We want to help you make more informed decisions. Some links on this page — clearly marked — may take you to a partner website and may result in us earning a referral commission. For more information, see How We Make Money.
A cryptocurrency platform says it experienced a massive security breach by hackers this week — resulting in more than $600 million in stolen assets, according to a blockchain security firm conducting analysis on the hack.
Poly Network isn’t a crypto exchange or digital wallet platform. Instead, it helps facilitate crypto transfers between different cryptocurrencies’ blockchains. This can help people use their cryptocurrency across different networks.
Poly Network addressed the hacker in an open letter published Tuesday: “The amount of money you hacked is the biggest one in the defi [decentralized finance] history,” it read. “Law enforcement in any country will regard this as a major economic crime and you will be pursued.”
But because cryptocurrencies are decentralized and largely unregulated across the globe, there’s historically been very little investors can do if their crypto is stolen by hackers, reinforcing the concerns many people — and regulators — have about cryptocurrency. This makes the importance of safe and secure investing all the more apparent.
What Investors Should Know About the Poly Network Hack
Polygon Network announced Tuesday it was attacked on three blockchains: Ethereum, Binance Smart Chain, and Polygon. After identifying the wallet addresses associated with the hackers, Poly Network called on miners, token developers, and crypto exchanges to blacklist any trades from them.
As of Wednesday, the platform has begun recovering the stolen assets, reporting $260 million returned so far.
The hack is the most recent event in a growing number of reported crypto scams, amid ongoing conversations from regulators about how to best circumvent crypto fraud. Just last week, SEC Chairman Gary Gensler spoke about crypto’s security risks without regulation:
“Right now, we just don’t have enough investor protection in crypto. Frankly, at this time, it’s more like the Wild West,” he said. “This asset class is rife with fraud, scams, and abuse in certain applications. There’s a great deal of hype and spin about how crypto assets work. In many cases, investors aren’t able to get rigorous, balanced, and complete information. If we don’t address these issues, I worry a lot of people will be hurt.”
While many investors aren’t conducting crypto transfers across blockchain networks or participating in DeFi protocols, any crypto investments can still be at risk from hackers. Still, there are ways long-term crypto investors can protect their digital assets:
Investing in Crypto Securely
The first line of defense you can make toward investing in crypto safely is choosing a secure platform from which to buy your coins. There are no protections for crypto assets the way that your cash in the bank is protected by institutions like the FDIC, so it’s important to make sure the platforms you use are safe. Look for specific information about security measures, storage, and insurance on any crypto platform’s website.
“Organizations that don’t invest in [cybersecurity] are certainly going to be the low-hanging fruit and they will be more prone to having their data compromised, because they don’t have anything in place,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center.
Look for protections for individual users, like two-factor authentication and practice your own security with strong, unique passwords to all of your online accounts.
You should also be familiar with common scams involving crypto, and approach any unsolicited offers or suspicious activity with skepticism. Here are some ways to spot a crypto scam, according to the Federal Trade Commission:
- Anyone who will only accept payment for goods or services in cryptocurrency
- Unsolicited offers to help you earn a lot of money in a short time or guarantee returns on your crypto investment
- Social media messages asking you to send cryptocurrency — this was the method behind a headline-making 2020 Bitcoin scam in which public figures’ Twitter accounts were hacked
How to Protect Your Crypto
Once you have cryptocurrency in your portfolio, you can also take measures to ensure the safety of your coins.
You may choose to keep your coins on your account with the exchange you used to buy them, but look closely at that exchange’s security measures to ensure it offers strict security protocols and plans for responding to a security breach. Some exchanges even have insurance policies — which may be internal or third-party — to protect user’s assets against theft in the case of a hack.
You can also store your coins in a hot wallet, or online, software-based storage platform. Because hot wallets are online, they’re still vulnerable to hackers, so it’s important to vet the security measures the platform is using to protect your digital assets.
“I put a lot of weight into the longevity of the platform or the device,” Nicole DeCicco, founder of CryptoConsultz, a consulting practice for crypto and blockchain technology, recently told NextAdvisor. “You could have holes in the security of the software, and that’s where hackers can get in. If you have a wallet that’s been time-tested, it’s more reliable that their security team is keeping up on the latest in their security practices.”
The most airtight form of security against hacking, though, is keeping your coins in cold storage. This refers to fully offline wallet storage, in which you store the private keys to your cryptocurrency off the network on a device; often, these devices resemble USB flash drives. There are other risks to this form of storage — like loss of or damage to the device — but it’s the safest form of protection against online theft.
If you choose to invest in cryptocurrency, you should be prepared not only for volatile price swings, but also the inherent risks of a decentralized, largely unregulated asset class. That’s also why it can be useful to follow the rule of thumb experts recommend and dedicate no more than 5% of your total portfolio to speculative investments like crypto.
If the combined risk of crypto’s price fluctuations and security doesn’t align with your own risk tolerance, there are options to invest in crypto without actually buying any coins. But even traditional investments or financial institutions aren’t guaranteed to protect your money from hackers — and it’s still important to evaluate security practices.
“We should all be concerned about data breaches, and we should all understand that there’s no system that’s truly impenetrable,” Velasquez says, acknowledging that even traditional institutions with the most robust security measures can still be compromised.
The best actions you can take is to ensure any platform you trust with your money or digital assets is upfront about how it guards users against theft and do your own due diligence to protect your accounts with secure passwords, frequent updates, and monitoring.