How bad is crypto’s cybersecurity problem? Well, just look at the news. Last week began with a report that North Korean hackers—who steal crypto to pay for their mad dictator’s nuclear weapons schemes—had their best year ever in 2022 and have already nicked $200 million so far this year. This coincided with news that crypto gambling platform Stake got looted for $42 million, and, to round out the week, scammers got hold of Ethereum founder Vitalik Buterin’s X (formerly Twitter) account—where they promoted a crypto giveaway (what else?) to steal nearly $700,000.
These latest developments are hardly surprising. Since the early days of Bitcoin, crypto has been catnip for hackers, who seized on the semi-anonymous nature of blockchain to rob users, companies, and each other. From the calamitous hack of Mt. Gox in 2014 to Bitfinex in 2016 to Axie Infinity’s “oops, we lost $600 million” moment last year, massive looting has been a fixture of the industry as much as Lambos and bad tattoo decisions.
The problem is that, despite more than a decade of hard lessons, crypto’s cyber vulnerabilities seem worse than ever. The latest spate of hacks are a bad look for an industry trying to win back investor confidence after last year’s FTX debacle—and won’t endear it to the U.S. government, which is understandably concerned that crypto is bankrolling Kim Jong Un’s military.
To be fair, crypto is not the only industry plagued by hackers. Cybercriminals have also wreaked havoc at hospitals, state governments, and many Fortune 500 companies. And fighting off hackers when they’re backed by a nation-state—most notably North Korea but also China, Russia, and Iran—is no easy task.
Still, it feels as if the crypto industry could try harder. While analytics firms like Chainalysis and TRM regularly work with senior law enforcement officials to trace and sometimes capture stolen assets, too many crypto firms have treated security as a second-tier priority—favoring get-rich-quick schemes over less glamorous tasks like auditing code and defending against phishing.
In the short term, things are likely to get worse. This is partly due to the fact that nation-state-backed hackers are getting better at stealing digital assets, but also because it has become easier to run scams on X since Elon Musk took over. Despite promising to purge bots and crooks from the platform, the billionaire has made it easier for scammers to run amok by scrapping its longtime verification scheme.
It’s just a matter of time till we learn about the next disastrous hack. If the industry wants to reverse this trend, blockchain projects need to do a better job of working with each other—and, yes, with the government—to harden their defenses.
Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts
DECENTRALIZED NEWS
Analysts predict the expected arrival of Bitcoin spot market ETFs will further diminish the popularity of Bitcoin futures ETFs, which soared out of the gate but have since leveled off. (Bloomberg)
The Financial Times cautions SEC Chair Gary Gensler that his aggressive interventions in crypto and elsewhere “must be balanced with pragmatism if he is not to risk his ambitions backfiring.” (FT)
Eight exchanges, including Binance and Coinbase, now account for over 90% of crypto trading volume—providing deep liquidity for traders but also potential points of failure. (Bloomberg)
In a potential sign the crypto investment climate is thawing, 10 startups raised $114 million this summer, led by the IP-focused Story Protocol’s recent $54 million raise. (Blockworks)
Investment firm Greenfield named Lisbon the most important crypto hub on the planet, thanks in part to favorable tax breaks and a pool of tech talent. (CNBC)
MEME O’ THE MOMENT
This is the web version of Fortune Crypto, a daily newsletter. Sign up here to get it delivered free to your inbox.
