One of the explicit tradeoffs of decentralization is that once a private key has been compromised, there is no mechanism for individual users to revert transactions and recover stolen funds. The current state of cryptocurrencies is that they defy Silicon Valley’s user-centric philosophy, where thoughtfully designed interfaces thrive despite backend constraints. Instead, the brilliant backend infrastructure put forth by Satoshi Nakamoto is still met with under-tested, ad hoc, front-end interfaces, which at times enable hackers to steal funds of inexperienced users.
Given this new paradigm in finance combined with the irrevocability and immutability of the technology, we thought it would be of value to explore offensive penetration mechanisms employed by black hat hackers in their attempt to steal funds. We are not security experts, but we have experience with cryptocurrencies and we monitor reported incidences within the community as well as darknet forums which are the source of many of these exploits. The purpose of this report is to share some of our findings, as well as challenge some of the assumptions prevalent in the cryptocurrency community when it comes to security best practices. The following is an overview of exploits under current development and recommendations on best practices to ensure the security of your assets and private keys.
To find out how to get access to our report, please fill out a request for information form here.