How crypto tokens became as insecure as payment cards once were

Last month hackers roughly stole $100 million in cryptocurrency from Harmony blockchain bridge. It looks like a new wave from the recent storm that started almost a year ago. In August 2021, DeFi Poly Network was breached with $600 million robbed of the user accounts. Then, in February 2022, hackers stole $320 million from the users of crypto trading company Wormhole. It was followed by another breach in March when hackers nearly pocketed 600 million dollars in crypto from an online gaming company by using a crypto payment system Ronin Network.

To less advanced users, it may sound like blockchain technology is vulnerable, which isn’t necessarily true. For example, some “core” blockchain code like Bitcoin can still be trusted because it is based on: strong cryptography and has been scrutinized by millions of users, including hackers, for years. But new technology like Harmony has to be in beta testing for months or even years before it can be considered safe.

It’s unbelievable how people entrust their money to untested, uncertified code. Traditional financial and payment software goes through excessive regulatory compliance testing and certification before going to production, but security incidents still exist. But crypto software is not regulated, so there are no testing requirements or certifications.

The new crypto fintech era

It looks like crypto fintech is going through the same saga as that one experienced by the payment card industry in the years 2000 and 2010. During that time, Card data breaches popped up daily, revealing millions of records of sensitive cardholder information. In many cases, hackers sold the data on the darknet to other criminal gangs for further “revenue”. Those secondary groups specialized in creating counterfeit plastic cards using stolen cardholder information and redeeming them through online or in-store purchases.

The payment card industry has addressed these security concerns by creating payment card industry security standards (PCI DSS) and forcing players such as merchants, banks and payment processors to follow the rules. Another robust measure to combat payment card fraud was the implementation of new payment security technologies such as point-to-point encryption, chip&pin (smart cards) and secure online payment processors such as PayPal.

Crypto fintech does not yet have all those security standards and technologies. The coins and tokens are just as bare and fragile as plastic payment cards with magnetic strips with account numbers on them. Note: Such cards still exist, but are much more protected today. It took several years for the payment card industry to realize that an existential threat needs to be addressed. The latest mega crypto breaches indicate that the blockchain industry needs to recognize it and learn from the lessons of its predecessor. And users should be careful and think twice before committing their money to adventure technology.

Slava Gomzin is Director of Payments and Cyber ​​Security at Toshiba Global Commerce Solutions and an expert in blockchain technology. He is the author of Fundamentals of cryptography, Hacking point of sale and Bitcoin for non-mathematicians. He is also co-founder of the Lyra blockchain.