The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.
This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cybersecurity communities to bring the security of cryptocurrencies into line.
A History of Heists
The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.
However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cybercriminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.
There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people. Axie Infinity, for example, has millions of players around the world, and in the wake of the Ronin Network attack, regular users reported losing tens of thousands of dollars. In some cases, this was their livelihood, with many players in the Philippines playing to win digital assets as a full-time job.
Crypto Goes Mainstream
This demonstrates how digital assets have become more deeply ingrained into our society since the Mt. Gox hack. Cryptocurrency is now used by a far broader cross-section of the population (13% of Americans traded crypto in 2020), major companies now accept it as payment (such as Tesla), and nations have integrated cryptocurrencies into their economies.
El Salvador famously became the first country to adopt Bitcoin as an official currency in 2021, but many countries are now looking to join the party. The UK, for example, recently announced its intention to become a "global hub" for the crypto industry, proposing new regulations for stablecoins and even an NFT backed by the Royal Mint. President Biden’s Executive Order on Digital Assets, released in March, also acknowledged the growing role of cryptocurrencies in the US economy.
The Knock-on Effects of a Hack
As digital assets become deeply ingrained into our lives, the attacks against them have wider societal impacts. For example, crypto is the currency of choice for cybercriminal activity and the Dark Web, including ransomware attackers, malware operators, scammers, human traffickers, dark-net market operators, and terrorist groups.
Their vulnerability and the ease in which they can be laundered therefore contributes to the coffers of cybercriminals. An analysis of wallets controlled by cybercriminals suggested that at least $8.6 billion of cryptocurrency was laundered in 2021. There is also evidence of stolen cryptocurrencies funding hostile nation-states, with North Korean groups reported to have stolen $400 million of cryptocurrency last year, potentially to offset financial sanctions.
This criminal activity also creates a burden on law enforcement around the world. In 2021, the Department of Justice launched the National Cryptocurrency Enforcement Team (NCET), focusing specifically on crime involving digital assets. In one single seizure this year, the task force obtained 94,000 Bitcoin ($3.6 billion), demonstrating the scale of the illegal market it is trying to tackle.
Security and Regulation
First, crypto companies need to improve their cybersecurity — fast. The Ronin Network admitted that it took six days to notice that a hacker had exploited a security flaw and stolen $540 million worth of cryptocurrency. This level of security is unacceptable. If these organizations are asking users to trust them with assets, they must provide the security to protect them. If they don’t invest in security, the attacks will continue and users will very quickly lose confidence in these platforms.
Second, the increasing severity of these attacks supports the argument that crypto companies require greater regulation. Regulated financial institutions cannot afford to get away with the loss of millions in assets. Of course, attacks do happen, but regulations hold the security of regulated institutions to a sufficient standard that losses are mitigated. When these standards are not met, there are consequences put in place by the regulators.
We have to eliminate the perception that crypto hacks are inconsequential, only affecting those at the margins of society. They are not: Thousands of people are affected directly, with ever more joining the cryptocurrency world every day. Moreover, with cryptocurrencies funding the criminal community, these hacks will increasingly impact everyone whether you directly engage with digital assets or not.