Update Jan 10, 5:15 pm EST: The SEC approved 11 spot bitcoin exchange traded funds.
After the hype around blockchain technology and cryptocurrency in Web3, the industry encountered its fair share of bad actors, fraud, and international scrutiny. While some believe the mix of blockchain technology and AI is coming and should interest CFOs, new data on the security of Web3 — a catch-all term for how blockchain will rewire the web — suggests the crypto industry, unlike its fledgling AI counterpart, may be making headway in eliminating fraud.
Though blockchain and crypto are still popular with bad actors, new findings from Certik, a Web3 cybersecurity software company, show cryptocurrency-related fraud dropping. The industry lost $1.8 billion to fraud and hackers in 2023, down 51% from the $3.7 billion lost in 2022.
Compromises and Exploits
Details of the last year’s fraud activity reveal large heists are a major problem. The top ten incidents accounted for $1.1 billion of 2023’s losses.
Compromises of private keys, a more complicated version of a password for accessing crypto wallets and accounts, were the most costly attacks. These breaches netted hackers $881 million in 2023 but accounted for only 6% of the number of incidents.
According to researchers, Binance’s BNB chain, a blockchain system created by Binance, whose CEO pleaded guilty in November to massive fraud and money laundering charges, saw the highest amount of fraud of any blockchain system. The system had 387 hacks, scams, and exploits, leading to $134 million in losses, an average of just below $350,000 per incident.
Experts like Christos Makridis, CEO and founder of Dynamic AI and a digital finance researcher and professor focused on blockchain technology and AI, said Web3’s problems center on a lack of internal audits, something many CFOs understand.
“The Web3 community needs to heed the caution it shares with traditional finance when it comes to security and privacy, starting with adhering to best practices and even undergoing serious audits by independent third parties,” Makridis said.
Cross-chain bridge breaches, which involve the transfer of assets between different blockchains, are another costly area that needs scrutiny. Across 35 incidents, such breaches netted hackers $799 million in 2023, said Certik. Researchers say this transaction type has been a “consistent pain point” for blockchain developers and investors.
“The Web3 audit sector suffers from a lack of independence and is still in the early days, so we need a more complete market for quality where the use cases and benefits are clear,” Makridis said.
Approaching Risk in Web3
For CFOs operating in Web3, fraud is out of their control and hinders their ability to grow their organization and develop revenue and teams of top talent.
“From a finance perspective, I believe putting the right controls and processes in place around Web3 is key,” said Erik Nakamura, CFO of Orange Comet, a Web3 gaming and entertainment company. To him, success is about being at the forefront of knowledge on industry developments and offerings, all while being extra cautious around risk approach and assessment.
“Understanding the infrastructure, how it operates, and identifying areas of risk is key,” Nakamura said. “Putting upstream and downstream controls around risk areas can help, [and] getting SOC certified or certified in other compliance areas can help with the credibility and trustworthiness of companies in the space.”
“Also, the tone at the top and culture of the companies is important,” he continued. “Understanding the space you work in and investing in the right risk mitigation infrastructure [like] people, processes, and technology is extremely important.”
Impact of ETF Decision
Despite security hiccups, the crypto industry's opportunity to expose its investment tools and coins to the world’s largest asset managers and other investors through a bitcoin ETF would be monumental. It could further crypto’s legitimacy and bring even bigger players into a space serious about countering fraud.
For Makridis, this is a step in the right direction for an industry ripe for potential growth. “The Bitcoin ETF is a big step forward because it reflects institutional adoption and sign-off on one of the earliest parts of the blockchain community,” he said.
“Even though [bitcoin’s] price has dipped, investor sentiment is high, and what matters is the evolution of prices in the months ahead — not short-term blips that might respond to other macro shocks,” he said. “Once [a] bitcoin ETF gets through, it'll be easier for other assets to enter the mix and ultimately for greater price discovery on digital assets.”
However, Nakamura sees a contradiction in the development of an ETF and its consequences. According to him, its impact on those involved in the space will be positive, but it goes against the essence of blockchain.
“I think the good part of [the ETF proposal’s potential approval] is that it legitimizes investing in the crypto space and makes it accessible to the masses. [An ETF] is like a mutual fund, so [the investor] is not overexposed/indexed to one coin. I [also] think it provides validation for the masses and helps cure some of the clickbait around blockchain.”
However, Nakamura said the blockchain community would be indifferent. “The positives I mentioned before may be offset by making it more commercial and for the masses,” Nakamura continued. “Blockchain was founded on the idea of decentralization and anonymity; this goes against that somewhat.”