains why the total value fell, but the number of incidents almost doubled, to 319, Immunefi said.
Lazarus Group, associated with North Korea, accounted for nearly one-fifth of total losses, Immunefi data showed.
A separate report from Chainalysis Inc in January showed that the number of North Korea-linked crypto hacks jumped to a record last year.
Crypto thieves have stalked the industry almost since its inception. In what remains perhaps the most famous incident to date, Japan-based Bitcoin exchange Mt. Gox was struck in 2011. Over time, the hackers made off with tokens worth billions of dollars based on the current market price.
Mt.Gox eventually went bankrupt and its users have yet to recover their losses.
As the number of blockchains and projects built upon them multiplied over the following years, so did the target surface area for hackers. Exploits mushroomed, creating a lucrative niche for security firms and “white-hat” hackers who earn bounties reaching into the millions of dollars for uncovering crypto vulnerabilities.
“When you have a really big incident, when you lose customer funds — you are either well funded enough that you or your investors can bail out your customers, or you don’t reimburse your users,” said Oliver Horr, director of operations at security firm Hats Finance. “Obviously if you don’t reimburse them, your product is dead, but both outcomes are pretty devastating.”
Despite the stakes, many firms find themselves having to make tough choices. While there is not any data tracking code-auditing spending by crypto firms, executives at outfits that provide such services say demand has cooled.
Even after the cost of a typical crypto audit dropped roughly 50 percent since 2022 to about US$20,000 per week, “projects are still unable to afford that,” said Hind Kurhan, who in September founded security auditing firm Thesis Defense and aims to establish an industry standard for audits.
At crypto-auditing start-up Halborn, “inbound interest” dropped 60 percent last year, CEO Robert Behnke said.
Rates for auditing a type of smart contract built on the Ethereum blockchain fell as much as 20 percent, he said.
Diligence, the auditing arm of ConsenSys, has seen the waiting time for its security screenings shrink.
Some companies are forgoing labor-intensive manual code audits in favor of using less-precise automated tools to scan for weaknesses, security experts say.
To be sure, audits are no guarantee that cyber defenses will hold.
Euler Finance, a decentralized lending protocol, was drained of almost US$200 million in cryptocurrencies by hackers in March last year, even after being audited “at great expense,” founder Michael Bentley said.
North Korea in particular poses a formidable threat to the industry.
The UN Security Council’s Panel of Experts said in a report this month that it is investigating 58 suspected cyberattacks by North Korean leader Kim Jong-un’s regime on crypto-related companies that took place between 2017 and last year and were valued at about US$3 billion, which “reportedly help to fund the country’s development of weapons of mass destruction.”
North Korean hacks were 10 times as damaging as those linked to other thieves, TRM said in a January report.
In June alone, Lazarus was responsible for high-profile heists targeting crypto companies Alphapo, CoinsPaid and Atomic Wallet, the FBI said.
“Over the last few years we have seen North Korea attack crypto projects at alarming speed and scale,” Redbord said. “It is absolutely critical that if you are building today in the crypto space — centralized or decentralized — that cybersecurity is foundational infrastructure.”
US PROBE: The Information reported that the US Department of Commerce is investigating whether the firm made advanced chips for China’s Huawei Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), the world’s largest contract maker of advanced chips, yesterday said it is a law-abiding company, and is committed to complying with all applicable laws and regulations including export controls. The Hsinchu-based chip giant issued the statement after US news Web site The Information ran a story saying that the US Department of Commerce has launched a probe into TSMC over whether it breached export rules by making smartphone or artificial intelligence (AI) chips for China’s Huawei Technologies Co (華為). “We maintain a robust and comprehensive export system for monitoring and ensuring compliance,” the statement said. “If we
REGIONAL COMPETITION: Over the past few years the Philippines has lost ground to neighbors such as Vietnam, Indonesia and Malaysia, a Philippine official said The Philippines is trying to enlist Taiwanese chip giants to expand in semiconductors, a bid to catch up with its neighbors who are emerging as significant suppliers in the industry. Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) and United Microelectronics Corp (UMC, 聯電) are among companies the Philippines is reaching out to as it seeks equipment and expertise to build out chip fabrication operations, said Dan Lachica, head of the Southeast Asian country’s main electronics industry group, the Semiconductor and Electronics Industries in the Philippines Foundation Inc (SEIPI). The association is working with Philippine officials in Taiwan to talk with potential
DEMAND FOR AI CHIPS: Net income in the third quarter surged 31.2% quarter-on-quarter to NT$325.26 billion, the strongest quarterly return in the company’s history Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), the world’s biggest contract chipmaker, yesterday raised its revenue forecast to annual growth of 30 percent this year, thanks to strong and sustainable demand for artificial intelligence (AI) processors for servers. It was the second upward adjustment from 25 percent year-on-year growth estimated three months ago, despite recent concerns about whether the AI boom could be another technology bubble. “The demand is real. It’s real. And I believe it is just the beginning of this demand. Alright, so one of my key customers said the demand right now is ‘insane,’” TSMC chairman and chief executive C.C.
Starbucks Corp might have the more recognizable name, but 7-Eleven’s City Cafe remains the king of Taiwan’s fresh coffee market, helped by the convenience store chain’s extensive market presence and product diversification. President Chain Store Corp (PCSC, 統一超商), which runs both the 7-Eleven and Starbucks store chains in Taiwan, established the City Cafe brand in 2004. The brand took off when actress Gwei Lun-mei (桂綸鎂) became its spokesperson in 2007. City Cafe’s sales exceeded NT$10 billion (US$311.69 million) for the first time in 2015, surpassing the revenue of Starbucks Taiwan, and rose to more than NT$17 billion last year, exceeding the NT$14.98