Ari Redbord’s Story to Elle Hardy
This as-told-to essay is based on a conversation with Ari Redbord, the Washington, DC, head of legal and government affairs at the blockchain-intelligence firm TRM Labs, about protecting your crypto assets from hackers. The following has been edited for length and clarity.
Before working at TRM Labs, I was a senior advisor to the undersecretary for the Office of Terrorism and Financial Intelligence at the US Treasury Department. Before that, I worked as a federal prosecutor with the Department of Justice and focused on money laundering, terrorist financing, export control, and criminal-sanctions prosecutions.
Blockchain Intelligence – TRM Labs
Blockchain-intelligence firms like TRM Labs organize and analyze on-chain data — by timestamp, currency, address, or the service used to conduct the transaction, for example — to map trends or patterns of activity or surface other attributes that might indicate risk. This gives law enforcement, regulators, and compliance professionals more visibility on real-time financial flows.
In addition, blockchain intelligence is used to trace and track the movements of funds to and from an address associated with a hack, a nonfungible-token scam, or some other exploit against a crypto business to help investigators follow the money and, in certain circumstances, work to recover it.
I believe that crypto is safe. But because it’s in its very early days, it’s likely that we’re going to see more incidents like the recent Ronin hack. Young businesses are having to deal with some very complicated issues, and it’ll improve, but it’ll take time.
Crypto/Cybersecurity Hackers highly sophisticated
The Ronin Network is software that allows users of the online game “Axie Infinity” to transfer digital assets across blockchains. The attackers used hacked private keys — passwords needed to access crypto funds — to forge withdrawals.
Most of the really successful malware attacks, whether it’s ransomware or a hack of this kind, use social engineering, a tactic that creates a sense of urgency for the victim. For example, a hacker might send an email purporting to be from your boss, saying: “I needed that Google doc back two days ago. Where is it? Click on this link and please put in your comments.” Or they recreate a family situation that they’ve identified through social media. The hacker might know who your spouse is and send an alarming email pretending to be them.
There’s a notion that phishing is throwing everything at the wall and seeing what sticks. That’s not always right. There are sophisticated, targeted attacks on people who have access to controls that an attacker wants to take over.
Beware Play-to-Earn Games, NFT Drops, and Ukraine Donations
It’s important to give to the Ukraine effort right now, but at the same time, some bad actors will try to take advantage. There’s a proliferation of scams and fraud around donations to Ukraine, such as creating a fake site where they steal your funds.
Hackers also create a sense of urgency with NFT drops, where a fear of missing out drives people. That’s a ripe opportunity for social-engineering attacks.
Four Questions to Ask Yourself When Assessing an Opportunity
To protect yourself in situations like these step back, be vigilant, and ask yourself some questions:
- Does this person, charity organization, or NFT issuer have a legit social-media presence?
- Do they have a legit website?
- Did the site disappear hours after launching?
- Are there any red flags when you type their crypto address into Google?
If your “spidey senses” start tingling, there’s usually an issue. Ensure that you’re transacting only with entities you have faith in.
How to Protect Your Crypto Wallet or NFT Investment
For example, in cases of NFT rug pulls — where creators of an NFT artwork or game abruptly shut down the project, make away with the project funds, and disappear — here are some things you can do to protect yourself:
- Create a new burner wallet with only the estimated amount required for NFT purchases and fees.
- Refrain from keeping your investment portfolio in the same wallet you plan to purchase an NFT from.
- Remove auto-approve on your wallet and consider implementing the auto-lock timer.
- After the NFT purchase, revoke access to all trusted apps.
- Consider using a hardware key for enhanced security.
- Don’t search Google or other websites for the NFT-drop link — use only verified accounts or domains provided directly by the NFT company.
- Don’t click any links in Discord chats or download any files that claim affiliation with the NFT-drop team.
- Never “side-channel” in a separate Discord server or encrypted chat app at the request of someone claiming to be customer support or responding to social-media threads.
- Never show your secret recovery phrase to anyone offering to provide assistance.
Crypto Businesses Must Focus on Cybersecurity
It’s more critical than ever for cryptocurrency businesses to harden cyberdefenses against social engineering and other attacks.
In terms of scams or frauds involving cryptocurrency, it’s important that users remain vigilant as they would any time they’re sending funds — just like you would anytime you’re transacting with an unknown entity.
The Ronin hack was a unique situation, but we saw some general vulnerabilities displayed. Businesses should educate employees against social engineering and harden their cyberdefenses because that’s the only way to stop these attacks from happening.
Transaction Data Accessible to Anyone on the Blockchain
Blockchain-intelligence tools like mine can track the flow of funds in case of a hack for law enforcement of other institutions. The US government recently seized $3.6 billion in bitcoin stolen in the 2016 Bitfinex hack and has recovered much of the funds paid in the Colonial Pipeline ransomware attack.
Privacy is going to become more and more critical as more financial activity occurs on an open ledger. The nature of blockchain — the open and distributed ledger on which tokens can be sent — means that each transaction is verified and logged in a shared, immutable record, along with the timestamp of the transaction and the addresses involved. This data from the public blockchain is accessible to anyone on the blockchain.
For example, when a terrorist organization posts a crypto address on social media to solicit donations, that address is tagged in a blockchain-intelligence tool like TRM Labs as being connected to terrorist financing. This allows a cryptocurrency exchange to flag any transactions involving that address, assess the risk, and take any action that may be required of them based on regulatory requirements.
With the Ronin hack, almost $600 million is sitting in a wallet address that belongs to the hacker. The world is watching, and not just law enforcement — blockchain-analytics companies like TRM, the crypto Twitterverse, and all kinds of people.