When Blockchain Companies Get Hacked

Blockchain and cryptocurrency based products are everywhere right now, every time you turn on the news, there’s a fresh piece about expensive artwork being sold or Elon Musk buying and selling massive amounts. Some countries have adopted it as their national currency, whilst it is still regarded as a fad, a booming industry waiting for the bust in other quarters.

The latter certainly doesn’t appear to be true; blockchain permeates every aspect of popular culture. We can see that from the value of NFTs and digital assets that the technology backs. For instance, the artist PAK raised more than $91m with his artwork The Merge, the single-most expensive art release from a living creator. Then there’s the popularity of Socios fan tokens, which saw soccer team AC Milan generate $6m of revenue with their sale. Fan tokens are digital assets owned by sports team supporters, offering them access to benefits such as unique content and voting rights on certain topics. These are two examples of crypto, blockchain and digital assets at work in the real world, where the sums of money involved are eye-watering, to say the least.

Both fan tokens and NFTs rely on one solid principle; that blockchain is safe. That’s why online casinos have started taking crypto as payment and why it is heralded as the future. We hear soundbites such as ‘100% secure’ and ‘cut out the middleman’ and see blockchain as a secure payment process, unlike anything that has gone before. Sadly, that’s not entirely true.

Last month, over $600m worth of Ethereum was stolen from Ronin Network. Reports vary from $615m to $625m, but remarkably nobody noticed the theft for six days. The hacker’s crypto wallet is even available to view on Etherscan, much like someone robbing a bank and then putting a live feed of the loot online for everyone to see. It transpires that the hackers gained control of five of the nine validator nodes on the network required to validate a transaction.

There is some sympathy with the company, but not so much from gamers. Ronin operates Axie Infinity, a pay-to-play game that has been described as exploitative in the past, given that users have to buy three axes to play, with the minimum cost being $80 each. If it were a one-off hack, there could be a Robin Hood-style reason, but it’s not. The truth is blockchain is hackable, and it’s happening more and more.

In 2019, trading platform Crypto.com lost $34m of currency, comprising Ethereum and Bitcoin, from across 483 user wallets. Hackers were able to access accounts that didn’t need two-factor authentication and initiate the theft. That followed a hack at Coinbase, where an attacker had commandeered half of their processing power and used it to rewrite transaction history, facilitating double spends, where crypto can be spent twice. Coinbase claims no funds were stolen, but another exchange, Gate.io, admitted they had been stung for around $200,000. Oddly, the hacker returned half of the money a day later. Even the OpenSea platform has fallen foul of hackers in the past.

Hackers have stolen more than $3bn from blockchain companies since the start of 2017, and the Ronin Network hack is just the latest in a string of problems that the industry is keen not to highlight. The weakness seems to be the blockchain bridges, also known as network bridges. They are applications that allow users to move digital assets from one blockchain to another. In 2022, hackers stole about $80m worth of currency from Qubit Bridge in January and swiped $320m worth of crypto from Wormhole Bridge a couple of weeks later. Another $4.2m worth of crypto was taken from Meter.io Bridge just days later.

Whilst your fan tokens are safe at Socios, and many so-called traditional forms of blockchain are as safe as people make out, there are risks for companies. Cryptocurrency can be stolen, blockchain can be hacked, and the technology underpinning this modern-day gold rush is not infallible.

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience