KPMG France, a leading audit and advisory firm, has revealed the results of its cybersecurity study of Blockchain and Cryptos 2022, which provides a stockpile of vulnerabilities in the blockchain and cryptocurrency ecosystem, at a time when there is a huge development in decentralized finance, whose total investment represents Funds 10.6% of the entire cryptocurrency market.
Among other findings, the study highlights the following:
• The penetration of decentralized financial infrastructure and applications caused a loss of approximately $1.2 billion during the first half of 2022;
• This amount corresponds to a 692% increase in amounts stolen by hack compared to the first half of 2021;
• In the face of this growing threat, KPMG lists only between 1,000 and 1,500 professionals capable of performing cryptographic security audits in the world today.
Web3 at the mercy of cyber attacks
Despite the strong security guarantees inherent in blockchain-related technologies, the KPMG study shows that cryptographic infrastructures and applications, such as decentralized finance, are not immune to attacks.
This phenomenon is explained by the development of complex Web3 architectures whose functionality generates new vulnerabilities, as well as extended attack surfaces. Smart contracts in particular can have flaws that allow crypto assets to be hacked and stolen. The attacks also relate to user wallets or the infrastructure itself. Attackers also take advantage of features from the world of decentralized finance, such as “quick loans.”
“Attacks are able to take advantage of the slightest error, especially in the code of smart contracts, or in the protection of wallets. Such hacks require highly specialized skills, but the number of incidents shows that this expertise does not decrease among malicious actors,” says Vincent Maret, Partner, Head Cybersecurity activities of KPMG France.
According to a KPMG study, hacks cost nearly $1.2 billion in the first half of 2022, including the iconic attack on Project Ronin that led to the theft of nearly $624 million. These are all signs of a lack of preparedness by some players regarding cybersecurity issues, which led to a 692% increase in the amount stolen from decentralized finance between the first quarter of 2021 and the second quarter of 2022.
Lack of experts in the market
The KPMG study also shows that vulnerabilities in crypto projects are explained by the lack of specialists in the market, who are able to audit crypto projects in terms of cybersecurity.
Si le entree premier cabinet d’audit spécialisé en sécurité crypto a été créé en 2012 et que ses pairs se sont multipliés depuis, il n’existe à ce jour qu’entre 1 000 et 1 500 experts sur le sujet prises quient se répart In the world. This number means that there will only be 5 to 8 listeners of Web3 for 100 developers today, which is a much lower risk.
Develop the role of CISO
To respond to the increase in attacks and vulnerabilities in Web3, according to a KPMG study, one of the main levers available to players to protect themselves is the level of skill development. Indeed, while Web3 appears to be paving the way for increasingly digital and technological tools, human analysis is more necessary than ever to assess risks and put in place appropriate systems to protect against them.
In cybersecurity, the crypto-environment differs from the usual one for Web2: Web3 relies on the blockchain, an open ecosystem in which many third parties can interfere. Thus, it is necessary for companies to fill in the profiles of a cybersecurity manager or manager, and to develop their role within the organization. These players must be able to pilot software to raise awareness among stakeholders, analyze risks, update procedures and tools, etc., with a view to responding to both the imperatives of securing ecosystems and the risks inherent in their operation.
“With the blockchain and crypto ecosystem entering a new phase of structuring and development, with growing interest from central banks and traditional financial actors, investing in cybersecurity is more important than ever. We are only at the dawn of Web3 and we must invest in talent and skills to work effectively.” Collectively to secure this ecosystem whose enormous potential has been demonstrated, but whose safeguards still need to be consolidated,” concludes Alexander Stachenko, Director of Blockchain & Crypto at KPMG France.
About KPMG France
KPMG France, the leading audit and advisory firm, brings together 10,000 professionals committed to working towards new prosperity, serving companies, entrepreneurs and organizations of all sizes. 100 years after its establishment, in 2022 KPMG France will become a company with a mission to work and innovate with a passion to build trust, combine performance with responsibility and develop talent at the heart of the economy, territories and society. KPMG provides its clients with the strength of a global multi-disciplinary network in 145 countries and is distinguished by its regional coverage thanks to its 200 offices in France.
Audit – Advice – Accounting Expertise – Law and Taxes.