A $620 million hack? Just another day in crypto

To support MIT Technology Review's journalism, please consider becoming a subscriber.

An idea similar to smart contracts is all about transparency and open-source code. In practice, that often means rickety multimillion-dollar projects held together with tape and gum.

There are a few things that make DeFi more vulnerable to hacking. Anyone can look for bugs. This is a problem that does not happen in centralized exchanges.

Bug bounty programs, in which companies pay hackers to find and report security vulnerabilities, are one tool in the industry's arsenal. There is a cottage industry of audit firms that will swoop in and give your project a seal of approval. There is little to no accountability for either the auditor or the projects when hacks happen, and an audit is no silver bullet. The security firm Neodyme audited Wormhole a few months before the theft.

Many of the hacks are organized. North Korea has long used hackers to steal money to fund a regime that is largely cut off from the world's traditional economy. It has been a huge source of income for the capital city of North Korea. Billions of dollars have been stolen by the country's hackers.

A rogue state is not funded by most hackers targeting cryptocurrencies. Cybercriminals are taking shots at weak targets.

The more difficult challenge for a budding cyber criminal is to convert all the stolen money into cash or weapons. Law enforcement is here. Over the last few years, police around the world have been investing heavily in analysis tools to track and recover stolen funds.

The recent hack is proof. The FBI was able to connect the stolen currency to the wallet that was added to the US sanctions list. That will make it harder to use the bounty. The ability of law enforcement to recover and return funds to investors is still limited despite the fact that new tracing tools have started to shed light on some hacks.

Christopher Janczewski, who used to be the lead case agent at the IRS, told MIT Technology Review that the laundered money is more sophisticated than the hacks themselves.

For now, at least, the big risk remains part of the crypto game.