Hackers Are Coming After Crypto Apps
We watched many heist movies like ‘The Killing’, ‘Ocean's Eleven’, or the ‘Fast and Furious’ series where horse-riders steal gold from moving trains, a team steals money from local banks, or a hacker gets access to a server to take control of elevators, traffic signals, or secure vaults. In the cyberworld, these situations happen every day. They are often more subtle than shown in movies, but they all revolve around stealing something immensely valuable from a person, an organization or a nation-state.
Recently, crypto’s asset value was USD1.4T, which is large enough to attract the attention of bad actors. In 2022 alone, hackers stole more than a billion dollars in cryptocurrency. Hackers often target decentralized finance platforms or new applications with weak security. It is after all software. Even after three decades, every Microsoft Windows major release has zero-day vulnerabilities. It is the nature of the game.
Crypto started with a promise of decentralization and security. Now, a decade into it, the crypto world feels less secure. What happened? A lot of this is attributable to great innovation within the last few years. The downside to this rapid innovation is that many cryptocurrency companies focus less on security, as a core tenant, and may compromise security for an accelerated launch, with seemingly operational performance and usability.
Here are a few ways to ‘up the game’ against hackers:
- Security as a core design tenant: For apps that deal with money, security is always paramount. If users and customers lack/lose trust in the solution, performance and usability will not matter. Teams must mandate security as a core part of the design. Product roadmaps should prioritize security capabilities and features, along with new features in every release.
- Harden the whole solution: No matter how great the design of the solution, it is important to constantly test it with various hardening techniques like vulnerability scans, software monitoring, etc. Hackers just need a weak link in the solution or a human error. Testing against hardening techniques is essential.
- Be prepared: Where there is lots of money or value, companies need in-house security experts to invest in the right cybersecurity tools and procedures. It is better to be prepared than to be sorry.
- Learn from others’ mistakes: In an emerging blockchain category, especially one that is built on open-source software, early-stage crypto companies cannot afford adequate investment in application security or cybersecurity investments. It is vital to learn from other companies’ mistakes and adapt quickly.
Cybersecurity is often a ‘cat and mouse’ game. Now, all crypto companies should play the game. We must stay in lockstep, at times a step ahead, with the bad actors and continue the innovation pace.