Discover Geeks Academy’s articles on: Blockchain, Coding, Cybersecurity, Cloud, Big Data, Artificial Intelligence, Gaming, Digital Innovation
Over the past twenty years, the Web has evolved and its use has grown exponentially. As the number of users increases, so do the threats. The Internet has improved, as cyber attacks did: from malware to trojans to the timeless phishing scam, the methods are more or less still the same. If once it was a single individual who had to orchestrate and commit the crime, nowadays we talk about cyber-gangs, specialized and organized in various types of cyber hacks. One of the most affected technologies in recent years is the blockchain, indeed. According to an Elliptic report, Defi and the whole crypto market suffered losses of over $12 billion in 2020 and 2021, of which more than $10 billion were stolen over the past year. However, some of the thefts occur more due to negligence and oversight of the developers than to criminals’ acumen. Unfortunately, 2022 has also started under the sign of hacks and scams.
Crypto.com
Crypto.com is a cryptocurrency exchange platform. The company, based in Singapore, was founded in June 2016 and, thanks to large marketing campaigns, is today one of the leading exchanges in the world. The list of collaborations and partnerships is extensive: FIFA official sponsor for the Qatar 2022 world cup, in addition to sponsorship agreements for the Formula 1 circuit and the MMA UFC promotion; also, the acquisition of the rights to the Staples Center Arena (now Crypto.com Arena), home of the Los Angeles Lakers, and Matt Damon as brand ambassador. Crypto.com's resume is clearly strong. It is not surprising that it has become a fundamental hub for small and large investors from all over the world.
2FA authentication
At the beginning of 2022, Crypto.com mentioned an "incident" which occurred on the platform but reassured that users' funds were safe. A few days later, the company published further details, actually revealing that the aforementioned incident was a hack: apparently the scammer managed to bypass the users’ 2FA (two-factor authentication), thus being able to make unauthorized withdrawals. Rumors confirmed losses worth $15 million; unfortunately, the amount was much higher. The malicious user stole 4,836.26 ETH (about $15 million, at the time of the theft), 443.93 BTC (around $18 million) and $66,200 in other currencies. As stated by Crypto.com, in some cases they have managed to block unauthorized withdrawals - by temporarily restricting the use of withdrawals, resetting the 2FA tokens and suggesting users to log out - however, in many other cases, the company was forced to reimburse every user damaged by the cyber attack.
Following the theft, Crypto.com complains about 2FA’s weak security and announces an initiative, the Worldwide Account Protection Program. The company will support any user losses, caused by hacks or bugs, for a value up to $250,000. Eligible users must have followed all the security best practices recommended by the platform (2FA, anti-phishing code, etc.).
Coinbase
Coinbase is an exchange platform originally based in San Francisco, California. It was founded in 2012 by Brian Armstrong and Fred Ehrsam, respectively former AirBnB engineer and former Goldman Sachs trader. It is the most important exchange in the US by trading volumes. In 2020, during the COVID-19 pandemic, it officially turned into a remote company, a company that no longer formally recognizes physical headquarters, becoming effectively a distributed company. Furthermore, it officially became a public company in 2021, a company listed in stock exchanges.
Coinbase bug bounty
Fortunately, the Coinbase case has a happy ending. In February 2022, a security engineer identified a bug on the platform that would have allowed expert users to trade cryptocurrencies not owned in their digital wallet. Initially, the user believed that it was a UI issue but, by testing it, he realized that the problem was indeed much more serious: due to a missing logic validation check in the API endpoint, the IT engineer was able to sell 0.243 ETH as 0.243 BTC (extremely higher-value). The user immediately disclosed the issue to Coinbase, which verified and fixed the bug within a few hours. Thanks to the prompt intervention of this security engineer, Coinbase avoided the potential loss of the total platform funds. Thus, the company has rewarded the user with its bug bounty, a $250,000 prize for those able to identify flaws not yet detected by the platform itself.
Cybersecurity threats
Cybersecurity sector has been constantly growing lately. Everyday cyber attacks are on the agenda. The latest researches present worrying statistics indeed:
- 94% of malwares is delivered via email.
- 85% of cybersecurity breaches are caused by human errors.
- A ransomware attack occurs every 10 seconds.
- Cybercrime's annual global losses are expected to reach $10.5 trilion by 2025.
Also, blockchain’s use cases are endless, and understanding the way to make this technology even more efficient is just the beginning.
Don't live the future as a sidekick... be a superhero! Discover Geeks Academy’s training offer in Cybersecurity & Cloud and Blockchain & Coding:
Cybersecurity vs Blockchain is an in-depth series about the most trending hacks in recent history. Below a comprehensive list of the ones we have been talking about:
Sources:
https://cryptobriefing.com/elliptic-estimates-12b-lost-to-defi-exploits/
https://coinmarketcap.com/rankings/exchanges/
https://www.vice.com/en/article/g5qj9j/cryptocom-says-incident-was-actually-dollar30-million-hack
https://portswigger.net/daily-swig/jaw-dropping-coinbase-security-bug-allowed-users-to-steal-unlimited-cryptocurrency