July 15, 2022
Cybersecurity in Crypto: Just How Relevant Is It?
If you have ever dipped your toes into the subject of FinTech, then you have inevitably heard the chants of enthusiasts that blockchain and crypto are the future of finance. Time will tell whether that is true or not, but one thing must be for certain – security will have a key role to play.
Blockchain is often praised for its embedded security. After all, It is literally a chain of blocks of data that all vouch for each other, which, in practice, means you can’t ‘hack’ your way into the chain to stick a random block of data.
And yet, crypto is much more than blockchain.
It is full of technical intricacies and know-hows all targeted at extracting the most from this technology and making it practically usable in real-world scenarios whether it's simply buying a pizza or creating a decentralized community-driven energy network that facilitates value exchange between energy devices.
All this begs the question, how relevant is cybersecurity in the industry built around the technology that is deemed secure by default?
Understanding the Environment of Blockchain
In short, blockchain as a technology is secure, crypto as an industry – not necessarily.
Let me elaborate.
As mentioned, blockchain is nothing but a chain of data blocks that all verify each other. Each time a new block is added, actions are performed to verify the chain's integrity. That approach has proven to be safe. Only there is a catch.
Anyone familiar with cybersecurity knows that, as a bad actor, you go for the weakest link.
Blockchain doesn’t exist in a vacuum. In crypto, there is a entire world of dApps and DeFi all built on smart contracts. By their nature, smart contracts are lines of code that define the terms and the way that certain things operate. Once a contract is published, there is no changing it. It is sealed. The deed is done.
This is where it gets tricky. In this industry, there is no dialing back, no button to press to revert the changes. When you publish a faulty contract and someone discovers a way to exploit it – you are usually very limited on what you can do about it.
Take a look at the Acala Network.
A Curious Case of Stablecoin’s Instability
Polkadot is a multichain ecosystem with a reputation for being safe (which is likely out of the window now), and Acala Network is the ‘decentralized stablecoin and DeFi hub of Polkadot’.
Most recently, a configuration issue of the underlying Honzon protocol led to an exploit that caused Acala USD ($aUSD), Acala Network’s stablecoin, to unpeg from the value of $USD. Curiously, even after identifying the issue, Acala’s hands were tied as they needed to pass an urgent vote to even shut down the network to troubleshoot. That’s just the nature of the industry.
The issue was reported to have appeared after the latest update, which, apparently, was shortly discovered and exploited by the bad actor to mint 1.2B $aUSD and put it to their wallet. At the time of writing, $aUSD is valued at less than 1 cent. Even without getting into specifics, that is one costly mistake.
If you are interested in details, here is a Twitter thread posted by the Acala Network that offers more information.
This goes to show how critical cybersecurity is in crypto.
Of Course It’s Relevant… Perhaps Even More Than Ever
In this industry, governance just works differently from that of traditional industries. You don’t always have the ability to undo the damage or roll back a faulty update. Which, ultimately, means that you just need to put in that deliberate extra effort to ensure utmost safety and protection at every stage from public release to every update that follows.
Shortcuts are more costly than ever.
In addition, the industry is still young and developing. This means that everybody is an explorer and nobody knows the guaranteed right way to do things. It is all bound to come with experience and sometimes that experience may cost upwards of ~$4,5B (looking at you Terra).
We have just barely scratched the surface. Going forward, expect a closer look at some of more industry specific cybersecurity challenges.