A $625M Reminder To Secure Your Cryptographic Keys
One of the largest ever blockchain hacks is blamed on “hacked private keys”.
Hackers have stolen $625M from the blockchain that powers a popular NFT game, Axie Infinity. The attack was blamed on “hacked private keys,” which allowed cybercriminals to forge transactions and harvest funds they didn’t own into their accounts. The attack had been running for a week before it was finally noticed and stopped.
Blockchains are uniquely vulnerable to weaknesses in their cryptographic layer since this is the last line of defence against criminal activity. By their nature, blockchains are open-source and distributed, enabling attackers to examine the software and protocols, looking for any opportunity to strike. Once a weakness is found, anonymous attacks can drain funds from unsuspecting accounts in minutes.
Attacks on cryptographic keys are particularly devastating because most systems assume this cannot happen. Keys are only supposed to be accessible to their owners, which is why they’re used to sign transactions that transfer funds within the blockchain. It’s analogous to signing paper cheques to move money out of your bank account, except with one big difference: in the real world, banks will refund you if you’ve been a victim of crime. In the blockchain community, there is no such safety net.
Unfortunately, cryptographic keys can be attacked like any other layer in a system. Whether this is through the prediction of the keys themselves, or by fooling the system into signing something it shouldn’t, the consequences can be astronomical.
Following this hack, blockchain communities will be looking to strengthen their security to avoid weaknesses in their own cryptographic keys. The methods used for generating and deploying keys, as well as the algorithms themselves, are coming under greater scrutiny across the whole of cybersecurity. This attention will continue to grow as encryption standards are strengthened by bodies such as NIST. While there are no silver bullets in the fight against cybercrime, technology is always advancing and every defence should be deployed to resist these persistent threats.
Provided we learn from each hack of this nature, we can take steps towards a more secure future where cryptocurrency is a trusted, mainstream technology.
To discover how we create the strongest cryptographic keys in the world using quantum technology, please visit our website.
