How bad is crypto’s cybersecurity problem? Well, just look at the news. Last week began with a report that North Korean hackers—who steal crypto to pay for their mad dictator’s nuclear weapons schemes—had their best year ever in 2022 and have already nicked $200 million so far this year. This coincided with news that crypto gambling platform Stake got looted for $42 million, and, to round out the week, scammers got hold of Ethereum founder Vitalik Buterin’s X (formerly Twitter) account—where they promoted a crypto giveaway (what else?) to steal nearly $700,000.
These latest developments are hardly surprising. Since the early days of Bitcoin, crypto has been catnip for hackers, who seized on the semi-anonymous nature of blockchain to rob users, companies, and each other. From the calamitous hack of Mt. Gox in 2014 to Bitfinex in 2014 to Axie Infinity's "oops, we lost $600 million" moment last year, massive looting has been a fixture of the industry as much as Lambos and bad tattoo decisions.
The problem is that, despite more than a decade of hard lessons, crypto's cyber vulnerabilities seem worse than ever. The latest spate of hacks are a bad look for an industry trying to win back investor confidence after last year's FTX debacle—and won't endear it to the U.S. government, which is understandably concerned that crypto is bankrolling Kim Jong Un's military.
To be fair, crypto is not the only industry plagued by hackers. Cybercriminals have also wrecked havoc at hospitals, state governments, and many Fortune 500 companies. And fighting off hackers when they're backed by a nation-state—most notably North Korea but also China, Russia, and Iran—is no easy task.
Still, it feels the crypto industry could try harder. While analytics firms like Chainalysis and TRM regularly work with senior law enforcement officials to trace and sometimes capture stolen assets, too many crypto firms have treated security as a second-tier priority—favoring get-rich-quick schemes over less glamorous tasks like auditing code and defending against phishing.
In the short term, things are likely to get worse. This is partly due to the fact that nation state-backed hackers are getting better at stealing digital assets, but also because it has become easier to run scams on X since Elon Musk took over. Despite promising to purge bots and crooks from the platform, the billionaire has made it easier for scammers to run amok by scrapping its long-time verification scheme.
It's just a matter of time till we learn about the next disastrous hack. If the industry wants to reverse this trend, blockchain projects need to do a better job of working with each other—and, yes, with the government—to harden their defenses.
Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts
