Bored Ape thefts on Instagram are crypto’s latest hack headaches


    The breach of official crypto accounts has happened on Discord too. Prior to its official launch, NFT marketplace Fractal had its Discord channel infiltrated and used to spread a link to a fake token launch that stole about US$150,000 from users.

    What to do?

    Crypto scams put more pressure on social media companies to boost security measures and hash out clearer policies on how they plan to better protect users.

    When asked about these issues, Twitter, Discord and Telegram told Bloomberg that they all take action to mitigate fraud on their platforms and allow users to report suspicious activity. Meta Platforms, the parent company of Facebook and Instagram, declined to comment on crypto scams on these social media networks and the recent BAYC hack.

    Although cutting out scams is difficult, it is not impossible, according to Mr Curt Dukes, an executive vice-president at the non-profit Centre for Internet Security. Requiring users to employ multi-factor authentication to protect their accounts and introducing a patch management system that helps identify and fix security flaws can help decrease vulnerability.

    Companies can also provide better education to both employees and users on social engineering and make greater use of tools to verify that a user is human, such as adding a “Captcha” challenge requiring users to solve a puzzle or type in hard-to-read text in order to use the platform.

    Mr Musk’s plan to open-source Twitter’s algorithms “definitely gives credibility to the platform”, according to Mr Dukes. Allowing anyone to view Twitter’s code would increase the chances of a security issue being spotted, he said.

    As for cleaning out bots, there are machine-learning tools available that could be a big help for social media companies, but there are trade-offs involved, said Mr Adam Meyers, senior vice-president of intelligence at the cyber-security firm Crowdstrike. Algorithms can identify posting patterns indicative of a malicious bot account, Mr Meyers said in an interview. Doing so, though, could sharply cut overall user counts, which would not be ideal for a social media platform.

    “If you’re too good at stopping bots, then that’s going to drive that number down,” Mr Meyers said.

    Steps for start-ups

    Crypto start-ups can also take concrete steps to improve their security as scams increase, according to Ms Kim Grauer, director of research at Chainalysis. While it is common for early-stage firms in the sector to prioritise other areas over cyber security, “the industry cannot grow so long as it has this kind of ubiquitous hacking happening”, she said in an interview.

    Besides hiring security specialists, crypto platforms could undergo code audits that can help identify potential risks for users, she said. For some crypto adherents, the ultimate solution lies in Web3 – a decentralised Internet based on blockchain that proponents see as a step up from the current state of affairs, where tech companies control the biggest online platforms.

    Web3 platforms are owned and managed by users, and developers can build tools that can help with issues such as eliminating spam and verifying the identity of users. But a mass migration to a Web3 social media network is not realistic for the crypto industry, according to CertiK’s Prof Gu.

    Online communities like Crypto Twitter have helped boost mainstream adoption of NFTs and digital currencies. In addition to providing an easy way to promote projects and share information, these social media networks have earned some crypto companies millions of followers. For crypto start-ups, walking away from this kind of exposure is too big of a cost. But not taking steps to address security concerns can also exert a heavy toll.


    Source link

    Recent Articles