When it comes to hacks, crypto is in crisis.
Immunefi pegs it at $3.9 billion lost to hacks in 2022, out of a total market cap of $934 billion. They also point out that over 80% of these losses took place in DeFi, rather than CeFi. Much of this, it turns out, took the form of targeted attacks against crosschain bridges.
This persistent bleed of digital funds out of Web3 and into the pockets of hackers may start to seem unending if you’re suffering from a touch of crisis fatigue.
Some might argue that blockchain hacks and their prevention are just an endless evolutionary battle, destined to go on throughout the development of the tech.
There is a seed of truth to this. Blockchain is a rapidly-changing, emergent technology, deeply interrelated with digital assets of real market value - inevitably a honey-pot for hackers.
New potential exploits are bound to emerge as new versions of protocols emerge. No coder, however gifted, can anticipate every potential angle of attack.
When you get into the weeds of these hacks, you start to see the truth is much simpler. Time and again crypto security has simply lagged far behind the evolution of the technological services themselves.
Backdoors have been left open, and leaks have happened due to simple human error or deliberately malicious actors. In other cases, the problem has stemmed from poor design, and from weak or absent auditing of code.
This is where Qredo comes in. We have built our secure wallet services according to the same original spirit as the great innovation which started it all — distributed ledgers.
Distributed ledgers enhance security by requiring hackers to take control of numerous nodes in order to execute a 51% attack. The more decentralized the ledger itself, the more difficult it is for hackers to attack and take control.
Qredo takes this same approach and applies it to wallet design and access. Our decentralized multi-party computation (dMPC) solution means that in order to access your funds, a hacker would have to gain access to not only one device and password/backup, but to several distributed validator nodes.
Our technology also improves on multisig wallets in a number of ways, such as eliminating the need for storage of cold wallets or private keys in secure locations, and the associated risks of loss, damage or theft.
Self-custody remains at the heart of our service provision, rooted in the values of decentralized technology. Thanks to Qredo’s unique dMPC solution, the computation needed to access a wallet is actually completed across multiple remote validators in such a way that a full copy of a private key never needs to be held in any single location.
With Qredo it quite literally is the case that the network is the vault, since our technology distributes the computation itself which is needed to unlock a wallet. If there’s no single private key stored anywhere, then it cannot be exposed to hackers by any actions taken by Qredo as an organization nor by any one user or individual acting alone.
This is Qredo’s service offering, a truly radical level of extra security in decentralized blockchain.
The recent debacle of 3Commas’ delayed acknowledgement of a data breach which exposed users’ API keys is a perfect illustration of this entrenched issue.
After first denying the possibility of a mass leak, 3Commas did eventually come out with a statement on December 28th, over two weeks after the exposure, acknowledging that some of their “users’ API data (API keys, secrets and passphrases) have been disclosed by a third party”. Crypto security site Slowmist estimates the total damage to be $20 million USD.
The elephant in the room with the 3Commas scenario is the very fact that API keys were held centrally at all. Regardless of whether they have since “limited even further” their team’s internal access to keys, it was the very practice of having central storage of API keys which created this vulnerability in the first place.
Single points of failure are always going to be targeted by hackers, who will quite rationally look for the simplest route to the money.
Private keys are still relied upon in numerous instances, and these have sometimes been phished directly from individuals, as in the recent GMX hack. Sometimes, as seems to have taken place in the 3Commas incident, keys are held centrally by a company themselves and then leaked with catastrophic consequences for investors.
The crypto sector is far from mature, and in numerous cases, vulnerabilities have remained in place through sheer carelessness, oversight, poor design or insufficient auditing of code.
In other cases, as we have seen above, the failure is simply a legacy of the current security protocols in blockchain, which are crying out for transformation.
As institutional investment continues to rise in crypto, and more TradFi entities look to onboard into the space, it becomes ever more crucial to provide secure custody and frictionless transferability of assets at scale.
This is Qredo’s overarching mission, to bring radical and powerful solutions for enhancing security in blockchain services, whilst supporting self-custody and decentralization every step of the way.
As it becomes increasingly apparent that we cannot trust centralized entities to take custody of our digital assets, and as DeFi comes under ever more relentless attacks from hackers, there has never been a time with a more pressing need for the transformative level of security that Qredo Web3 Wallets provide.
We may not be able to prevent every possible hacking event that can be dreamed up by the black hats, but transforming the underlying tech to get rid of any single points of failure will go a long way to preventing hackers from gaining access to funds in crypto.
We are proud to be leading the charge on this critical issue for the future of Web3.
If you don’t already have a Qredo Wallet, it only takes a moment to join us, but you’ll find the peace of mind remains immutable.