Hacks or hacks remain one of the biggest scourges of the cryptocurrency sector, while the blockchain is supposed to be a secure technology.
$50, 150, $500 million… These dizzying numbers aren’t the capital letters of Web3’s latest nuggets. This is some of the most well-known hacks in the blockchain and cryptocurrency ecosystem. Among the best-known hacks are those of the Mt Gox exchange in 2014 (740,000 bitcoins) and the DAO in 2016 (60 million dollars).
Since then, the market has grown considerably, with the number of hacks running into the hundreds of millions. One of the newest is the one from Ronin Network, for about 600 million dollars! A question then arises: why are these hacks so common when blockchain technology is supposed to be the most secure in the world?
A determining factor: human error
Data theft, the most common hack
At the risk of repeating themselves, the main hacks resort to classic techniques that can be seen all over the internet. Phishing, identity theft or user naivety are the most common.
A wallet’s private key protects it from outside intruders…provided you protect the key. However, giving your private key to a hacker unknowingly or keeping it in the wrong place can make it extremely easy to empty a wallet. This technique does not require any technical knowledge and is very easy to perform.
In this case, neither the protocol nor the technology is to blame and the blockchain remains as secure as ever. However, security doesn’t stop us from being vigilant about the data we need to protect. It is mainly for this reason that private key storage services are on the rise.
Fraud, an addition to human error
It can happen that our private key is stolen without us having much to do with it. In this case, it’s not about the user, but about the protocol and even the wallet. When it’s the wallet, supposedly the ultimate security, that’s being hit, it’s tempting to blame the technology for the hack. Again, this is human error.
For example, if you are using a MetaMask, you may have downloaded a pirated version without knowing it. Then your famous private key was not stored on a piece of paper, but via a file on your computer. It is also possible that you unknowingly participated in a scam and that the cryptos you sent are in the hands of a hacker.
So the scam is still due to human error. That’s why you should always keep an eye on the URL addresses of the websites you visit, don’t respond to a stranger on Discord or Telegram who offers you “technical support” and don’t fall into the trap of dizzying returns.
Again, the technology is not questioned. but sometimes there’s human error in the protocol itself, and that’s the most concerning.
A factor of concern: the lack of security of certain protocols
Exploitation of security vulnerabilities by hackers
This is of course also a human error. But this consists of the protocol design and is exploited by a hacker. The vulnerability is the scourge of fledgling protocols, who want to get started too quickly by neglecting certain aspects related to security.
Of course, these hacks require excellent computer knowledge, starting with a perfect understanding of the source code. Hackers can then discover errors, sometimes related to sending addresses, blocking transfers or even storing cryptocurrencies for centralized protocols. Hackers then find an entrance (back door) into the network due to a lack of security. Sometimes it can be a human upstream error, such as a weak administrator password.
By breaking into the protocol it is possible to modify it to your liking and transfer a significant amount of money before the attack is noticed and the error is closed. In general, these types of attacks only last a few minutes or even a few seconds. But this is enough to compromise a network.
It is difficult to arm ourselves against these kinds of attacks, because we do not have the protocol in question under control. Our advice therefore remains the same: keep your cryptos yourself as soon as possible and avoid protocols that seem dubious to you.
The blockchain, a technology that remains secure
The distinction may seem thin and complicated to identify to a neophyte. However, a security breach is not synonymous with a flaw in blockchain technology. For example, in the case of the bitcoin thefts in the Mt Gox case, the issue stemmed from a security breach on the Mt Gox platform. Here, as with all Bitcoin related hacks, the origin of human negligence came from a Bitcoin related platform or protocol. But the Bitcoin blockchain was never the problem. Since its existence, it has never been faulted and is still considered to be the safest and most secure blockchain thanks in particular to its Proof of Work consensus.
For the other protocols, which mainly use proof of stake (Proof of Stake, PoS), the distinction is even thinner. The security breach could directly affect the protocol and the hack could endanger the entire network. But even in this case, the technology is not up for discussion. It is indeed a negligence in making the protocol. PoS blockchains are not secured by computing power like Bitcoin, but by validators that immobilize the tokens of the respective blockchain. It is technically easier to break into these protocols, which therefore have to be extra vigilant in terms of security.
For example, in the Ronin Network case mentioned above, there were only 9 validators. Which is clearly not enough. The cause is therefore not the Ethereum architecture, which is used by Ronin, but precisely the security of the Ronin protocol. In other words, the security of a technology depends on how it is used. The more human intervention there is, the more this security can be compromised. This is why Bitcoin is the most secure protocol as it requires the least human intervention.