Blockchain security companies tackle cryptocurrency theft, ransom tracing

According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today’s value.

Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency, Web3 (a decentralized view of the web that incorporates blockchain technologies and token-based economics), and blockchain-related organizations are growing bolder and more lucrative for malicious hackers even as the value of cryptocurrencies stagnates. This month alone, Binance saw its BNB chain drained of $586 million, close to the all-time most significant cryptocurrency theft of $624 million from the Ronin Network in March 2022.

The threat actors in these and other instances likely didn’t keep all or even most of the astonishing amounts stolen but, in many cases, are increasingly granted handsome “bounties” in exchange for a return of some or most of the missing funds. Avraham Eisenberg, the man behind a $114 million exploit on Mango Markets in mid-October, got to keep $47 million of his allegedly ill-gotten gains in exchange for returning $67 million to the project.

A new crop of cybersecurity companies has emerged

The mind-boggling amount of money generated from crimes against an array of digital finance segments has no real parallels in the traditional cybersecurity world, which has yet to amass the expertise needed to discover, track, and remediate security incidents in the blockchain space. Part of the reason conventional cybersecurity professionals are reluctant to devote resources to the digital currency arena is the belief among many top experts that cryptocurrencies are little more than financial fraud, an opinion they feel is borne out by the current collapse in the cryptocurrency market.

Against this backdrop, a new crop of security companies has emerged to help Web3 firms cope with the chronic crime and assist law enforcement in tracing stolen currencies and currencies paid to ransomware attackers. And these companies are garnering increasing amounts of venture funding capital despite the crypto crash.

Chainalysis, for example, which offers real-time anti-money laundering and compliance software for cryptocurrencies, has raised hundreds of million in venture capital through six funding rounds to reach a valuation of $8.6 million. Another top firm, cryptocurrency protection company FireBlocks, has raised nearly $1 billion in five funding rounds to get a valuation of $8 billion. Blockchain security company CertiK has raised over $300 million across eight funding rounds to reach a valuation of $2 billion.

“This proliferation of blockchain technology is the continued expansion of the overall attack surface and environment that attackers will continue to manipulate and extract data from,” Richard Seewald, founder and managing partner of Evolution Equity Partners, a significant investor in both cybersecurity and blockchain security companies, tells CSO.

Despite their divergences from traditional cybersecurity companies, the new crop of Web3 security companies still relies on the tried and true strategies of the conventional sector. “While we are in the early days of development of blockchain native security platforms, the security strategy for enterprise blockchain includes the use of traditional security controls and technology-unique controls including identity and access management, key management, data privacy, secure communication, smart contract security, transaction monitoring, threat intelligence, amongst others,” Seewald says.

Blockchain security requires different skills

Still, the nature of the Web3 world, which only partially overlaps with the skillsets that traditional cybersecurity companies employ, requires new approaches to protecting against malicious actions. Standard cybersecurity tools are essential in the blockchain world because “you need to understand code, you need to understand malicious code,” Chen Arad, co-founder, and COO of crypto-native risk monitoring and market surveillance company Solidus Labs, a beneficiary of Evolution’s financing, tells CSO.

“You also need to understand a token, a smart contract on a blockchain, which is at the end of the day just code, and if it’s malicious, you need to be able to detect it at scale,” Arad adds. “You need to know if it has the characteristics of a rug pull [where a developer creates a cryptocurrency or NFT project and then absconds with the funds], which is a combination of cyber and, let’s call it, crypto-economics.”

Arad also points to a new crop of crypto-specific threats that his company sees, “things like wash trading [where a trader buys and sells the same security] and spoofing and phishing attacks, which we know from traditional finance, but can take place in new sophisticated ways in crypto, all the way to, the most bleeding edge pieces in the fully decentralized part, things like block level front running [manipulating the process to gain knowledge of upcoming transactions], rug pulls, and composability attacks [exploits of Web3’s ability to combine existing components and reassemble them to create new products].”

Mircea Mihaescu, CEO of cryptocurrency risk management company Coinfirm, tells CSO he thinks blockchain security and cybersecurity share the common characteristic of being technically complex. “Traditional cybersecurity versus blockchain cybersecurity, they’re very similar at the fundamentals in the sense that they’re both very complicated, technically.”

“People that work in the blockchain field need to understand many things, have very solid computer science backgrounds and learn a lot,” Mihaescu says. “The number of talented people that work in cryptocurrencies, and lately what’s called Web3, has skyrocketed.”

Ill-gotten cryptocurrency tracing is a new focus

Web3 security firms are also emerging as critical players in helping law enforcement track currencies paid to ransomware attackers. In 2021, the US Justice Department traced $2.3 million of the $4.3 million paid by Colonial Pipeline as it moved through at least 23 different electronic accounts belonging to the DarkSide ransomware gang. However, the DOJ offered few details on how it accomplished this feat.

Elliptic, which pioneered the use of blockchain analytics for financial crime compliance and received investment from Evolution, recently launched a product called Holistic Screening, which allows for the proceeds of crime to be automatically traced across all blockchains and cryptocurrency assets concurrently.

“Blockchain analytics companies such as Elliptic follow the money when cybercriminals exploit cryptocurrencies,” Dr. Tom Robinson, co-founder and chief scientist of Elliptic, tells CSO. “Our holistic screening and investigations tools are used to follow the proceeds of hacks perpetrated by North Korea or ransomware attacks by Russia-linked cybercrime groups, as they are laundered through different crypto assets and blockchains.”

The same kind of tracing can apply to stolen cryptocurrencies. Mihaescu says that his firm’s technology can “start from a transaction hash from stolen crypto and take it all the way across blockchains, sometimes tens of thousands of addresses created for the purpose of hiding the path of movement of stolen crypto to where it stands. We can show it’s on this address, and either law enforcement or the lawyers representing the victim can go and make legal attempts to retrieve that money because we prove exactly where it ended.”

Blockchain is here to stay

Contrary to the notion that blockchain and cryptocurrencies are the modern-day equivalents of a Ponzi scheme, investors and companies working in the Web3 arena think these technologies are here to stay. “There’s no question that crypto is here to stay one way or another,” Arad says. “We, like most people in this industry, believe that it provides an incredible opportunity to make finance more equitable, more transparent, more accessible.”

Blockchain has the potential to benefit the unbanked, including “a lot of people in places like America and Europe who still have access issues,” Arad adds.” It’s still easier to get access to a phone than to a bank for many people.” But, “it’s become very clear that all of this potential will not be fulfilled if we don’t find ways to mitigate the new risks without taking away the prowess of the technology.”

“There are, at last count, about a trillion dollars in fiat currency in digital assets,” Mihaescu says. “There are 30,000 entities active on blockchains. There are 200 million people that bought or sold cryptocurrency. So, they need protection, and the protection needs to go beyond, ‘Oh, it’s a scam.’”

In terms of the billions in cryptocurrency exploits the market has experienced over the past few years, Mihaescu, who comes from a banking background, including a stint as head of capital markets for the Bank of Montreal, says the traditional financial marketplace is likewise rife with thefts and scams but is more closed and hidden about this activity.

“If a hacker successfully penetrates a bank and steals a lot of money from it, you’ll not see it anywhere,” he says. “That information is not seen. There is this discrepancy in the level of transparency between the two worlds. You’ll not see bank robber statistics. You’ll not see bank hacking statistics, not publicly anyway. Maybe the FBI and the Met [police in the UK], they know them. Most likely, they do. They are not known by the public at large.”