{"id":13954,"date":"2022-04-16T11:33:59","date_gmt":"2022-04-16T11:33:59","guid":{"rendered":"http:\/\/egrowonline.com\/?p=13954"},"modified":"2022-04-16T11:33:59","modified_gmt":"2022-04-16T11:33:59","slug":"north-korea-nfts-and-a-hit-video-game-inside-a-500m-cryptocurrency-theft-blockchain","status":"publish","type":"post","link":"http:\/\/egrowonline.com\/?p=13954","title":{"rendered":"North Korea, NFTs and a hit video game: inside a $500m cryptocurrency theft | Blockchain"},"content":{"rendered":"


\n<\/p>\n

\n

L<\/span><\/span>ate last month, hackers made off with<\/a> what was then worth more than $500m<\/a> from the systems of cryptocurrency network Ronin, in what is believed to be the second-largest cryptocurrency theft on record.<\/span><\/p>\n

Ronin was a juicy target for a hacker. The blockchain project supports the wildly popular Axie Infinity video game, which with an estimated 8 million players<\/a> has drawn comparisons to action-driven collecting games like Pok\u00e9mon Go.<\/p>\n

Axie Infinity is hot and involves substantial sums of money. Players purchase creatures called Axies in the form of NFTs<\/a>, unique digital assets known as non-fungible tokens. The creatures can breed, battle and even be exchanged for cold, hard cash.<\/p>\n

The game has swelled in popularity as players see the potential to earn real money. In 2020, one 22-year-old player from the Philippines reportedly bought two apartments<\/a> in Manila with his earnings from the game. Last year, another player said he earned more through Axie Infinity<\/a> and other online games than from his full-time job at Goldman Sachs.<\/p>\n

But the underpinnings of the game face significant security challenges. To play, gamers must move their money from Ethereum to Ronin on a blockchain \u201cbridge\u201d system. Ronin is a \u201csidechain\u201d of Ethereum \u2013 a scaling solution that allows transactions to happen faster than on Ethereum, which is congested by the amount of activity it hosts. Hosting the game on this sidechain ensures it can grow without losing functionality. Bridges can hold a lot of money at once, so by targeting the Ronin Bridge that transferred players\u2019 assets between blockchains, hackers seized control of the assets and took off with the money.<\/p>\n

\n
\"In-game<\/div>
<\/span>In-game assets called \u2018Axies\u2019 are seen in this undated handout image from the blockchain-based game Axie Infinity<\/span> Photograph: Sky Mavis\/Reuters<\/figcaption><\/figure>\n

The US government said<\/a> this week it believes North Korean hackers are behind the heist. But it\u2019s just the latest in a string of brazen high-profile crypto thefts. In 2018, more than $530m was stolen from the crypto exchange Coincheck. In February, hackers made off with $320m from the decentralized finance platform Wormhole (though that loot was eventually returned<\/a>). And in that same month, in perhaps the most publicized cyber heist of the year, prosecutors charged odd couple Ilya \u201cDutch\u201d Lichtenstein and his wife, Heather Morgan, \u2013 also known for her cringeworthy raps on TikTok under the name Razzlekhan \u2013 with conspiracy to launder billions of dollars worth of bitcoin<\/a> stolen from the crypto exchange Bitfinex in 2016.<\/p>\n

It\u2019s a trend. <\/strong>In 2021, $3.2bn in cryptocurrency was stolen from individuals and services, according to a crypto crime report by Chainalysis, a company that provides blockchain data and analysis to banks, governments and other businesses. (Ronin is also working with Chainalysis<\/a> to trace the funds stolen in the hack, according to Reuters.) The figure is almost six times this amount stolen in 2020. So far this year, more than $1bn has already been stolen, according to experts at Chainalysis and other security firms.<\/strong><\/p>\n

Vulnerabilities in smart contracts<\/strong><\/h2>\n

The high-profile hacks and substantial sums of money involved have raised questions about how vulnerable the blockchain \u2013 long considered a secure place to store assets \u2013 is to such breaches.<\/p>\n

Some experts say the rise in reports of cryptotheft come as cryptocurrency is more widely used and better understood than ever before. <\/p>\n

\u201cYou basically have a lot of money on the table, and on a very public table,\u201d said Nicholas Christin, an associate professor at Carnegie Mellon University who researches online crime and computer and network security. With large sums of money publicly moving around on these transparent systems, it can be enticing for a hacker to pounce.<\/p>\n

To understand how these heists are possible, it\u2019s important to distinguish between the blockchain and other programs that operate on top of it, experts say. The blockchain itself is a decentralized public ledger that allows for peer-to-peer transactions. It\u2019s the foundational layer that bitcoin, Ethereum or Solana are built upon.<\/p>\n

The second layer \u2013 the one that\u2019s frequently exploited \u2013 are smart contracts that run on top of blockchains. Smart contracts are agreements in code that automatically execute when the terms of the contract are met. The common analogy is to a digital vending machine \u2013 select a product, put in the correct amount of money, and your item will be automatically dispensed. These contracts are irreversible.<\/p>\n

<\/figure>\n

The hackers weasel their way to the money through these second-layer systems by either taking advantage of bugs in the code, or getting hold of the private keys that will let them into the systems, explained Christin. Some hackers even subvert the smart contracts to redirect the funds into their hands.<\/p>\n

In the Axie Infinity hack, which targeted the Ronin Bridge, the hacker obtained enough private keys to control the bridge and drain the funds. Since so many users had their assets in the bridge, the payout was massive. <\/p>\n

\u201cUnderlying blockchain protocol is secure,\u201d said Ronghui Gu, founder and CEO of the blockchain security firm Certik. \u201cBut the programs \u2013 the smart contracts \u2013 running on top of them are still like other normal programs, which can have software bugs and vulnerabilities.\u201d<\/p>\n

It\u2019s common for hackers to try to exploit the code of one of their targets. And it helps that much of the code for blockchain programs is open source, making it easily accessible for hackers who want to look over the code and find potential bugs.<\/p>\n

\u201cIn this world people say \u2018in code we trust,\u2019 but the code itself is indeed not that trustworthy,\u201d said Gu. When he started his blockchain security firm in 2018, Gu explained, only a few companies used third-party security services like his to audit and assess their code \u2013 a critical security backstop \u2013 but he\u2019s seen the number gradually tick up.<\/p>\n

Crypto exchanges are also major targets for hacks. Exchanges are like banks, they\u2019re central entities that hold massive amounts of their users\u2019 money and transactions are irreversible. Like bridges, they are a middleman program that tends to be targeted. \u201cThose big exchanges have a huge target on their back,\u201d said Christin.<\/p>\n

Victims left with <\/strong>big security burden<\/strong><\/h2>\n

Once crypto assets are stolen it can be a challenge for thieves to cash out, especially if the heist is in the nine-figure range. That means funds are often left in limbo for years, or even indefinitely. During that time, the value of the stolen funds can fluctuate due to the volatile nature of the crypto market.<\/p>\n

The Chainalysis crypto crime report estimates that criminals are currently holding at least $10bn worth of cryptocurrency, the vast majority obtained through theft. Thanks to transparency on the blockchain, it\u2019s possible to trace these transactions and holdings, but the identity of the perpetrator is hard to nail down until the funds are cashed out. <\/p>\n

<\/figure>\n

One can look to the Bitfinex scandal<\/a> as a case study in attempted laundering. \u201cThe funds didn\u2019t move for an extremely long time. And then when they tried to initiate the laundering process, this was an opportunity for law enforcement to get involved again, because people are following these hacks,\u201d said Kim Grauer, director of research at Chainalysis. <\/p>\n

For victims of the schemes, there are few ways to recover assets. \u201cIf a bank\u2019s security fails, it\u2019s not that bad for the bank,\u201d said Ethan Heilman, a cybersecurity expert and co-founder of the cloud service BastionZero. \u201cBut if you\u2019re a cryptocurrency exchange and someone empties out all your cryptocurrency that\u2019s really bad for you.\u201d Banks have measures in place to protect their clients that the blockchain lacks. If one\u2019s credit card is stolen, insurance policies ensure that one will usually receive that money back. On the blockchain, however, transactions are irreversible \u2013 there is no undo button.<\/p>\n

That means there is a tremendous security burden on individual users to keep their assets safe. \u201cEnd users may not necessarily be cognizant of the security risks that they incur,\u201d said Christin. \u201cQuite frankly, even people in the field don\u2019t have time to necessarily go and review some smart contract source code.\u201d<\/p>\n

If one entrusts their keys to the wrong second-layer intermediary, it\u2019s possible that they could be a victim of a heist. Collectively, most aren\u2019t used to this responsibility.<\/p>\n

Crypto companies are beginning to get more serious about security, Heilman said, but a world without hacks is not realistic, he added. \u201cYou never become secure, you just become more secure,\u201d he said. \u201cSo given the ease of monetizing a vulnerability in one of these systems, I think that it is likely that we will continue to see things get hacked, and the question will not be, \u2018is there a new hack this month?\u2019 It will be: \u2018how frequent are the hacks this month?\u2019\u201d<\/p>\n

\u201cThere are important things that the industry needs to overcome in order to actually really grow and scale,\u201d said Grauer, \u201cbecause you can\u2019t have a healthy growing industry if everyone is afraid of getting hacked.\u201d<\/p>\n<\/div>\n


\n
Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Late last month, hackers made off with what was then worth more than $500m from the systems of cryptocurrency network Ronin, in what is believed to be the second-largest cryptocurrency theft on record. Ronin was a juicy target for a hacker. The blockchain project supports the wildly popular Axie Infinity video game, which with an […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[36],"tags":[5543,73,52,860,133,1009,502,1008,1341,1171],"class_list":["post-13954","post","type-post","status-publish","format-standard","hentry","category-cryptocurrency","tag-500m","tag-blockchain","tag-cryptocurrency","tag-game","tag-hit","tag-korea","tag-nfts","tag-north","tag-theft","tag-video"],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts\/13954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13954"}],"version-history":[{"count":1,"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts\/13954\/revisions"}],"predecessor-version":[{"id":13955,"href":"http:\/\/egrowonline.com\/index.php?rest_route=\/wp\/v2\/posts\/13954\/revisions\/13955"}],"wp:attachment":[{"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13954"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/egrowonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}