Inside a crypto security exec’s scramble to stem $90m in hacks in one week

Taylor Monahan hoped for a quiet time with her daughter on New Year’s Eve. No screens, just a “peaceful crafty day,” she told DL News.

That all changed when a friend casually texted about one more hack before the clock struck midnight.

“Wait, what?” said Monahan, the principal security researcher for MetaMask.

She dropped into a virtual war room, an invitation-only, online chat on Telegram, and joined other cyber sleuths monitoring what turned out to be an $81 million exploit of Orbit, a blockchain bridging project.

More were to come.

‘Possible security incident’

Roughly 48 hours after the Orbit was hacked, a cross-chain lending platform called Radiant Capital was robbed of $4.5 million.

Then, on January 4, Gamma, a liquidity management project, announced it was “reacting to a possible security incident.” It lost $6 million.

Even Monahan, a seasoned cyber defence expert, was blown away by the action as she simultaneously monitored three virtual war rooms.

“There’s a situation going on, and I’m at my computer looking at it and going, ‘nope, nope, nope, nope!’ she told DL News a few days later.

It may have been a new year, but it was the same old crypto.

Protecting blockchain-based projects from bad actors has become an exercise in futility, especially in decentralised finance. Not a week seemed to go by without a new exploit making headlines. In 2023, crypto users lost more than $1.7 billion in 160 hacks, according to TRM Labs.

Whatever hopes a new year would bring a respite to the space vaporised as a spate of attacks plundered protocols for about $90 million in the first week of the year.

‘We’ll continue to see pre-teen script-kiddies and nation-state sponsored actors and everyone in between run circles around this industry.’

—  Taylor Monahan

And a bull market could make things worse. Projects will often move too fast chasing a dollar, foregoing “top-notch” security, independent security researcher Pascal Caversaccio explained. This will leave them vulnerable.

War rooms

In the meantime, Monahan, the founder of one of the market’s first Ethereum wallets MyCrypto, joined other online sleuths in war rooms on Telegram last week to track down the perpetrators and stymy the damage.

She didn’t hesitate to click the link and join the war room. “What am I going to shitpost on Twitter while I know this group is trying to mitigate the damage caused by an exploit? No, I’m going to try and help.”

Even as Monahan saddled up on this virtual posse, she said she felt frustrated by a crypto crime wave that shows no sign of abating.

It isn’t just defending systems from black hats — she is also concerned that the crypto community itself isn’t taking the threat seriously enough.

“There’s absolutely no accountability when a protocol gets hacked,” Monahan said. “None. So few teams are legitimately scared. And why should they be? It’s far worse to not have liquidity or traction than it is to get hacked in this industry.”

It takes a digital village

So what’s to be done? Technical solutions abound to solve one of crypto’s most insidious problems.

For example, Blockaid, an Israeli security firm, teamed up with MetaMask last year to notify users whenever they interact with a suspicious smart contract.

For builders, it means costly audit after costly audit from various security outfits to check each line of code.

On-chain tools that automate notifications, signal malicious on-chain activity, and keep users abreast of incidents are also helpful. Then, for everyday users, it’s the simple things like two-factor authentication and password managers.

Crypto’s security issues demand more than technical solutions, however.

It’s also a cultural shift for users.

“The community essentially has to solve it by not participating in protocols that don’t give a shit about security,” Caversaccio told DL News. “This will signal to new projects that they have to deeply take care about this topic.”

Security emergency

With so many war rooms springing up, security experts launched Seal 911 last August.

The group offers project managers a direct line to more than 30 auditors and white-hat hackers in the case of a security emergency.

In September, Seal 911 managed to stop a hacker dead in their tracks from exploiting a crypto-powered dice game.

“It’s been a game-changer, as it brings together so many talented people and enables such fast, collaborative action,” Monahan said.

‘Blind trust will be exploited. FTX is a great example.’

—  Caversaccio

The group, as well as a few others like it, said Caversaccio, is another key step in reigning in the free-wheeling world of crypto.

Still, users will continue to bear much of the responsibility.

“Blockchains give power back to the people, so either you take that responsibility seriously or it’s not an ecosystem you should participate in,” said Caversaccio. “Blind trust will be exploited. FTX is a great example.”

And security experts such as Monahan will continue lurching from one hack to the next. But this isn’t a sustainable approach, she said.

“DeFi exploits are always a race,” she said. “You have maybe 30 minutes tops to determine root cause and if other pools or protocols may be vulnerable.”

Script-kiddies

Crypto will never truly be a safe space for anyone unless financial, reputational, or legal costs are higher than any quick payout, Monahan said.

“We’ll continue to see pre-teen script-kiddies and nation-state sponsored actors and everyone in between run circles around this industry.”

Liam Kelly is a Berlin-based DeFi Correspondent. Contact him at liam@dlnews.com or on Telegram at @Liam_Gallas.