Blog posts, Thought leadership | 12/20/2022

The Wild Crypto World in 2022: Fraud, Security Breaches & Resilient Builders

Charles Guillemet, Ledger’s CTO, looks back at the most critical crypto events of 2022 and argues that the failure of centralized entities has emphasized more than ever the importance of self-custody in ensuring inalienable ownership rights.

2022 was a wild ride for the crypto world. From an all-time high market cap worth $2800 billion in 2021 down to $900 billion today, the market has shown volatility and unpredictability. But that’s not all. In 2022, we’ve seen significant security breaches that are not only reshaping the industry, but showing the way. Let’s take a look back at the year and see what we can learn from the most important events of the year.

Tech And Security Breakdown

On the tech and security front, things didn’t go well. We witnessed significant failures highlighting just how important digital security is.

Blockchain Bridges:

One area of concern was the security of blockchain bridges, which are used to connect different blockchain networks. Several popular bridges, including Ronin, BNB Bridge, Wormhole, and Nomad, were hacked, resulting in losses of almost $2 billion. The need for these bridges is clear, as they allow for the transfer of value and information between different blockchains. Creating secure, trustless bridges remains a major challenge.

Slope Hack:

The year was marked by a significant hack of Slope wallet users. A simple security flaw in the software allowed hackers to access users’ private keys and drain almost 10,000 wallets, resulting in losses of around $8 million. This created a great deal of fear, uncertainty, and doubt in the Solana ecosystem.

Exchange hacks:

Several centralized exchanges suffered from security breaches leading to loss of significant funds. The two centralized exchanges Bitmart and Ascendex are the most prominent examples as they lost respectively $196m and $77m from their hot wallets, highlighting the difficulty of building a secure and scalable wallets infrastructure. Coinbase also experienced a hack of 6000 of its users’ wallets. The attackers leveraged an issue in the platform’s account recovery process where they simply bypassed the 2FA, underlining the difficulty of account security. People are usually very bad at generating, remembering and using passwords. The world needs to migrate to hardware-based Fido2.

Financial innovation failed experiments

A stablecoin is a type of cryptocurrency that is designed to maintain a stable value, typically by being pegged to the value of a fiat currency or other assets such as gold. This stable feature makes them an important part of the cryptocurrency market, as they provide a way to store value in the context of uncertainty and high volatility.

In general, a stablecoin issuer mints the stablecoins and guarantees its collateralization. For example, Tether (USDT) is collateralized by money market instruments held by the Tether company. USDC, issued by Centre (Joint venture between Circle and Coinbase), follows a similar logic. Despite their dominance, these stablecoins are often criticized for their centralization and potential for censorship.

TerraUSD (UST), the protocol that collapsed in May, was a different case. At first, It was an algorithmic stablecoin without reserves, which means that it solely used a system of minting and burning tokens to maintain its peg. To mint UST, users had to pay in Luna tokens, and the protocol would burn these Luna tokens to limit their overall supply and slightly increase their price. To mint Luna, users would convert UST, burning some UST and increasing its price. This system was designed to incentivize arbitrage and maintain the peg.

However, this system was fragile and was brought down by two whale traders, resulting in the collapse of both the TerraUSD and Luna tokens and losses of around $18 billion.

The Terra ecosystem also brought financial products with attractive interest rates anchored at 20% APY, which were essentially gambling with the stability of the UST stablecoin.

The negative effects of the Luna and Terra crisis spread when TerraLabs sold off large amounts of Bitcoin from their reserves in an effort to save their protocol. This caused market prices to drop across the entire cryptocurrency market. These events show the dangers of using levered schemes and will likely make people more cautious about using algorithmic stablecoins in the future.

Crash of centralized entities: market exposure and fraud

In the aftermath of the market crash and the collapse of the TerraUSD stablecoin, several centralized entities in the crypto market were heavily exposed to these protocols. In June, we witnessed the bankruptcy of Celsius, followed by several other major players such as Three Arrows Capital.

While some players could be saved and bought out at low prices, such as BlockFi being acquired by FTX, it was later revealed that FTX was also gambling with users’ money. In June, they began printing a large amount of FTT and putting it on their balance sheet at a misleading value. When rumors started to spread about the potential insolvency of FTX, a bank run occurred, withdrawals were quickly stopped, and the company declared bankruptcy only a few days later. Other FTX-exposed actors, including BlockFi and Genesis, are still dealing with the consequences of the company’s failure.

These events have sparked discussions about the solvency of centralized entities in the crypto market. While technical solutions for proof of reserves and proof of solvency exist, they are not widely adopted and do not cover liabilities. Vitalik’s article on the topic is a good reference for a more in-depth analysis of these issues.

This event brought renewed attention on crypto from regulators. 

Politics and Regulation

The world’s need for crypto

2022 demonstrated once again the social utility of cryptocurrencies. The censorship-resistant nature of cryptocurrencies proved useful for supporting pro-freedom protesters in Ottawa, donating to Ukrainian war refugees, protecting Iranian women who were threatened with having their bank accounts frozen and supporting Lebanon where the Banking system is collapsing.

Increased regulatory scrutiny in Europe

In 2022, western countries have increasingly sought to regulate cryptocurrencies. While it is technically difficult to regulate blockchain technology due to its decentralized nature, regulators are trying to control centralized actors, like exchanges and stablecoin issuers, that serve as fiat/crypto on-off ramps. The European Union passed two landmark crypto bills, the Markets in Crypto Assets regulation (MiCA) and the Transfer of Funds Regulation (TFR). During the negotiations, some members of the European Parliament called for outright bans on bitcoin and self-custody wallets – thankfully, these provisions did not make it into the final versions, which is a big win for consumer privacy and financial freedom.

OFAC sanctions on Tornado Cash

OFAC sanctions Tornado Cash and harms user privacy: Tornado Cash is a smart contract running on the Ethereum blockchain based on a Zero-Knowledge protocol that enables users to dissociate  their assets from prior addresses. This capability allows for privacy, a missing feature of the Ethereum (and Bitcoin) blockchains. Tornado Cash is open source and permissionless, meaning it can be used by anyone concerned with privacy. The US Treasury claimed that North Korea’s hacking syndicates used this service. Since no organization created, owned or operated Tornado Cash, the Treasury sanctioned people who interacted with the smart contract by banning them from centralized entities. Also, the main protocol developer, Alexei Pertsev, was arrested in the Netherlands and jailed without charges for four months. This situation is a blatant attack on the freedom of speech, including the freedom to write code (which is a form of speech) and the fundamental right to privacy.

We all benefit from public goods and infrastructure such as the internet, wireless networks, currency, the postal system, roads, and transportation infrastructure. It should be the same for Tornado Cash.

NFTs: the future of digital ownership – the power of Soulbound Tokens and the dominance of OpenSea in the NFT Ecosystem

NFTs: a growing range of use cases

The NFT ecosystem remains strong, particularly in the realm of art. Many new projects have emerged, with Bored Apes and Crypto Punks remaining two of the most important collections. In-game items are also increasingly being represented by NFTs. This adoption is primarily focused on crypto-native games at the moment, but AAA games have not yet adopted NFTs. The use of blockchain as an interoperability layer is a great application for NFTs, as digital goods represented by NFTs can be used in a variety of contexts (such as games, social media, and token gating) and can be transferred or sold in a trustless manner. Several big brands have also launched their own NFT programs, particularly in the luxury sector but not exclusively; Nike, Swoosh and Starbucks are examples of this trend.

SBTs: where the future of digital identity is headed

In April 2022, Vitalik Butterin co-wrote with E Glen Weyl and Puja Ohlhaver a scoring article about “Decentralized Society: Finding Web3’s Soul” in which he discussed the concept of Soulbound Tokens (SBTs). These NFTs are unique because they are not transferable but are revocable. This idea was later formalized in the writing of EIP-5192, which extends the existing EIP-721 standard for NFTs. SBTs may play a significant role in the near future for decentralized identity, as they belong to the address owner forever. 

OpenSea consolidates its leading position

The platform now accounts for 98% of total NFT trading volume, with over one million users, and is valued at over $13 billion. The beginning of the year was however marked by several security issues. OpenSea’s design is based on the 0x protocol and primarily uses the Ethereum chain. The high cost of fees on Ethereum led to focus on cost optimizations detrimental to security. Auctions on the platform are mostly conducted off-chain and interactions with the smart contract require off-chain signatures. This design made possible attacks using old off-chain signatures or front-run unlisting signatures to purchase NFTs at extremely low prices (read this twitter thread to learn more). 

Blockchain technology, major developments towards more scalability (and sustainability)

The Ethereum Merge: a success for its community

The successful merge of the Ethereum mainnet is a historic moment for the entire ecosystem. It marks the transition of the chain from proof of work to proof of stake, which has been in the works since 2014. While it is difficult to predict the exact impact of this change on the chain, it is a significant milestone for the Ethereum network.

We can only be impressed by the seamless migration of such a large and complex distributed system without any coordinator or interruption in service. The pressure was high, especially considering the potential for attacks, but the transition was executed smoothly and without any loss of transactions.

This is a testament to the skill and dedication of the Ethereum team and community, and it sets a high bar for future updates and upgrades to the network. Only time will tell what the full impact of the Merge will be, but for now, it is a cause for celebration and optimism for the future of Ethereum.

Scalability challenges are getting solved

One of the initial motivations for this move from Proof of Work to Proof of Stake was to enable EVM execution sharding. Ethereum and other blockchains have limited bandwidth and in their current forms won’t be able to support mass adoption. In order to solve this challenge two main tracks are considered : Layers 2 and Blockchain sharding

Blockchain sharding consists of dividing the network into smaller sub-networks called shards. Shards enable to process transactions in parallel. Each shard processes and stores only a portion of the data on the blockchain, reducing the amount of data that each node in the network needs to process and store. This remains a new concept and presents several challenges especially in terms of security: what we learnt from Bitcoin and Ethereum in terms of Game theory of incentives don’t apply anymore. 

In the meantime, Layers 2 technology progressed faster than expected. Starknet and ZkSync are the most advanced projects. With the Starknet and Cairo launch, we witnessed the birth of easy to write generic zero knowledge proofs in production. We can already see innovative use cases of this extra computing power, such as storage proofs allowing to prove the state of any MPT based chain on Starknet, concise proofs of Bitcoin UTXO set, or on-chain validation of WebAuthn signatures. 

ZkRollups are significantly more efficient than sharding solutions to solve the scalability challenges. Consequently, Ethereum changed its roadmap from Execution sharding, to Danksharding to finally proto-danksharding which doesn’t involve any sharding while bringing a solution for storing data on Ethereum in a scalable manner. 

Bitcoin remains the king but struggles to impose itself beyond the store of value use case for now

After 14 years of existence, Bitcoin continues to prove its resilience. Its value proposition didn’t vary over time: censorship resistant store of value. It’s fungible, durable, scarce by design, and auditable. 

However, the protocol evolves very slowly (as part of its value proposition). Nonetheless, in 2022, miniscript has been added in Bitcoin core, and will be deployed soon in Ledger.

The Lightning Network continues its slow adoption process and the overall payment capacity of LN has reached 5000 BTC. A disappointingly low figure considering the UX we have today. 

Overall, 2022 was a vivid reminder of the purpose of cryptocurrencies and blockchain technologies, and the bear market shouldn’t mislead us: the failure of centralized entities emphasized more than ever the importance of self-custody in ensuring inalienable ownership rights. Bitcoin continues to reign supreme as a store of value, while Ethereum’s world trustless computer continues to expand. I am personally impressed by the project’s agility and its renewed focus on supporting ZKRollups for unlimited scalability.

Looking Ahead

My biggest concerns for 2023 and beyond are the ability of the ecosystem to maintain decentralization and censorship resistance. The recent updates of Ethereum blockchain in particular led to more centralization, it’s manifest when we look at the staking split and even more when looking at OFAC-compliant blocks rate. Maintaining a permissionless system is the purpose of the blockchain revolution. 

My main expectations for 2023 are the widespread adoption of zero-knowledge proof technology, which will enable blockchain scalability, on-chain privacy, trustless bridges, and generally speaking making centralized services more trustless.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]