What cryptocurrency teaches us about cybersecurity
Last year, criminals walked away with over US$3,8 billion in stolen cryptocurrencies, according to Chainalysis. Many think this demonstrates the sophistication of cybercriminals taking down seemingly impervious technologies. Yet, in reality they are using old tricks. The real takeaway is that vigilant employees and customers have never been more crucial.
Let’s briefly delve into how cryptocurrencies work. Take for instance blockchain, a technology protocol that hosts decentralised ledgers. Instead of one absolute authority maintaining a ledger of goods and transactions, blockchain distributes that authority among several constituents’ servers. Whenever a transaction alters the ledger, all those machines must approve and log the change.
As such, blockchain ledgers are immune to record fraud. Someone cannot alter a blockchain record without the approval of all the other ledger maintainers, so defrauding the blockchain record is technically impossible without multilateral collusion. In this aspect, cryptocurrencies and non-fungible tokens (NFTs) are very secure.
Then how do criminals walk away with billions, all reaped from blockchain ledgers? The answer is also why cybercrime remains a very big threat: human negligence.
Stealing cryptocurrency is relatively simple: hijack the currency owner’s login process, then make transfers. The ledger isn’t being defrauded, because the transfers are legitimate − as far as the system knows, it’s the right person behind those orders.
Financial experts know a proxy to this: if someone withdraws funds using your stolen bank card and pin code, the bank rarely assumes full responsibility. It was the customer’s job to look after their card and pin. A bank can do only so much. So can a blockchain ledger. While both parties might try to help recover the stolen funds, the failure sits with the customer, hoodwinked by motivated criminals who deploy con-artistry and forgery.
Whether someone steals from a bank customer or a crypto exchange, the methods are often the same: exploit someone’s lack of vigilance. They might clone your card, send a fake invoice, or steal your crypto wallet’s login details: there’s little difference in the underlying tactics. In all cases, someone dropped their guard, and the criminals pounced. They might choose their target or take a random opportunity. Our digital world simply makes their efforts easier and faster.
Yet, that means we comprehend this lesson. We don’t leave our cards lying around and share our pin codes. We practise vigilance. If we did the same for cybersecurity, the online world would be a much safer place. Cryptocurrencies show us that while the technologies are new, the risks and loopholes remain the same. Cybercrime is often just crime in another jacket, and we shouldn’t treat it as something exotic.
Cybersecurity is not rocket science. Yes, it can be complicated, requiring skills and resources. But personal vigilance is the most effective countermeasure. That rule hasn’t changed in the digital era. This is the lesson from cryptocurrencies: the targets may be new, but the crimes are not. And we need to reinforce what we already know.
How do criminals walk away with billions from blockchain ledgers? Human negligence
