Fintech threats aren’t receding, one expert tells IT Brew

Digital threats aren’t going away anytime soon for the fintech sector, as Web3 is likely to reshape how we interact with money, and how it’s stolen from us.

Christian Seifert, researcher in residence at blockchain and security operational monitoring firm Forta Network, told IT Brew that 2024 is going to be challenging for fintech, as intense cyberattacks aimed at digital wallets are expected to continue.

“I think we’re in a better state than we were two years ago, but overall, scams are still a gigantic problem,” Seifert said. “People that self-custody their assets are losing money, losing digital assets and FTS tokens, etc.”

Hackers stole $3.8 million in cryptocurrency in 2022, according to a report from blockchain data platform Chainalysis, the highest rate on record. North Korea-based groups have been particularly aggressive with theft of the decentralized currency, and as IT Brew reported in May, espionage may be as much a part of the attacks as financial gain.

Drain-man. Forta’s main focus is the prominent role of blockchain in Web3, and the organization has watched financial sector threats evolve without corresponding moves on the defender side. Two years ago, according to Seifert, security efforts in the digital wallet space were “pretty much non-existent,” while today, firms are innovating solutions and tactics to manage the threats.

Despite these efforts, attackers often succeed. Seifert offered as an example the rise in drainer kits, malware that empties crypto accounts that’s offered as software-as-a-service or for free online.

Drainer kits don’t even require much technical expertise; the software can be deployed as part of broader sophisticated efforts like phishing scams. As the criminal space evolves, there’s more of a concentration of these types of narrowly targeted techniques.

“With that concentration, of course, those folks are able to invest much more in the R&D of these scams,” Seifert told us. “They’re able to experiment, they’re able to develop new techniques. And so that certainly is a concerning development.”

Plugged in. People protecting digital assets and wallets should take common sense prevention measures like enabling two-factor authentication, Seifert said, as well as using protection plugins and/or a third-party security product. Splitting up your assets into different wallets is also helpful, Seifert said—“the more you segregate, the more you distribute the risk.”

Security is still treated as an add-on by companies, Seifert said, requiring action by users to turn it on. That’s a lot to ask of consumers, he said, especially when security features could be automatically built into the system. And more checks are needed.

“Essential security functionality also needs to be baked into wallets natively,” Seifert said, adding that wallets “need to make sure that when assets are deposited into exchanges, there is an assessment being made. Are these funds stolen? Are they legitimate?”