Can you believe it?
In a matter of days, the crypto world is ALREADY dealing with another successful attack and this time the hacker isn’t playing any games. I was only just getting over the shock of the Poly Network heist when I saw the news about Japanese exchange Liquid being the latest to fall victim losing almost $100 in digital tokens!
So, before I dive into my thoughts on this (I have a few), let me paint the scene so you actually know what I’m talking about.
We’ll wind it back to early August when a bold hacker took their chances and managed to swindle an impressive $600m (£433m) in total from crypto network, Poly Network. Story goes that the hacker exploited a vulnerability in the system that allowed them to declare themselves as the owner to any funds processed through the platform. These funds were then transferred into the hackers’ wallets.
What made the Poly Hack attack particularly interesting to watch unfold over on Twitter was the fact that the hacker seemed to be tolling Poly Network the whole time. The hacker left snarky notes in the comments field in Ethereum transactions toying with Poly Network before returning about $400 of the funds of their own accord. Investigations are still ongoing, but so far, it’s all very odd. Regardless, it’s still being dubbed as the biggest crypto heist in cryptocurrency history!
So, enough about Poly Network. What happened with Liquid?
Again, an opportunistic hacker spotted a vulnerability within Liquid’s platform and took advantage of it. The hacker targeted a multi-party computation (MPC) wallet which is like any other wallet, except that its private keys and their controls are divided between several devices. Usually, you’d think this makes the wallet more secure, but in this case the keys must have been exploited by the hacker to enable the transfer of the funds within the target wallets. By the time Liquid’s Operations and Technology teams detected the unauthorized access it was too late.
UniSwap and SushiSwap
Now, the hacker didn’t stop there. To avoid having the assets they just stole frozen, the hacker converted $45 million in tokens to Ethereum through decentralized exchanges like Uniswap and SushiSwap. These are basically blockchain-based platforms that don’t require intermediaries.
Luckily for Liquid, and its users, the exchange platform pressed pause on all crypto withdrawals and suggested that users also stop depositing any crypto into their wallets to avoid it being added to the hackers already rich bounty. According to a statement on their website none of Liquid’s users will suffer any losses (phew) and things should be back up and running as usual once new security is in place.
But whilst this is all well and good (and far less exciting than the Poly Network hack), it does make you wonder how the hack could have happened in the first place. And what is Liquid really doing to prevent it from happening again?
MPC Infrastructure withHeightened Security
Apparently, they have “completed setting up our new MPC infrastructure with heightened security,” and “are liaising with external vendors to validate the security of the infrastructure further.” I don’t know about you, but that just sounds a bit wishy-washy to me.
What I want to see is a detailed account of what technologies they are actually using to protect users now and in the future. What I want to see is a recognition that yes, it may be a regular hacker today, but what about when quantum computers are on the scene? How will they protect against a cybercriminal with quantum supremacy?
The only person that seems to be caring about these threats is Arqit (a recent discovery of mine and I think they’re great!) which is a leading quantum encryption company with a solution that sounds like it will actually work. They suggest upgrading existing blockchains with encryption that is permanently quantum safe with a solution that creates one-time zero-trust symmetric encryption keys at end points. Sounds incredible, right? If you want to read up more, then I strongly suggest the whitepaper which is what got me excited about them.
So, now all we need is for crypto exchange platforms to actually put effective solutions in place and we can kiss hacks like Liquid and Poly Network goodbye. Though, I will admit, they are fun to watch unfold when they’re not happening to you!