Security has become an issue that cannot be ignored in the next generation of Internet.
Recently, an op-ed by Reuters brought the well-known blockchain trading platform, Binance, to the forefront. According to the Reuters report, after analyzing court records, talking to law enforcement, and working with blockchain analysis firms Chainalysis and Crystal Blockchain to trace illicit funds from exchanges, it was eventually found that between 2017 and 2021, at least $2.35 billion in illicit funds were laundered through Binance.
In response to the Reuters report, Binance Chief Marketing Officer Patrick Hillman said he did not believe its analysis was accurate. In response, he told reporters that the company is building the most advanced web forensics team on the planet, which will further improve our (Binance) ability to detect illegal crypto activity on the platform (Binance just recently launched a $500 million Web3 fund ).
However, compared to Trick Hillman’s powerless rebuttal, the Reuters report is indeed more convincing. Recently, the Federal Trade Commission also released a report showing that more than 46,000 people have lost more than $1 billion in crypto-related scams since the beginning of last year, including about $329 million in the first quarter of 2022. The security issue of currency is even more serious.
Behind Cryptocurrencies: Fraud, Money Laundering, Theft
Fraud is the most common problem in the currency circle. The FTC (Federal Trade Commission) wrote in the report that with the exponential growth of the income of cryptocurrencies in the past few years, cryptocurrencies have gradually become out of the circle with the help of social media, which has also woven a network for scammers to defraud, since Nearly half of those who reported losing cryptocurrency to scams since 2021 said the scams all started with advertisements, posts or messages on social media platforms.
The report also revealed that nearly $4 out of every $10 in cryptocurrency scams is lost to scams originating from social media, related to cryptocurrencies, with Facebook (32%), Instagram (26%) and Whatsapp (9%) was the most frequently cited platform; scams also had a greater relationship with age, with individuals between the ages of 20 and 49 reporting three times the likelihood of being scammed, but older adults reported greater losses, over 70 percent The median age for victims was nearly $12,000.
Money laundering and theft are also a major security concern in the cryptocurrency industry. Reuters linked several key events and platforms in this report, including the hacks of Eterbase, Hydra, and Lazarus, each of which involved Binance to facilitate various cryptocurrency exchanges.
Take Lazarus as an example. According to Reuters estimates, Lazarus laundered $5.4 million in Eterbase attacks through Binance in 2020 and attacked the Ronin sidechain connected to the Axie Infinity Ethereum network, resulting in a loss of $622 million. , the group has stolen $1.75 billion worth of cryptocurrency in 2020. After U.S. law enforcement sanctioned Lazarus, Binance also said it had identified and froze more than $5 million in crypto assets related to the Ronin hack, and said the exchange would also continue to cooperate with law enforcement agencies in its investigation.
There are also many security problems in Web 3.0
If cryptocurrency is the payment method in the next-generation Internet era, then Web3.0 can be called the backbone network of the next-generation Internet. At present, although Web 3.0 is driven by social media, it is in the same trend as the previous cryptocurrency, and all aspects are full of vitality, but Web 3.0 in the early stage of development has no security problems. Yet? Obviously there is, and there are still many problems.
According to a report released by CertiK, there were 82 hacking incidents on the Web 3.0 track in the first quarter of 2022, and the losses caused by them increased by 8 times compared to the same period last year, to about 1.3 billion US dollars (1,297,166,019.19 US dollars), of which 1,297,166,019.19 US dollars. RUG PULL (carpet pull attack/scam), flash loan attacks, and cross-chain bridge infrastructure attacks are the main ones.
RUG PULL is the most frequent type of attack event in the first quarter of 2022. It usually refers to the withdrawal of developers of new encrypted projects from the DEX liquidity pool or the sudden abandonment of a project, which swept away investors’ funds without warning. . Rug pulls are most common in DeFi. Most Rug pulls require developers to create a new token and promote it to investors, who trade the new token “in expectation of appreciation”, which also provides liquidity to the project, however, developers will eventually start from Funds are withdrawn from the liquidity pool, the value of the token is zero, and then it runs away.
Flash loan attacks are the second most popular type of attack by hackers. Flash loans are new financial primitives that allow users to open unsecured loans with the only stipulation that the loan must be repaid in the same block or it will be withdrawn . This is very different from traditional DeFi loans. Traditional DeFi loans often require users to over-collateralize the loan in the early stage. The novelty of flash loan is that it can make anyone in the world temporarily become very well-funded. A trader with the potential to suddenly manipulate the market. In a recent spate of attacks, we have seen malicious actors use flash loans to instantly borrow, swap, deposit, and re-borrow large amounts of tokens so they can artificially manipulate the price of tokens in a DEX.
The last type of Web 3.0 mainstream attack method is the cross-chain bridge infrastructure attack. The data shows that the three most profitable attacks in the first quarter of 2022 are all attacks on the cross-chain bridge infrastructure. Taking the asset cross-chain bridge launched by Synapse Protocol being attacked as an example, the attacker first calls the swap() function and the removeLiquidityOneToken() function on Metaswap.sol through the Firebird Router, first converts nUSD into nUSD-LP tokens, and then Remove nUSD-LP to get USDC. Then use the addLiquidity() function in the MetaswapDeposit contract to add liquidity with USDC in exchange for nUSD-LP, and finally use the removeLiquidityOneToken() function in the MetaswapDeposit contract to remove the liquidity with nUSD-LP in exchange for nUSD, and then cycle in turn, continue to arbitrage, and finally attack Investors reduce the virtual price of Metapool and withdraw funds from the LP through circular transactions, thereby obtaining about $8 million in nUSD assets.
In general, on the way to the development of the next-generation Internet, we have neither figured out its development trajectory nor solved the security issues in the development process. The next-generation Internet is still in the belly, please don’t let it abort.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/where-is-the-biggest-enemy-of-the-next-generation-internet/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.