It is every cryptocurrency project’s nightmare: Well-resourced hackers — perhaps backed by a rogue state such as North Korea — strike out of nowhere, dismantling cyberdefenses and making off with millions of dollars in customer funds.
Many crypto outfits have been permanently damaged this way. Yet across the industry, start-ups strapped for cash after a prolonged funding drought have cut security spending even as soaring digital-asset prices tempt hackers, firms that sift through code for weaknesses have found.
That leaves the cryptosphere vulnerable as the number of exploits targeting the industry skyrockets, undermining efforts to establish it as a viable alternative to traditional finance. In particular, hackers linked to North Korea, among the most sophisticated in the business, are showing no signs of letting up.
“The only way to stop exploits is to stop them from happening in the first place. That means hardening cyberdefenses,” said Ari Redbord, global head of policy at TRM Labs, which uses blockchain forensics to track crypto crimes.
Hacks and scams cost the crypto industry an estimated US$1.8 billion last year, down about 50 percent from 2022, said Immunefi, which runs a platform where companies offer bounties to those who locate and flag security flaws in their software.
A drop in the very biggest heists, such as the roughly US$600 million one related to blockchain game Axie Infinity two years ago, explains why the total value fell, but the number of incidents almost doubled, to 319, Immunefi said.
Lazarus Group, associated with North Korea, accounted for nearly one-fifth of total losses, Immunefi data showed.
A separate report from Chainalysis Inc in January showed that the number of North Korea-linked crypto hacks jumped to a record last year.
Crypto thieves have stalked the industry almost since its inception. In what remains perhaps the most famous incident to date, Japan-based Bitcoin exchange Mt. Gox was struck in 2011. Over time, the hackers made off with tokens worth billions of dollars based on the current market price.
Mt.Gox eventually went bankrupt and its users have yet to recover their losses.
As the number of blockchains and projects built upon them multiplied over the following years, so did the target surface area for hackers. Exploits mushroomed, creating a lucrative niche for security firms and “white-hat” hackers who earn bounties reaching into the millions of dollars for uncovering crypto vulnerabilities.
“When you have a really big incident, when you lose customer funds — you are either well funded enough that you or your investors can bail out your customers, or you don’t reimburse your users,” said Oliver Horr, director of operations at security firm Hats Finance. “Obviously if you don’t reimburse them, your product is dead, but both outcomes are pretty devastating.”
Despite the stakes, many firms find themselves having to make tough choices. While there is not any data tracking code-auditing spending by crypto firms, executives at outfits that provide such services say demand has cooled.
Even after the cost of a typical crypto audit dropped roughly 50 percent since 2022 to about US$20,000 per week, “projects are still unable to afford that,” said Hind Kurhan, who in September founded security auditing firm Thesis Defense and aims to establish an industry standard for audits.
At crypto-auditing start-up Halborn, “inbound interest” dropped 60 percent last year, CEO Robert Behnke said.
Rates for auditing a type of smart contract built on the Ethereum blockchain fell as much as 20 percent, he said.
Diligence, the auditing arm of ConsenSys, has seen the waiting time for its security screenings shrink.
Some companies are forgoing labor-intensive manual code audits in favor of using less-precise automated tools to scan for weaknesses, security experts say.
To be sure, audits are no guarantee that cyber defenses will hold.
Euler Finance, a decentralized lending protocol, was drained of almost US$200 million in cryptocurrencies by hackers in March last year, even after being audited “at great expense,” founder Michael Bentley said.
North Korea in particular poses a formidable threat to the industry.
The UN Security Council’s Panel of Experts said in a report this month that it is investigating 58 suspected cyberattacks by North Korean leader Kim Jong-un’s regime on crypto-related companies that took place between 2017 and last year and were valued at about US$3 billion, which “reportedly help to fund the country’s development of weapons of mass destruction.”
North Korean hacks were 10 times as damaging as those linked to other thieves, TRM said in a January report.
In June alone, Lazarus was responsible for high-profile heists targeting crypto companies Alphapo, CoinsPaid and Atomic Wallet, the FBI said.
“Over the last few years we have seen North Korea attack crypto projects at alarming speed and scale,” Redbord said. “It is absolutely critical that if you are building today in the crypto space — centralized or decentralized — that cybersecurity is foundational infrastructure.”
Taiwan’s exports soared 56 percent year-on-year to an all-time high of US$64.05 billion last month, propelled by surging global demand for artificial intelligence (AI), high-performance computing and cloud service infrastructure, the Ministry of Finance said yesterday. Department of Statistics Director-General Beatrice Tsai (蔡美娜) called the figure an unexpected upside surprise, citing a wave of technology orders from overseas customers alongside the usual year-end shopping season for technology products. Growth is likely to remain strong this month, she said, projecting a 40 percent to 45 percent expansion on an annual basis. The outperformance could prompt the Directorate-General of Budget, Accounting and
Two Chinese chipmakers are attracting strong retail investor demand, buoyed by industry peer Moore Threads Technology Co’s (摩爾線程) stellar debut. The retail portion of MetaX Integrated Circuits (Shanghai) Co’s (上海沐曦) upcoming initial public offering (IPO) was 2,986 times oversubscribed on Friday, according to a filing. Meanwhile, Beijing Onmicro Electronics Co (北京昂瑞微), which makes radio frequency chips, was 2,899 times oversubscribed on Friday, its filing showed. The bids coincided with Moore Threads’ trading debut, which surged 425 percent on Friday after raising 8 billion yuan (US$1.13 billion) on bets that the company could emerge as a viable local competitor to Nvidia
BARRIERS: Gudeng’s chairman said it was unlikely that the US could replicate Taiwan’s science parks in Arizona, given its strict immigration policies and cultural differences Gudeng Precision Industrial Co (家登), which supplies wafer pods to the world’s major semiconductor firms, yesterday said it is in no rush to set up production in the US due to high costs. The company supplies its customers through a warehouse in Arizona jointly operated by TSS Holdings Ltd (德鑫控股), a joint holding of Gudeng and 17 Taiwanese firms in the semiconductor supply chain, including specialty plastic compounds producer Nytex Composites Co (耐特) and automated material handling system supplier Symtek Automation Asia Co (迅得). While the company has long been exploring the feasibility of setting up production in the US to address
OPTION: Uber said it could provide higher pay for batch trips, if incentives for batching is not removed entirely, as the latter would force it to pass on the costs to consumers Uber Technologies Inc yesterday warned that proposed restrictions on batching orders and minimum wages could prompt a NT$20 delivery fee increase in Taiwan, as lower efficiency would drive up costs. Uber CEO Dara Khosrowshahi made the remarks yesterday during his visit to Taiwan. He is on a multileg trip to the region, which includes stops in South Korea and Japan. His visit coincided the release last month of the Ministry of Labor’s draft bill on the delivery sector, which aims to safeguard delivery workers’ rights and improve their welfare. The ministry set the minimum pay for local food delivery drivers at
RSS