The Intelligent Insurer #42 — Hackers use privacy tools to compromise DeFi investors
The DeFi industry is predicated on ensuring secure financial access for everybody, irrespective of their means or location. However, hackers and malicious actors have compromised this goal by turning privacy-centered solutions against users by using cryptomixers to anonymize their attacks. This trend is becoming rampant, creating risks for crypto and DeFi users worldwide.
In the latest Intelligent Insurer, we analyze how cryptomixers are used and how hackers are preventing DeFi’s aims from being realized. We also look at how users can protect themselves from losing their funds to such attacks. However, we’ll first highlight the progress we’ve made via our weekly software development update.
Insured Finance software development update
We continue to make rapid progress as our next-generation digital asset insurance platform evolves to serve DeFi investor needs. This past week, we made further improvements to our platform which broadly enhances overall user experience. In addition, we also made specific progress in the following:
- We closed our Alpha release testing with our user base and are in the process of collecting and summarizing feedback. The development team is poised to process this feedback and transform them into platform improvements.
- We expanded the number of stablecoins that are supported on our platform.
- We continued testing our new landing page and token faucet and are conducting deep reviews of the same.
As 2021 draws to a close, we’d like to highlight our project’s roadmap to illustrate what users and investors can expect.
- Our broad goals for 2022 and 2023 are to achieve product to market fit and increase the number of $INFI token holders.
- To this end, we’ve targeted the end of Q4 2021 for our Beta release that includes major security and functionality updates.
- Q1 2022 will be devoted to in-depth research of further functionality in blockchain gaming and NFTs.
- In Q2 2022, we expect to prioritize initiatives that will increase the number of $INFI token holders.
- We are also targeting this time period for the Mainnet release of the Insured Finance P2P Marketplace and Token Bridge.
We have every reason to believe these timelines are realistic, thanks to the immense progress we’ve already made. We affirm our commitment to providing users with an optimal and secure experience. As digital asset insurance solutions become more important than ever, we’re poised to become the market leader in this space.
Cryptomixers turn privacy against investors
Cryptomixers are designed to introduce near total anonymity to cryptocurrency transitions. These tools obfuscate the origin of transactions, making it impossible to link or trace the source on the blockchain. Cryptomixers were originally developed to anonymize user transactions from KYC-enabled exchanges, providing users a method to increase the privacy of their online financial activities.
These tools allow users to send cryptocurrency to a wallet owned by the mixer, where it is pooled with other users’ coins. In turn, the user receives a mixing code that identifies the number of coins they own in the pool, while the pool joins the blockchain. Once the transaction completes, the user receives the same number of coins from the mixer’s pool, minus a service fee. Thus, the trail of the original coins is lost and no one can track any user’s financial activities. Tornado Cash is an example of a cryptomixer, along with Absolutio, AudiA6, Blender, and Mix-BTC.
Despite these original aims, cryptomixers feature prominently in cyberattacks and ransomware incidents. For instance, in August 2021, a Japanese cryptocurrency exchange Liquid was hacked, with $97 million stolen. The hacker used Tornado Cash to obfuscate the origin of a significant portion of the funds. Similarly, Tornado Cash was used by the Bilaxy exchange hacker with $450 million misappropriated.
The rising use of cryptomixers has not gone unnoticed with some mainstream cybersecurity experts claiming these services intentionally aid hackers and cybercriminals. Cybersecurity research firm Intel 471 noted recently that cryptomixers keep “the criminal underground liquid through the trade of illicit goods and services”.
Is cryptomixing hampering DeFi adoption?
Cryptomixers threaten to damage Defi’s reputation by offering easy anonymity tools to malicious actors. Some observers argue that they enable ransomware attacks thanks to their lack of accountability. However, an equal number of observers argue that cryptomixers are merely a tool and that user activity is what decides what is malicious and what isn’t.
Intel 471 is amongst the non-believers, highlighting that cryptomixers routinely run ads in underground cybercriminal forums. These moves ironically hinder legitimate DeFi investors since authorities push exchanges for more rigorous KYC norms, thereby reducing user privacy. Furthermore, the mere use of cryptomixers might turn into a red flag in the future, with law enforcement flagging such use as evidence of cybercrime.
While banning cryptomixer use seems extreme at this time, there’s no denying that users need better asset protection. In such an environment, cryptocurrency insurance solutions like Insured Finance are essential. These decentralized solutions allow crypto users to secure insurance for their priced assets, in case they are stolen. With full asset protection in place, investors can back the projects of their choice without fear of loss, and not have to worry about the threat that malicious actors and cryptomixers pose.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Users can request customized insurance on a wide variety of digital assets, thereby ensuring full protection. Those fulfilling requests can earn premiums and earn a competitive return on their capital. Claims are fully collateralized and settled instantly.