Cryptocurrencies must move away from crypto addresses

Disclosure: The views and opinions expressed here are solely those of the author and do not represent the views and opinions of the crypto.news editorial team.

Cryptocurrencies have been around for over 15 years, but the industry still suffers from an unacceptable Achilles heel: inadequate security. Month after month, millions of dollars are stolen in audacious cyber attacks that could have been prevented if critical flaws that leave investors exposed had been fixed.

Figures from CoolWallet to suggest that more than $200 million was stolen from cryptocurrency exchanges and defi protocols in the first three months of this year alone, and 85% of the funds stolen in this period were based on Ethereum. Meanwhile, Immunefi estimates indicate that so far in 2024, $473 million has been lost due to cyber attacks and data theft, in 108 incidents.

Defi tends to be more susceptible to exploits than centralized platforms, while hacks are more common than fraud. Focusing on May in particular, Ethereum and BNB Chain were the two most targeted networks, with both accounting for 62% of total losses.

There’s an old saying that goes something like this: “If you fool me once, the shame is yours. If you fool me twice, the shame is mine.”

The fact that the cryptocurrency industry has been defrauded 108 times in just five months is certainly shameful, especially given that cybercriminals are becoming increasingly opportunistic in bull markets. Relying on traditional security measures is woefully inadequate for the digital asset industry, and a radical rethink of how the infrastructure is designed is urgently needed.

But how would this revision translate into practice and what would it mean for end users?

The problem with cryptographic addresses

Currently, cryptocurrency holders have no choice but to rely on long alphanumeric addresses when sending funds to others.

This is problematic for a number of reasons. First, they can be a nightmare to manually enter, and the slightest typo can mean that your funds are rendered unrecoverable. And even more worrying is that many users, even those who would describe themselves as cryptocurrency experts, fail to understand the security ramifications.

There are countless incidents where unsuspecting users have lost a considerable amount of digital assets, sometimes entire life savings, through impersonation attacks or phishing attacks where thieves pretend to be someone else or another company.

A well-known example is Inferno Dish Drainera scam as a service that ran for 12 months. Victims were tricked into believing they were interacting with over 100 legitimate cryptocurrency brands and tricked into linking their wallets. Web3 protocols were also spoofed to initiate fraudulent transfers.

The lesson to be learned from these incidents is simple: if it can happen to them, it can happen to anyone, and the industry needs to focus all its energy on establishing user-centric design. Making cryptographic addresses a thing of the past and replacing them with human-readable alternatives is a critical first step.

Being able to send funds to a name rather than an indecipherable jumble of letters and numbers is not only transformative from a security perspective. It would also dramatically reduce the friction that currently exists in cryptocurrency payments and make it infinitely easier to onboard curious consumers who remain entrenched in fiat. This infrastructure would also be further strengthened by automatic and foolproof address calculations that happen in the background.

Custodial systems can also use send-to-name infrastructure, preventing phishing attacks by making it harder for companies to spoof. Attackers would also be unable to steal usernames and passwords, blocking unauthorized withdrawals of centrally held funds.

Addressing other pain points

Consigning crypto addresses to the landfill is just the first step. The industry needs to unite and accept that cross-chain integration is broken and non-existent. Each blockchain ecosystem has its preferred wallet, and moving wealth from one network to another is a convoluted and inefficient process.

While bridges have attempted to present themselves as a solution by establishing a connection between chains, these platforms have repeatedly proven to be extremely vulnerable to exploits.

Who could forget the Ronin Network Hacked in March 2022that led to the theft of a whopping $625 million in ETH and USDC? The largest cryptocurrency theft in history was orchestrated by North Korean hackers, and what’s worse, it took six days for the theft to be discovered. The bridge was protected by just nine validators, and with relative ease, the perpetrators were able to obtain the five signatures needed to begin making mass withdrawals.

A rethink is also desperately needed in the defi space, where the lack of know your customer (KYC) checks or proof of identity makes it a safe haven for money launderers, and attackers can act with impunity knowing they will remain anonymous. Done right, it can increase security and crack down on breaches without compromising the user’s right to privacy.

Every day that passes brings us closer to the next major hack that will ruin lives and further damage the industry’s reputation. For cryptocurrencies to earn the status of a legitimate financial system, change is needed now.

Michal Pospiszalski

Michal “Mehow” Pospieszalski is an experienced technology leader with a proven track record of pioneering innovative solutions in the cryptocurrency space. As CTO and co-founder of Swiss fortress and CEO, co-founder and co-inventor of MateriaFiMichal combines visionary strategy with practical technology know-how, driving both companies to define the future of digital asset management.

Fuente