Alongside self-fertilizing crops and low-carbon shipping, cryptocurrencies have made the World Economic Forum (WEF) list of top tech trends in 2022 bolstered by research by the Thomson Reuters Foundation that describes it as moving from the ‘fringes of finance to the mainstream’.
Perceptions around cryptocurrencies have shifted, with several countries adopting it as legal tender, banks looking to create their own forms of digital currency, and consumers putting their savings into crypto wallets instead of traditional financial institutions.
Countries are either considering or are already partially using Central Bank Digital Currency (CBDC), which essentially allows for companies and individuals to make payments using digital currencies directly as opposed to more traditional methods of payment. However, as Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa points out, there are risks.
“The cryptocurrency ecosystem is still very much the Wild West,” she says. “According to Elliptic’s report DeFi: Risk, Regulation and the Rise of DeCrime, over $12 billion in losses have been suffered by DeFi users and investors, due to theft and fraud through malicious exploitation of flaws in decentralized applications (DApps), decentralized exchanges (DEXs), lending protocols and asset management offerings.
Concerns around the vulnerabilities posed by cryptocurrencies are not new. Several countries have implemented increasingly complex bans on them, including China, Bangladesh, Qatar, Nigeria, Egypt, and Morocco; while others are considering increasingly rigorous controls over how these currencies are managed and accessed.
“Crypto platforms and services use websites and third-party service providers that are off the blockchain to interact with their customers. They host websites, other providers’ APIs and use email or chat services, like Discord, and every one of these opens up a new loophole for criminals,” says Collard.
“This could be used to phish their customers, scam them, hijack accounts and steal data, or gain user trust so they can steal their information. These are just some of the opportunities that are ripe for fraud, and people need to be prepared for these risks and take steps to protect their funds.”
One smart step is to move funds from a hot wallet to a cold wallet, or cold storage, as soon as possible. These are named accordingly because they are not directly connected to the internet and store users’ private keys offline to ensure that no one on the internet can tamper with them.
They add on a new level of protection that can mitigate the risks of getting your secret key stolen by malware on your computer, for example. This does offer a level of protection, but will not help protect against phishing scams trying to lure people into authorizing payments, providing their key to the scammers, or falling for any of the other fraudulent crypto investment scams.
That is why it is really important to fully understand the complexities and vulnerabilities that come with cryptocurrencies so that you can protect against them, intelligently.
There are also issues with the platforms and marketplaces themselves, many of which are rife with fraudsters who commit trading malpractice, who defraud people, and who perpetrate scams. They have not gone away just because the currency has moved onto digital platforms.
“Smart contracts are pieces of code that are used by crypto platforms, exchanges, and other players to transact on the blockchain. These pieces of code are written by software engineers who, like any other human, make mistakes. So what cybercriminals do is sift through GitHub and look for known or reported vulnerabilities that they can use often to steal from the platforms directly,” concludes Collard.
“If the world really wants to move towards cryptocurrencies as a more accepted mainstream form of finance, the ecosystem has to sort out its security (and sustainability) challenges first. And investors or potential users need to understand the inherent risks in this market, do their best to protect their wallets, remain aware of social engineering, and stay ahead of the scams”