Halborn Logo

// Blog


The Risk of Insider Threats in Cryptocurrency


Rob Behnke

February 3rd, 2021

What Is an Insider Threat?

Most security solutions are focused on external threats.  A castle’s defense is based on a perimeter wall. Similarly, cybersecurity solutions are deployed at the network perimeter and are designed to keep anything malicious from ever entering the network.

However, it is a dangerous assumption to believe that all threats originate from outside of the protected perimeter.  If someone with legitimate inside access poses a threat – whether via malice or a compromised account – then an organization’s outer perimeter-focused defenses are worthless.  An insider threat is inside the defenses and already has the access that they need to steal money or do other damage to the organization.

Insider Threats in the Crypto Space

Cryptocurrency has had its share of cyberattacks and other security threats.  While blockchain protocols are largely secure, compromised private keys, insecure smart contracts, and similar issues have caused a number of blockchain hacks.

However, external threats are not the only security issue in the cryptocurrency space.  Whether intentionally or unintentionally, insiders within organizations supporting cryptocurrencies have taken actions that harmed the protocol.

One clear example of an “insider threat” is the alleged SushiSwap exit scam.  In September 2020, SushiSwap creator Chef Nomi liquidated his stock in the protocol, causing the value of the SUSHI token to drop by 75%.  This sale was decried as an exit scam and although Chef Nomi returned the sale money to the project, the damage was already done.  After Chef Nomi’s holdings were liquidated, the price of the SUSHI token dropped from $4.41 to $1.20.

BitGrail is an example of a cryptocurrency exchange that experienced issues with insider threats.  In 2018, the man behind the exchange, F.F., reported an attack to the Italian police.  However, he is now believed to be the perpetrator of later attacks against the exchange because he could have easily prevented them and chose not to do so.  Whether as an active participant in the attack or through negligence, F.F. posed a real insider threat to the now-defunct exchange.

Protecting Against Insider Threats on the Blockchain

Insider threats are a serious hazard to security because they are so difficult to detect and protect against.  Someone with legitimate access and permissions on a system can cause damage using those legitimate permissions, and it may be impossible to mitigate this risk without rendering them unable to do their jobs.

It is ironic that the blockchain sector is plagued by insider threats because this type of risk is one of the problems that blockchain technology is designed to solve.  An insider threat is only a true security risk if they have enough control over the system to do real damage.  Blockchain decentralization is intended to eliminate this centralized control that makes these threats possible.

Some forms of insider threats, such as the ownership of large amounts of cryptocurrency that caused the SushiSwap issue, are unavoidable, but others, like the BitGrail exchange hack, can be managed.  For example, a decentralized cryptocurrency exchange – if properly secured – can make it more difficult for an insider to leverage their power to steal value from cryptocurrency investors.

To find out how you can protect your blockchain company against insider threats, get in touch with Halborn today at halborn@protonmail.com.