Last week, on 19th August 2021, the leading Japanese cryptocurrency exchange Liquid was targeted by hackers. That managed to steal an estimated $97 million (£73m) in crypto. As cryptocurrencies continue to grow in popularity. It’s unsurprising that they’ve caught the attention of opportunistic. Cyber hackers want to steal their own piece of the crypto pie.
It is, however, not the first major crypto hack we’ve seen this month. Just nine days prior, hackers stole more than $600m (£433m) of digital tokens from Poly Network. Decentralized finance (Defi) firm and platform in what has been considered the biggest hack in cryptocurrency history. The attack happened after a hacker discovered a vulnerability in the network. But in a strange turn of events, the hacker has since returned nearly all of the funds and even turned down a reward. However, more than $200 million remains locked in an account that requires a password from the hacker.
But not all hackers have a change of heart. And, so far it seems like the Liquid hacker is holding on tight to his bounty!
How did the hack happen?
According to a statement published on Liquid’s blog, what they’re calling the ‘warm wallet’ incident was first spotted by the company. Operations and Technology teams detected unauthorized access to some of the crypto wallets they managed. In a matter of minutes, they had lost control of tens of millions of dollars in top crypto assets. Including Bitcoin, Ethereum, Tron, and XRP. Luckily, the crypto community and other exchanges were able to disable and freeze a portion of the stolen assets.
Whilst the results of the attack are clear, Liquid is yet to reveal exactly how the breach occurred to its wider users. However, a translated Japanese blog post by Liquid about the incident. They claim the hacker targeted a multi-party computation (MPC) wallet. MPC is an advanced cryptographic technique where the private key controlling funds are generated collectively by a set of parties. None of them can see the fragments.
Read Also: The New Funding Model of Crypto Exchanges Attracts the Investors
How did Liquid react to the hack?
Naturally Liquid did everything it could to protect crypto users. By halting all crypto withdrawals and requesting users to put a pause on depositing any crypto assets into their Liquid wallets. Until given the all-clear. Fiat withdrawals and deposits remained available. As well as other services on Liquid such as trading and Liquid Earn – a way of earning rewards on your crypto balance while continuing to trade.
Like any good crypto platform. They also took to Twitter to update their users and the huge online crypto community on the breach with the following statement: “We are sorry to announce that #LiquidGlobal warm wallets were compromised, we are moving assets into the cold wallet.”
Liquid has continued to share updates on its blog. Since the incident has revealed that it has heightened. Its security measures and would be migrating its assets to tested and more secure. New MPC vaults – which are still underway. They are also liaising with external vendors to validate the security of the infrastructure. Further in a bid to make sure a breach like this doesn’t happen again.
Thankfully Liquid exchange users won’t suffer any losses. The platform is in the process of gradually restoring its services to how they were before the attack.
Is the attack cause for concern?
The short answer is: yes. As Defi continues to grow and become more popular. We’re definitely going to see more attempts by hackers to find vulnerabilities in the security infrastructures of cryptocurrency exchange platforms. It’s inevitable.
This isn’t the first cryptocurrency attack. It certainly won’t be the last. The liquid was lucky this time and it seems like they’re putting the correct measures in place to tighten up their security. But it begs to question whether they are doing enough?
What the crypto world needs are long-term solutions. That is not only going to protect them from the current threats. But also future ones like quantum technology. If cryptocurrencies want to remain prosperous. Then the blockchains they rely on need to be upgraded with encryption that’s permanently quantum-safe. A solution that creates on-time zero-trust using something like symmetric encryption keys at endpoints would be ideal.