Crypto needs to move away from crypto addresses | Opinion
07/12/2024 20:08When done right, it is possible to ramp up security and clamp down on breaches without compromising the user's right to privacy.
Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.
Cryptocurrencies have existed for over 15 years, but the sector still persistently suffers from an unacceptable Achilles’ heel: inadequate security. Month after month, millions of dollars are stolen in audacious hacks that could have been prevented if critical flaws that leave investors exposed were fixed.
Figures from CoolWallet suggest that more than $200 million was stolen from crypto exchanges and defi protocols in the first three months of this year alone—and 85% of the funds swiped over this period were based on Ethereum. Meanwhile, estimates from Immunefi indicate that $473 million has been lost to hacks and rug pulls so far in 2024 across a staggering 108 incidents.
Defi tends to be more susceptible to exploits than centralized platforms, while hacks are more common than fraud. Zooming in on May specifically, Ethereum and BNB Chain were the two most targeted networks, with both representing 62% of total losses.
There’s an old saying that goes like this: “Fool me once, shame on you. Fool me twice, shame on me.”
The fact that the crypto industry has been fooled 108 times in just five months certainly is shameful—especially considering cybercriminals always become more opportunistic in bull markets. Relying on traditional security measures is woefully inadequate for the digital assets sector, and a radical rethink of how infrastructure is designed is urgently needed.
But what would this overhaul look like in practice, and what would it mean for end users?
The problem with crypto addresses
Right now, crypto owners often have no choice but to rely on long alphanumeric addresses when sending funds to others.
This is problematic for multiple reasons. For one, they can be a nightmare to enter manually—and the slightest typo can mean funds are rendered irretrievable. And even more worryingly, many users—even those who would describe themselves as deeply experienced in crypto—fail to understand the security ramifications.
There have been countless incidents where unsuspecting users have ended up losing a substantial amount of digital assets, sometimes their entire life savings, through impersonation attacks or phishing attacks where thieves pretend to be someone else or some other business.
One notorious example is Inferno Drainer, a scam-as-a-service that was in operation for 12 months. Victims were duped into believing they were interacting with more than 100 legitimate crypto brands—and enticed into connecting their wallets. Web3 protocols were also spoofed to initiate fraudulent transfers.
The lesson that needs to be learned from such incidents is simple: if it can happen to them, it can happen to anyone—and the industry needs to focus all of its energy on establishing user-centric design. Making crypto addresses a thing of the past, and replacing them with human-readable alternatives, is a vital first step.
Being able to send funds to a name rather than an indecipherable bunch of letters and numbers isn’t just transformative from a security standpoint. It would also dramatically reduce the friction that currently exists in crypto payments and make it infinitely easier to onboard curious consumers who remain rooted in fiat. This infrastructure would also be reinforced further by infallible automated address computation taking place in the background.
Custody systems can use send-to-name infrastructure, too—preventing phishing attacks by making it harder to spoof businesses. Attackers would also be unable to steal usernames and passwords, stopping the unauthorized withdrawal of centrally held funds.
Tackling other pain points
Consigning crypto addresses to the scrap heap is only the first step. The industry must come together and accept that cross-chain integration is broken and doesn’t exist. Every blockchain ecosystem has its own preferred wallet, and moving wealth from one network to another is a convoluted and inefficient process.
While bridges have attempted to position themselves as a solution by establishing a connection between chains, these platforms have repeatedly proven themselves to be devastatingly vulnerable to exploits.
Who could forget the Ronin Network hack in March 2022, which led to a staggering $625 million in ETH and USDC being stolen? The largest crypto heist in history was orchestrated by North Korean hackers—and worse still, it took six days for the theft to be noticed. The bridge was secured by just nine validators, and with relative ease, those responsible managed to get the five signatures required to start making mass withdrawals.
A rethink is also desperately needed in the defi space, where a lack of know your customer (KYC) checks or proof of identity makes it a safe haven for money launderers—and attackers can act with impunity knowing that they’ll remain anonymous. Done right, it is possible to ramp up security and clamp down on breaches without compromising on the user’s right to privacy.
Every passing day takes us closer and closer to the next big hack that will ruin lives and further damage the industry’s reputation. For crypto to earn its status as a legitimate financial system, change is needed now.
Michal “Mehow” Pospieszalski is a seasoned tech leader with a track record of pioneering innovative solutions in the crypto world. As the CTO and co-founder of SwissFortress and CEO, co-founder, and co-inventor of MatterFi, Michal merges visionary strategy with hands-on tech know-how, propelling both companies towards defining the future of digital asset management.