The annual losses from cybercrime continue to rise, and experts believe that while blockchain technology may not be a complete solution, its widespread adoption could definitely contribute to addressing the issue.
Cybercrime takes various forms, such as ransomware attacks, identity fraud, data theft, and phishing campaigns. According to Cybersecurity Ventures, global losses from cybercrime are projected to reach $10.5 trillion annually by 2025.
The first decentralized blockchain, Bitcoin (BTC), was introduced in January 2009, along with its associated cryptocurrency. The technology incorporates security features like cryptography, decentralization, and consensus.
Ronghui Gu, co-founder of blockchain security firm CertiK, describes blockchain as “at its core, a security technology.” He believes that industries heavily reliant on data integrity, such as healthcare and finance, can benefit from blockchain adoption by enhancing security measures. For instance, storing patient records on a blockchain can minimize data breaches and unauthorized access while giving patients more control over their information.
Some companies have already started utilizing blockchain for storing and managing medical records. In fact, one company even released a COVID-19 medical certificate on the blockchain.
Gu points out that the centralized nature of conventional data storage systems makes them attractive targets for cyber attackers. Moreover, many existing systems lack mechanisms that allow individuals to verify how their data is being used. Blockchain and Web3 technologies address these issues by decentralizing data storage and reducing the risk of centralized failures and unauthorized access.
CertiK’s “Hack3d: The Web3 Security Report” for 2023 revealed that over $1.8 billion in digital assets were lost in 751 Web3 security incidents in that year. While Gu acknowledges that blockchain technology is not immune to cyber attacks, he highlights its decentralized nature, which offers stronger security. Changing a distributed ledger would require a hacker to control more than half of all machines, making it nearly impossible to alter data once it is entered. Each transaction is secured using powerful cryptography, ensuring that only authorized individuals can act on behalf of an address.
According to data from Statista, investment scams resulted in the highest losses in the United States last year, followed by business email compromise and fraudulent tech support correspondence. These attacks often involve requesting victims to send funds to scammers, leading to financial losses and the exposure of sensitive information. Gu believes that smart contracts can help reduce the success rate of these common cyber attacks. Smart contracts are transaction protocols designed to automatically execute actions based on the terms of the agreement. By ensuring that transactions are executed only when specific conditions are met, smart contracts can minimize the risk of fraud in the financial industry and automate compliance tasks.
Gu acknowledges that completely eliminating all cybercrime is not realistically achievable as the field of cybersecurity constantly evolves. He notes that a significant portion of cybercrime exploits human errors, such as weak passwords and phishing scams, which cannot be completely eradicated through education. Furthermore, as long as there are incentives, financial or otherwise, individuals or groups will engage in criminal activities. Statista data predicts that the funds stolen from cybercrime victims will exceed $13 trillion by 2028.
Instead of aiming for complete elimination, Gu believes the focus should be on minimizing cybercrime and mitigating its impacts through resilient infrastructures and informed users. He emphasizes the need to strike a balance between preserving the benefits of decentralized technologies and protecting against their inherent risks.
Johann Polecsak, co-founder and CTO of QANplatform, emphasizes that while blockchain alone is not a silver bullet against all cyberattacks, it can enhance security in specific sectors. Effective implementation can narrow down failures to key-management issues, which can be mitigated using hardware-based signing tools.
Eskil Tsu, co-founder of GoPlus, a decentralized security data and service network, believes that blockchain is the only solution to reduce cybercrime. Its inherent properties of decentralization, transparency, and immutability can significantly mitigate risks and reduce the surface for online attacks.
Fraser Edwards, CEO of Cheqd, decentralized data infrastructure provider, sees great potential for blockchain technology in preventing cyberattacks, particularly phishing and impersonation scams. Phishing remains the most common email attack method, accounting for 43.3% of all email threats, according to a report from Hornetsecurity. Edwards highlights that decentralized identity and credentials, often built on blockchain, can have a significant impact on reducing cyberattacks. He also suggests that blockchain technology can combat emerging scams and cyber threats, including those utilizing artificial intelligence.
The rise of deepfakes, AI-generated content that can mimic reality, has raised concerns about potential cybercrimes. Deepfake scams have already defrauded companies, including one in Hong Kong losing $25 million. Edwards proposes that blockchain technology can address these issues by implementing decentralized identifiers (DIDs) and credentials. DIDs are globally unique identifiers that can be resolved with high availability and verified cryptographically. By requiring the correct signature from the wallet or device storing the credentials, DIDs can automatically enforce two-factor authentication and prevent AI-generated content from being used fraudulently.
In conclusion, while blockchain technology may not be a complete solution to cybercrime, its adoption can contribute to enhancing security measures, decentralizing data storage, and reducing the risk of centralized failures. Smart contracts can help reduce the success rate of common cyber attacks, and decentralized identifiers and credentials can mitigate emerging threats like deepfakes. The goal should be to minimize cybercrime and its impact through resilient infrastructures and informed users, striking a balance between preserving the benefits of decentralized technologies and protecting against their inherent risks.