Crypto News: Recent Hacks Expose Hidden Vulnerabilities
We know blockchain is a secure cryptographic technology. However, it is a mistake to assume all the other crypto infrastructure built on top of blockchain is just as secure. In March hackers ran off with $625 million from Axie Infinity’s Ronin Bridge, the largest crypto hack ever. The vulnerability: hackers were able to use private keys to forge fake withdraws. Last week, crypto “veterans” storing their fortunes on a Trezor, a hardware wallet, fell victim to phishing attacks and lost everything.
1st hand account on Reddit:
It turns out Trezor was using a 3rd party email company called “Mailchimp” instead of their own email service. This is a shame since 3rd party vulnerability is a problem that a security company like Trezor should not have.
Last week, the white hat hacker @mr0chill found another “platform ending” vulnerability on OpenSeas. “Another” because last November the @RUG_TECH team and Mr.0chill found a smart contract scenario that, “made it possible to mint NFTs that appear to be created by any ETH wallet you choose. With no consent or notification required.” The nightmare scenario: hackers disguised as popular NFT minters would “drop” a new collection and frenzied collectors would gladly hand over their Eth to buy it. The white hat hackers immediately notified and worked with OpenSeas for the grand reward of… 3 Eth ($12.5k). Meanwhile, Mr.0chill claims the black market was offering considerably more money for the hack. That was November, fast forward to March 29th, 2022 and Mr.0chill refused to hand over the claimed “new vulnerability” after OpenSea offered only $25,000. Meanwhile, he claims the black market was again, offering 100x OpenSea’s offer. In this case, ethics won out and after OpenSea’s $50,000 donation to @GirlsWhoCode, Mr.0Chill worked out a resolution with OpeanSea. If a popular and respected crypto platform like OpenSea can have multiple “platform ending” vulnerabilities, it’s important to be aware of what else can be out there. Also, this situation showed white hat hackers may not be paid nearly as much as what the black market offers.
So back to the point, all of these hacks and vulnerabilities are not from the blockchain side but from the infrastructure built on top of it. Popular and well-accredited platforms might be low risk, but maybe not as low risk as you’d think. Crypto is still in its early stages and we don’t have all the kinks worked out yet. That is why it’s important to double-check the platforms and dApps you use in case of unforeseen vulnerabilities. On the flip side, for those entrepreneurs planning on developing in crypto, there are many future companies to build to fix all of these problems :)
