Vital lessons we can learn from crypto heists 

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

This article was contributed by Kay Khemani, managing director of

When you look around the public sphere — billboards, buses, subway stations, and your very smartphones — it’s clear from the barrage of cryptocurrency advertisements that the industry has officially gone mainstream. In fact, since 2019, global crypto adoption has skyrocketed 2300%, up 881% in the last year alone.

As astonishing as this growth is, it has also opened up new avenues for criminals to exploit loopholes and flaws present in various protocols and consensus mechanisms. Figures from Crypto Head show that 32 hacks and incidents of fraud amounting to $2.9 billion have occurred in 2021. In the U.K. alone, the amount of money reportedly lost to cryptocurrency fraud in 2021 amounts to over £146M — a 30% jump from 2020.

Incidents like these crypto heists do nothing for building trust amongst the uninitiated. Considering these events, it is increasingly essential that both companies and regulators attempt to learn from these misfortunes to improve their policies and project development going forward.

Re-evaluating crypto heist priorities

Despite being a nascent industry, the competitive nature of the crypto space often forces organizations to cut corners to achieve incredible growth. This method often leads to long-term endangerment, as we’ve witnessed with Binance Europe’s recent suspension of futures and derivatives products across Italy, Germany, and The Netherlands.

Such setbacks might present more uncertainty for the entire industry, which could lead to less investment appetite from institutions and consumers — further hampering progress.

Instead, companies need to sacrifice immediate growth prospects for a law-abiding (albeit slower) long-term growth strategy. This would focus on meaningful and measured development to prove that crypto investments are legitimate.

The devil is in the details

In 2021, the crypto world was left reeling by an attack on Polynetwork, a platform connecting separate blockchains to facilitate easier transactions. The hacker made off with over $600 million in funds, making the attack the largest crypto heist in history.

In addition to their increasing frequency, the scale of crypto heists has surged at a startling rate over the past year. Data from Comparitech demonstrates that five of the ten largest heists have occurred in the last 12 months. Based on the evidence of previous attacks, criminals tend to focus their efforts on DeFi services and crypto exchanges, as witnessed in the cases of Bitmart, Badger DAO, AscendEX, Coinbase, ChainSwap, and more.

The open-source and public nature of blockchains presents a vulnerability that hackers can exploit, no matter how rigorous the audit. Any and all potential system liabilities are visible on the open-source blockchain. This was the situation with Cream Finance, where hackers took advantage of a kink in the platform’s lending solution to steal their assets.

Similarly, criminals have also been exploiting flaws in smart contracts, most recently with DeFi protocol MonoX which saw hackers escape with $31 million. While a recent survey discovered that the popular blockchain, Ethereum, harbors several vulnerabilities through its smart contracts. As such, preventative measures and deterrents for hackers typically rely on making the cost of an attack disproportionate to the reward.

Tragically, the decentralized nature of crypto exchanges and blockchain platforms ensures consumers are stranded without a suitable safety net in the event of a hack or crypto heist, leaving them at the mercy of the hackers or companies to get their money back. This, however, shouldn’t come as a surprise, because blockchain technologies prevent the reversal of fraudulent transactions, as is the norm with centralized financial institutions like banks.

The motivation for carrying out hacks and crypto heists can vary, with some being executed non-maliciously as was the case for the Poly Network hacker, who claimed to go through with it “for fun” (and did, in fact, return the stolen funds in full). However, most are conducted with the intention of permanently siphoning off funds, leaving enduring damage and a lasting bad taste in the mouth of the consumer. As such, crypto companies should be invited by regulators to collaborate on remedies for security flaws. Strategic initiatives against cybercrime should be developed in unison between the public and private sector, investing in mutually beneficial solutions so the whole industry can mitigate the impact of cyberhacks.

Crypto heists: It takes two to tango

Having said all that, regulators’ responsibility is paramount in this conversation. The fast-paced growth of the crypto industry has left several regulators scrambling to decipher its potential, utility, and risks. Most regulators are acting with the intent of protecting consumers and draft guidelines accordingly. While necessary, this could potentially inflict more harm than good if conducted without due diligence and industry correspondence.

Regulators need to understand that not every player is a bad actor operating with malicious intent. Policymakers will greatly benefit from consulting with influential crypto corporations to draft clearer regulations, just as Capitol Hill and White House regulators did with Andreessen Horowitz earlier this year. This collaboration would in turn mitigate the very scams and hacks they’re attempting to protect consumers from.

In addition, ignoring companies who are actively seeking resolution and clarity on regulatory matters remains unproductive. If regulators insist on arbitrary or lackluster laws, investors and startups will have no choice but to relocate their projects to a jurisdiction with progressive regulations, as we’ve seen in the case of firms leaving China in the wake of the country’s crypto crackdown.

Additionally, there is often confusion as to which regulatory body within a given country has the power to govern the industry.  Crypto assets oftentimes have various models or classes, and can sometimes behave as a commodity and as a security. It is also worth noting that regulations drafted by influential nations, such as the U.S. and China, will likely be emulated in emerging markets, which puts a greater impetus on the former to draw up suitable guidelines and set the stage for the industry’s future prospects.

Vast potential to be unlocked

Regulations are designed to protect both companies and investors: if they’re not accomplishing this, then they’ve most likely been improperly drafted. A well-regulated market should eliminate fake buy and sell orders, making ‘pump and dump’ actions harder to get away with and helping ensure an accurate valuation of a cryptocurrency’s worth.

There’s undoubtedly a fine line between protecting consumers from the volatility and risk associated with crypto, while also encouraging innovation, adoption, and entrepreneurship. The nascent crypto landscape could be likened to the early years of smartphone adoption: when former Apple Co-Founder and CEO Steve Jobs unveiled the original iPhone in 2007, many people were dismissive and critical of the device. And look where we are now. Apple unlocked a new ecosystem and devised novel use-cases centered around the smartphone, and it’s now difficult to imagine our lives without these devices.

While nobody can accurately predict how the crypto markets will play out, there is an argument to be made that we are yet to see the best iteration of the technology. The implementation of measured crypto regulations will enable innovative companies to move to the next phase of legitimacy and adoption. Ultimately, the ball is in the regulator’s court.

Kay Khemani is managing director of

Originally appeared on: TheSpuzz