BCCN3

View Original

How to Properly Respond to a Cryptocurrency Hack

In March, we saw two major hacks occur on-chain targeting MyAlgo and the Hedera network with prompt responses from both teams informing their communities about what had happened and what still needs to be done. 

Although neither response was capable of preventing the hacks from initially occurring, they still are an important part of the process as the teams shift their focus on mitigating the damage and protecting investor funds. 

Preparing for the Worst: Developing a Response Plan

Prevention is often considered the best cure in medicine, and that same rule can apply to cybersecurity. When things are running smoothly it is hard to imagine that something terrible like a hack will occur, but in web3, hackers consistently look for new exploits to target. 

To establish an effective response plan, a team needs to identify and organize how to handle any unexpected situations with the following:

  1. Incident response team - A team designated to monitor the affected protocols and respond to the community.

  2. Communication channels - A selection of social media platforms that the team intends to use to communicate with their community. 

  3. Recovery strategy - A plan that will allow funds to be reclaimed or prevented from being stolen. 

  4. Legal and regulatory considerations - Establish a legal team that is prepared to take action 

Immediate Response: Containing the Damage

In the event of a hack, having an immediate response mapped out can make a significant difference in the impact and severity of the attack. 

First, the team needs to be able to identify that a hack is occurring and detect where it is happening. This is imperative to prevent further losses. Once the issue is detected, the team needs to isolate the problem by shutting down any protocols or accounts being manipulated. 

Next, the team must disable or shut down any programs, protocols, or accounts that are being exploited to prevent funds from being moved further, similar to how the Hedera network shut down their bridge after they identified a hack earlier this month. 

Afterward, a team should get into contact with the correct law enforcement and initiate their own legal response team in order to protect customer funds. Evidence can also be retained during this time to help bring the criminals to justice. 

Communication: Transparency and Reassurance

When experiencing a hack of any sort it is important to notify your community as soon as possible to reduce the number of investors from becoming victims of the attack.

Fortunately, with the online nature of web3, there are a variety of channels that a team can use to quickly inform their community:

  1. Official website and blog - Release an official statement on your website that explains the issue and how it is being addressed.

  2. Social media platforms - Reach out directly to your community, allowing messages to be shared with others to spread awareness. 

  3. Press releases - Provide specific information about the hack and send it to media outlets for exposure.

During all of this, it is helpful to find a balance between transparency and security. Although being fully transparent is preferred, providing too much detail might aid the hackers in avoiding capture. 

Remediation: Restoring Trust and Security

After the immediate situation has settled, the next stage is for the response team to restore trust in their business and protocols while also establishing new procedures to reduce the likelihood of another attack happening again. 

Ideally, the team would start by patching up the initial vulnerabilities that the hackers found and any similar problems associated with them. Then they can implement new security measures such as a notification system when similar activity is detected. 

Afterward, control would need to be given back to the affected accounts with a reimbursement plan to help return stolen funds to the affected users. However, this might not always be possible depending on the complexity of the attack. 

Finally, the team would then need to conduct a third-party audit to ensure that all the funds are safe and accounted for. Once this is done, then withdrawals and deposits can be reopened. 

Learning from the Experience

In order for this response to be effective though, it also needs to be maintained and regularly updated as new vulnerabilities and exploits are discovered. The web3 industry is constantly changing and the chances of having a protocol hacked are never going to disappear. 

Some ways to keep security updated include:

  1. Regularly reviewing and updating the response plan.

  2. Staying up to date with industry best practices and security standards.

  3. Encouraging community engagement in security efforts.

  4. Collaborating with other businesses and organizations to combat cyber threats.

While not perfect, following these steps can help reduce the possibility of being hacked again in the future because it shows that a team is committed to the security of its network; and, as stability and safety rise, investors will take notice.