Since the earliest days of cryptocurrencies, security has been a pervasive issue casting a shadow over the sector. Even as development in other areas has reached a breakneck pace over recent years, hackers and fraudsters continue to create havoc for users.
Before December was even halfway through, not one but two major exchange hacks came to light. On December 5, Bitmart was targeted, with hackers making off with around $200 million worth of Binance Smart Chain and Ethereum-based tokens from the exchange’s hot wallets. Only a week later, AscendEx (formerly BitMax) became the next victim, as thieves took a total of over $77 million from three wallets containing assets issued on the Ethereum, BSC, and Polygon blockchains.
Exchanges have long been honeypots for fraudsters simply because a hacker can lift a large amount of funds by breaching a single wallet. However, the rapidly-evolving DeFi and broader Web3 ecosystems have now led to a proliferation of users chasing yields and hype with little regard for security. As a result, attackers are now finding new points of weakness to exploit.
Blockchain security firm Slowmist keeps a running tally of all hack incidents. While the earlier parts of the timeline are dominated by exchange and wallet attacks, the last year or so reads like a litany of disasters for DeFi and blockchain app users. The recent attack on BadgerDAO in early December resulted in the loss of $120 million.
Only weeks earlier, a governance attack on Curve Finance drained $30 million worth of tokens from users who had contributed liquidity to the stablecoin protocol Mochi. Other incidents cover NFT art collections and gaming apps. Regardless of the type of app or token – Web3 seems to be rich pickings for hackers.
Even where the protocols themselves may be technically sound, many so-called DeFi protocols aren’t necessarily that decentralized. In November, someone associated with lending platform bZx leaked the private keys used to control user funds, resulting in the loss of over $55 million.
Attitudes Need to Change
Veteran crypto users still trot out the old adage “not your keys, not your crypto” to underscore the importance of using self-custody and cold storage wallets. But this strategy is rooted in the old days of a “buy and hold” strategy for Bitcoin. It fails to consider the fact that there’s a flourishing ecosystem of apps that depends on users engaging via their tokens.
If the digital asset space is set to continue on its current stellar growth trajectory, then it needs next-generation security solutions to support the sector, providing individuals and enterprises alike with some assurance that their funds are safe, and increasing trust in the ecosystem.
However, one of the key challenges at the core of the security issue is identity. When building apps, developers can choose between decentralized pseudonymity or a centralized customer identification approach that involves collecting user data. Now, projects are beginning to tackle the issue using a different approach that achieves a more optimal balance between identity and privacy for improved blockchain security.
A Multi-Pronged Approach
Avarta is an authentication and identity protocol using multiple features to address the evolving security challenges of Web3 applications. Its first use case is a biometrically-security, multi-chain blockchain wallet that allows users to consolidate all cryptographic keys into a simple wallet that doesn’t use passwords or seed phrases. Instead, the person’s face is their private key to multiple blockchains.
By requiring users to authenticate, Avarta already removes a critical vulnerability in the blockchain ecosystem – anonymity, which allows hackers to enjoy the same unfettered access to DeFi and Web3 as legitimate actors.
For developers, this level of security is already an attractive feature, as hackers are unlikely to want to authenticate themselves in the first instance. However, Avarta is also developing an antibot feature that allows decentralized apps to filter out malicious bots seeking to drain liquidity. Many dApps already employ blockchain audit firms to review their code as a means of demonstrating their security credentials. Antibot features could easily become the next badge showing that an app is prepared to go the extra mile in the fight against attackers. Avarta’s patented solution has received seed funding backed by Prince Abdul Qawi of Brunei.
Building Blockchains for Security
Partisia Blockchain is another example of a project flying the flag for holistic blockchain security. It’s public blockchain based on multiparty computation, a protocol that encrypts and distributes computational processes so that no single entity can view the portions assigned to anyone else.
Partisia Blockchain was founded by Partisia, a company selling commercial-grade MPC software solutions to global enterprises since 2008, and the first to successfully integrate the technology with a blockchain. The platform aims to establish a Web 3.0 infrastructure with no single point of trust for generic coordination of public and private information to be used by all applications across all platforms.
Effectively, it acts as a single passport for all of Web3, securing user data and transactions to balance privacy against safety. Partisia is developed by industry-leading cryptographers and backed by investors including Ausvic Capital, P2P.org, and Kosmos.
Digital asset security will always be a game of cat and mouse. However, as the industry advances, it’s important that awareness and attitudes to security become more sophisticated and that users and developers alike adopt the most up-to-date and advanced solutions in the fight against cybercrimes.