How Crypto Tokens Became As Dangerous As Payment Cards Once Were

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

Last month, hackers stole approximately $100 million in cryptocurrency from the Harmony blockchain bridge. It looks like another wave from the recent storm that started nearly a year ago. In August 2021, DeFi Poly Network was breached with $600 million stolen from user accounts. Then, in February 2022, hackers stole $320 million from users of crypto trading firm Wormhole. It was followed by another breach in March when hackers pocketed nearly $600 million in crypto from an online gaming company by operating a Ronin Network crypto payment system.

For less knowledgeable users, it may seem that blockchain technology is vulnerable, which is not necessarily true. For example, some "basic" blockchain codes such as Bitcoin can still be trusted because they are based on strong cryptography and have been scrutinized by millions of users, including hackers, for several years. But new technology like Harmony needs to be in beta testing for months, if not years, before it can be considered safe.

It's amazing how people trust their money for untested and uncertified code. Traditional financial and payment software undergoes excessive testing and regulatory compliance certifications before going into production, but there are still security incidents. But crypto software is unregulated, so there are no testing or certification requirements.

It seems that crypto fintech is going through the same saga that the payment card industry experienced in the 2000s and 2010s. Meanwhile, card data breaches were popping up daily, exposing millions of records sensitive cardholder information. In many cases, hackers have sold data on the darknet to other criminal gangs for further 'monetization'. These secondary groups have specialized in creating fake plastic cards using stolen cardholder information and cashing them in through online or in-store purchases.

The payment card industry has cracked down on these security issues by creating Payment Card Industry Security Standards (PCI DSS) and forcing players such as merchants, banks, and processors to payment to follow the rules. Another robust measure to combat payment card fraud was to implement new payment security technologies such as point-to-point encryption, chips and pins (smart cards), and secure online payment processors. like PayPal.

Crypto fintech does not yet have all these security standards and technologies. Coins and tokens are as bare and vulnerable as plastic cash cards with magnetic stripes engraved with account numbers. Note: Such cards still exist, but are much more protected today. It took several years for the payment card industry to realize that an existential threat had to be fought. The latest crypto mega-breaches signal that the blockchain industry needs to recognize this and start learning from its predecessor. And users should be careful and think twice before entrusting their money to adventurous technology.

Slava Gomzin is Director of Payments and Cybersecurity at Toshiba Global Commerce Solutions and an expert in blockchain technology. He is the author of...