Crypto Security Differences Between Hacker Attacks and Fraud

Crypto Security Hacker Attacks vs Fraud

Author: Haotian, Crypto Observer Source: X (Twitter) @tmel0211

There are always people talking about hackers, believing that hackers treat the cryptocurrency industry as an ATM machine, and they have hindered the development of the crypto market. This statement is not wrong, but the harm caused by hackers is far lower than the toxicity of human nature to the cryptocurrency industry. From the perspective of a security practitioner, let me share my views.

1) The threshold for hacker attacks has been continuously raised. In the past year, various types of attacks such as contract overflow attacks, replay attacks, rollback attacks, random number attacks, etc. have been gradually “disappearing” because the white hat forces in the blockchain industry have grown into an unstoppable iron army. With their continuous contributions, the overall code quality of the industry has improved, and security awareness has also been cultivated. The threshold for hacker attacks has also been raised. Now, for hackers in the crypto market to succeed in their attacks, they need to conduct more meticulous vulnerability research, comprehensive attack scanning, or find breakthroughs in upstream server supply side. The “investment” required for successful attacks is gradually increasing. If a project does not disclose any details of being attacked and just casually mentions a hacker attack, you may need to doubt the “hacker” attribute here.

2) In the past year, we have seen too many private keys being cracked, contract permissions being controlled, Oracle price attacks, multisig being breached, governance token attacks, backdoors being reserved, rug pulls, etc. Honestly, many security incidents seem magical at first glance. How could xx project have xx minor issues? How can cold wallets be attacked? Asking these questions reflects a respect for the “technology” of blockchain, because we really don’t want to classify these strange and magical security incidents as human nature bugs. However, when these behaviors, which are good at using hacker diversion, become a trend, it will be the biggest sorrow for the crypto industry. After all, technology bugs can be easily fixed, but human nature bugs are difficult to eliminate.

• Conduit Elector Introduction How to bring high availability sorter and zero downtime deployment to Superchain?
• Co-founder of AirBit Club Ponzi Scheme Sentenced to 12 Years in Prison
• LianGuaiWeb3.0 Daily | Binance will support the Celo (CELO) network upgrade and hard fork

3) According to incomplete statistics, phishing attacks, Ponzi scams, and other activities have long surpassed hacker attacks and become the biggest harm to the crypto industry. In pure hacker attacks, there may be differences between smart thieves and dumb thieves. When encountering some vulnerabilities that have not been fixed, a shout-out or a remote message may still result in a refund. After all, illegal profits obtained through Trojan implants and other hacker attacks can actually receive some judicial protection. But phishing attacks and Ponzi schemes can only be seen as a “cognitive tax” for most people, and there is really no way to deal with them. The people who set traps and engage in scams in a large scale are fundamentally different from those who study vulnerabilities and conduct real attacks. Hackers may think it’s fun and just happened to succeed in their attacks, but those who professionally exploit human vulnerabilities for fraud are very different.

4) The Mixin incident worries me more than previous hacking incidents because of its user base. Most of its audience comes from the public courses of experts, believers in OG, those who sign in to receive bitcoin as a novelty, and diligent workers who invest in the future through regular contributions. They are all newly onboarded fresh blood, and they may become the backbone of the future bull market. Now, after being hit hard, they may reluctantly return to the factory to work as laborers again, riding their electric scooters with resentment, leaving behind a field that once gave them a glimmer of hope. This also amplifies the stereotype that “the cryptocurrency industry is all a scam” on an exponential scale. The “tuition” for entering the crypto circle is too expensive.

5) We have been calling for Mass Adoption for many years. Whether it’s the ERC-4337 account abstraction, the MPC multi-signature scheme, or the use of Intent-centric, we all had a common belief: to lower the barriers for user participation. Private key sharding, email registration, social recovery, programmatic execution, hmm, they all sound cool, but why do they sound so much like scams? Although it may sound extreme, it reflects an objective fact: if someone uses language that most people can understand to make most people feel secure, the person who feels the least secure is probably that someone. After Mixin, I can’t say for sure, but most projects aiming for Mass Adoption may be implicated. Crypto educators will have to work harder to educate people about Crypto beliefs. This wickedness of human nature is detestable.

Over the years, Crypto technology has grown, security measures have been strengthened, regulatory environments have become increasingly complex, and the wickedness of human nature has become more and more intense. But optimistically speaking, this is also a demonstration of the growing strength of the Crypto world. In the end, it all comes down to one phrase: there is only one kind of heroism in the world, and that is to continue to love life after seeing the truth of life.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!