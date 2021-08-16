The record theft of bitcoin – 600 million dollars, partially returned – it is useful to open a window on the complex, interesting and dangerous new world of decentralized finance (Defi), on blockchain. Where new opportunities are accompanied by unexpected cyber risks.

The $ 600 million bitcoin hacker theft

A group of criminal hackers managed to exploit a vulnerability on a platform – Poly Network – which essentially aims to connect different blockchains. The blockchain, let us remember, is a computer technology that in practice allows you to manage and update, in a univocal way, a register containing data, in an open, shared and distributed way. Basically it is the system used to track cryptocurrency transactions.

The criminal hackers, thanks to a vulnerability not known to the Poly Network managers, managed to steal assets worth more than 600 million dollars.

How the theft happened

As far as is known, hackers have found vulnerabilities when two programs that automatically execute transactions on the blockchain are running at the same time.

Immediately after the theft, Poly Network on Twitter tries to open a communication channel with criminals.

The phenomenon of decentralized finance (Defi) Cryptocurrencies are, one step at a time, making space among professional and non-professional investors. Bitcoin, Ethereum, Cardano, Binance, Tether, Dogecoin: these are just some of the denominations used by the most “famous” cryptocurrencies. I am referring in particular to a new investment model that is entirely based on digital assets: DeFi, that is to say decentralized finance. This new paradigm is particularly interesting because it raises new questions also from the point of view of cyber security, precisely because of its nature. full digital. The cryptocurrency market in the last year has attracted many small (and often inexperienced) investors: also thanks to the pandemic that has inevitably hit a part of the world population who thus finds themselves having to look for new sources of income. Attracted by the “easy” earnings promised in some cases by investments in cryptocurrencies, some have therefore followed this new path, finding themselves facing a new world. Yes, because the world of Bitcoin & C. is completely digital and can also hide unexpected risks. As we know, cybercrime has the main objective of creating a source of (illicit) income and consequently the criminal cyber-gangs have begun to focus attention on cryptocurrencies and everything that revolves around it: it can become an attractive target.

The money back

In practice, criminals are warned: the police are alerted and any further transactions could be discovered.

The message seems to hit the mark because 260 million dollars are returned within a few hours (out of the 600 stolen).

The thief claimed he just wanted to show how vulnerable the network was.

Some analysts explain the story differently, though: the thief couldn’t use that money.

In the case of the theft from Poly Networks, it seems that the return (partial at the moment) of the money was made precisely because the criminal hackers would not have succeeded in their intent anyway, that is to monetize the stolen currency. On the other hand, somehow close sources on criminals report that the action was aimed only at highlighting the vulnerability and that they would have returned the loot anyway.

This is proof that it is possible to steal cryptocurrencies, but then recycling them or converting them into traditional money is not so simple, thanks to the transparency of the blockchain and the use of specific analytics of the blockchains themselves.

The fact is that at the moment almost 350 million are still missing. Some sources also speculate that Poly Networks offered criminal hackers $ 500,000 in reward and immunity in the event of full return of stolen assets.

Theft of cryptocurrencies from exchanges: the other cases This at the Poly Network is certainly the most striking theft but not the only one. I remember the famous case of the Japanese exchange Mt. Gox which closed for bankruptcy in 2014, after a theft of about 400 million in bitcoins. A high significant case is the one involving the 27-year-old Israeli Afek Zard: sentenced to 8 years in prison and a fine of 1.5 million dollars, he was accused of stealing the equivalent of about 7 million dollars in cryptocurrencies. According to local news reports, Zard managed to steal the access credentials of the wallet (the virtual wallet that "contains" the cryptocurrencies) of an acquaintance. At this point he sold the digital currency (in this case DASH) to try to monetize everything in his favor.

What are the major risks associated with the use of cryptocurrencies? How to defend yourself?

Cryptocurrencies are decentralized and largely unregulated around the world, so historically investors can do little if their cryptocurrencies are stolen by hackers. The incident reinforces the concerns of many people – and regulators – about the risks of cryptocurrencies.

Risk of scams

Certainly the greatest risk is that of the scam, or the scam perpetrated with the use of digital tools. A research by Coindesk has brought to light a very dangerous and insidious phenomenon, namely that of the fake app present in the official Google and Apple stores.

In February of this year, for example, an app named Trezor was uploaded to the Apple App Store, pretending to be the famous wallet (digital wallet) used to store cryptocurrencies.

The app also contained direct links to the wallet but in reality it did nothing but steal login credentials and then make them available to cybercriminals. A bit like if you downloaded a fake app from your bank.

The application in question was promptly removed by Apple after some reports but we don’t really know how many victims have fallen into this scam in the meantime.

As well as fake apps, even really well-made phishing sites are on the agenda in the world of cryptocurrencies.

How to defend yourself

In general, remember that in this world there are no protections offered by banks or credit cards against money theft.

The main advice is to use the utmost caution. Especially when downloading apps from official stores, further verification should always be done, perhaps by checking reviews or asking someone who already uses the same system.

We remind you that you can leave the money on your account on the exchange used to buy them; in this case we check the security measures and evaluate any specific insurance policies.

Crypto-coins can also be stored in a hot wallet, or software-based online storage platform. Particular attention is needed to the custody of access credentials to digital wallets: using professional password managers with double authentication system is a first measure to take into consideration.

On the other hand, many recommend “cold” storage, ie completely offline, in which the private keys of cryptocurrencies are stored off the network and on a device, such as USB sticks. Here the greatest risk is its loss or destruction, but at least you will be protected from theft.

Volatility risk

Another risk factor linked to the world of digital currencies is the high volatility they can have and which can sometimes also be influenced by fake news.

What happened to the startup DeFi100 is emblematic: someone managed to compromise the company’s website, posting a message on the home page like “We scammed you!”.

The founders immediately ran to the restart to warn all investors that their startup, DeFi100, was not a scam and that the message was the work of some cybercriminal who had managed to modify their site.

Unfortunately, in a few hours the damage was done and the value of the digital currency dropped vertically.

In conclusion

In general we remember that it is a dangerous world. Let’s go through it with caution, taking all possible safety measures, but also avoid – as many experts advise – investing more than 5 percent of our capital in it.

