Crypto users are faced with a near constant barrage of threats including widespread phishing schemes, targeted attacks from scammers impersonating friends & application support staff, malware crawling for improperly secured private keys, and speculative meme coins with a sole purpose to build market liquidity for early entrants to dump on retail investors. Thankfully, as attacks are becoming more and more sophisticated, those who aim to defend against bad actors are developing advanced tools to educate and protect consumers. Here are a few examples of the most common scenarios to protect yourself against, as well as how the crypto space is evolving to stay ahead of the curve.
It is important to understand the distinction between holding cryptocurrency on centralized exchanges and holding it in your own wallet through self-custody. The easiest way to get into crypto is to make an account on a centralized exchange and buy some tokens. However there is significant risk in leaving investments on a centralized exchange. Centralized exchanges often lack transparency in accounting and lead to traditional ‘web2’ style fraud as we saw with FTX collapse, which was echoed by the collapses of traditional banking institutions throughout the world. However, once a crypto user withdraws their tokens to their own self-custody wallet they are faced with the responsibility of avoiding phishing campaigns, protocol hacks, private key leaks, and more.
Phishing campaigns range from widespread campaigns to targeted attacks. Recently I have encountered malicious Google Ads which redirect users from legitimate websites to perfect clones which prompt the user to confirm transactions in their wallet which send all of their assets to an attacker. There are also scammers posing as benevolent actors warning users that an application they recently used has been compromised and they need to withdraw all of their funds immediately. The site the scammers send the user to looks identical to the application with which they are familiar, which then prompts them to confirm the same style of malicious transactions.
Even when users connect to legitimate applications, they are not safe from protocol vulnerabilities and accidental introduction of bad code through protocol updates. In the last year there have been network bridges and decentralized exchanges which introduced unaudited updates to their codebase which were soon exploited by bad actors, draining all the deposits of users.
An ongoing problem with crypto wallets is that transactions are impossible to decipher for the vast majority of users. People have become accustomed to clicking ‘confirm’ on opaque blobs of hex data, trusting that the application is telling them the truth. Wallets are starting to get smarter, and there are now tools people can install on their computers, or networks people can connect their wallets to which help filter out mistakes and hacks. The Shield3 RPC is a free tool that people can use to filter out common hacks and interactions with known bad actors.
Also, like many fields, AI is helping. Decentralized finance applications provide unprecedented transparency and data availability to train and adapt models for common mistakes by developers, attack patterns by bad actors, and penetration testing by benevolent hackers. For example, one can now visit a blockchain explorer, copy the code of a smart contract from a popular DeFi app, and paste it into ChatGPT, asking it to find potential ways the code can be exploited. One can also ingest all of the data about all smart contracts and transactions in existence, and identify patterns and transactions that lead to a major hack. Specifically, when someone is about to attack a protocol there are often a series of transactions where they create a new anonymous wallet using a private transaction service, like Tornado Cash, then prepare their wallet to exploit a protocol. Protocols can defend themselves by detecting these patterns and pausing the protocol before the exploit can take place, then implement fixes before unpausing.
However while this data is widely available, it is near impossible to understand for the vast majority of users. AI tools allow us to take the insights from threat analysis and detection tools and present them in language which is personalized and comprehensible to everyone, regardless of their level of technical sophistication. We can take highly technical audit reports and data streams and have large language models summarize the threat in any language, for any audience.
These tools allow us to both detect threats faster and more efficiently than ever before, and democratize access to the insights to make security and risk mitigation widely available.