- We asked four crypto experts about the worst-case scenario for crypto startups.
- They listed everything from a huge attack on the blockchain to a hacker draining users’ wallets.
- Their predictions were proved true when hackers allegedly stole $611 million.
In potentially the largest hack in crypto history, hackers have allegedly stolen $611 million from cross-chain protocol Poly Network.
The protocol, which allows users to swap tokens across blockchains, announced the hack early Tuesday, tweeting out the addresses where the stolen assets were transferred. It’s not yet publicly known exactly how the hack occurred, but it’s far from the first time hackers have been successful. Over $7.6 billion worth of cryptocurrency has been stolen since 2011, according to the analytics firm Crystal Blockchain.
Four crypto experts, from founders to top venture capitalists, told Insider that hackers were by far the nightmare scenario for the industry, particularly for crypto startups.
“Just as hard as we’re working to protect our infrastructure, there’s somebody on the other side of the ledger that’s working just as hard — if not harder — to attack it,” Eyhab Aejaz, a cofounder of the crypto-insurance startup Breach, said.
Experts agreed their top concern was security holes that allow hackers to steal from the startups’ customers.
“There’s these enterprise-level cyberthefts and hacks and misappropriation of funds,” Aejaz said. “All these things are taking place that leave a really bad mark on the crypto market.”
As venture capitalists love to say, there’s a lot of “noise” in crypto right now: In 2021 alone, there’s been over $16.5 billion in venture funding sunk into crypto startups, according to PitchBook. But Aejaz said not all startups prioritized security right out of the gate.
“You have to be scrappy as a startup, so sometimes you don’t prioritize those things,” he said. “That’s just the nature of building a business that is extremely early stage.”
For startups that create their tokens, inadequate security measures could allow hackers to “mint a bunch of tokens and devalue the heck out of your crypto,” Aejaz said.
Hackers could find other security holes to exploit that allow them to drain users’ wallets, said Dan Roberts, a cofounder of Nayms, a smart-contract-powered insurance market. Companies with “hot wallets,” meaning crypto wallets connected to the internet, are particularly at risk.
These hacks happen relatively often. Earlier this year, a hacker stole $5.7 million worth of cryptocurrency from the social-token company Roll’s hot wallet, TechCrunch reported. And just last month, the blockchain protocol Thorchain lost $8 million worth of assets when a hacker implemented a custom contract that tricked the protocol, Coindesk reported.
By far, the most devastating doomsday scenario would be a 51% attack on the blockchains that support the most popular crypto coins, experts said.
A consensus of network computers must verify a cryptocurrency transaction for it to go through. So if someone could command 51% of those computers — of that mining power — they could decide which transactions to approve or reject.
If bitcoin were subject to a 51% hack, it would “shake the whole space” and compromise trust in cryptocurrencies at large, Roberts said.
Ethereum classic, a smaller offshoot of ethereum, has suffered a 51% hack several times. But it’s worth noting that bitcoin has never suffered a 51% attack. Given the coin’s significantly larger mining pool, most experts say that hackers are unlikely to ever pull one off at this point.
“Hackers have been incredibly incentivized to find all the weaknesses,” Shaun Maguire, a Sequoia Capital partner, said. “I would be surprised if there’s a core vulnerability in something like bitcoin, for example, that hasn’t already been exploited.”
Even so, as the stakes rise in the crypto world, so does the incentive for hackers to find a way to steal the money.
“Hackers are tremendously sophisticated,” Aejaz said. “These nightmare scenarios are very realistic.”