Crypto Security: The Difference Between Hacking and Scamming

Author: Haotian, Crypto Observer Source: X (Twitter) @tmel0211

I see that there are always people talking about hackers, thinking that hackers use the currency circle as a cash machine, dragging down the development of the Crypto market. This sentence cannot be wrong, but the evil of hackers is far inferior to the ugliness of human nature in the currency circle. of poison. From the perspective of a security practitioner, let me share my opinion.

1. The threshold for hacker attacks has been raised. In the past 18 years, various types of contract additional issuance attacks, overflow attacks, replay attacks, rollback attacks, random number attacks, etc. are gradually “disappearing” because of the block The power of chain white hats has grown into an unstoppable iron army. With their continuous contribution, the overall code quality of the industry has improved, security awareness has also been cultivated, and the threshold for hackers to attack has also been raised. If hackers in today’s Crypto market want to succeed in their attacks, they have to do more rigorous vulnerability research and find more comprehensive attack scans, or look for breakthroughs in more upstream server providers. The “investment” in successful attacks is slowly increasing. If a project does not disclose any details of the attack and just lightly mentions a hacker attack, you may have to doubt the “hacker” attribute here.

2. In the past year, we have seen too many private keys being exploded, contract permissions being controlled, Oracle price attacks, multi-signature being breached, governance token attacks, reserved backdoors, Rugpull, etc. To be honest, there are many security incidents. At first glance, it seems magical. How can xx projects have xx minor problems, and how can cold wallets be attacked? The mentality of asking this question is really out of respect for the “technology” of the blockchain, because I really don’t want to put these strange things into practice. Weird magical security incidents are classified as human bugs. However, when these soft escape behaviors that are good at using hackers to hide their eyes become a trend, it will be the biggest tragedy in the encryption circle. After all, technical bugs are easy to remove, but human bugs are difficult to fix.

3. Incomplete statistics: phishing, fund fraud, etc. have long surpassed hacker attacks to become the biggest poison in the Crypto industry. Pure hacker attacks can be divided into smart thieves and stupid thieves. If you encounter some that have many loopholes left behind, let me shout out from a distance. Maybe you can still get a refund, after all, you can actually get some judicial protection by illegally profiting from hacker attacks such as Trojan horse implantation. However, most people can only regard fishing and fund trading as “cognitive taxes”, and there is really no way to do anything about it. Because those who set traps in batches to commit fraud and those who research vulnerabilities and exploit them are essentially two groups of people. Hackers may find it fun and succeed in the attack, but the situation is very different for those who professionally exploit human vulnerabilities to commit fraud.

4. The Mixin incident worries me more than previous hacker attacks because of its user profiles. Most of its audience comes from masters’ open classes, from OG believers, from early adopters who sign in to receive Bitcoin, and from regular investors who work hard to win a share of the future. **They are all fresh blood of newly onboard, very It may become the backbone of the future bull market. Now, after being beaten with a hammer, they may have no choice but to go back to the factory to drive screws, start riding the e-mule again, and leave the field that gave them a little illusion with anger, and by the way, the stereotype that “the currency circle is a scam” Once again, exponential amplification. The “course fee” to join the crypto community is too expensive. **

5. Mass Adoption has been called for many years. Whether it is ERC-4337 account abstraction, MPC multi-signature scheme, or Intent-centric, everyone originally has a common belief: lowering the threshold for user participation. What about private key sharding, email registration, social recovery, and automatic program execution? Well, it sounds cool, but why does it look like a liar? Although it is extreme, it reflects an objective fact. If someone uses words that most people can understand to reassure most people, then that person may be the most uneasy. After Mixin, I can’t say absolutely. Most projects doing Mass Adoption may be implicated. Science bloggers will have to work harder to recharge their faith in Crypto. This is an abominable evil of human nature.

Over the years, Crypto technology has grown, security defenses have been strengthened, the regulatory environment has become more and more complex, and the evil of human nature has become more and more intense. However, optimism is also a manifestation of the growing strength of the Crypto world. In the final analysis, it still remains the same. Quote: There is only one kind of heroism in the world, which is to still love life after recognizing the truth of life.