The team at Bitcoin-focused firm Casa recently shared some notable privacy and security stories from last year.
Casa wrote in a blog post that as technology continues to make advances, the world of privacy and security changes along with it. The end of 2021 saw many important events take place and have led to various underlying themes that we may watch out for in the coming years, according to the team at Casa.
As noted in the update, several so-called decentralized finance or DeFi projects found themselves “exposed in 2021 due to poor key management.”
The Casa team pointed out that 2021 was the year DeFi protocols really took off, and many projects with “lax” security practices “found themselves watching hackers take off with funds.”
According to Casa:
“The most eye-opening example came in August when cross-chain platform Poly Network had about $600 million in assets stolen in a breach. The platform responded by tweeting an open letter asking the perpetrator to “establish communication” and “work out a solution.” The desperate plea worked, and the project recovered the lost funds.”
Casa reminded consumers that we should never “expect a hacker to have mercy on you.” Although this story had a “happy ending,” it’s important to remember “the value of a robust security model predicated on self-custody.”
Casa further noted that when Coinbase issued its initial public offering in April, the move was “seen as an indicator of Bitcoin and crypto going mainstream.” But behind the scenes, the exchange “struggled to protect customer accounts.”
Casa also noted:
“Coinbase revealed last fall that attackers had exploited the company’s SMS account recovery process between March and May and stolen from about 6,000 customers. Though Coinbase reimbursed affected customers, 2FA settings continued to be a problem for the exchange. About 125,000 customers received false notifications in August that their 2FA settings had been changed.
Casa pointed out that Exchanges are like “honeypots for hackers because they hold the keys to large amounts of bitcoin.”
Casa also noted that for Meta, 2021 brought “even more scrutiny over data privacy and security practices.” If any business is “ready to ring in the new year, it’s the company formerly known as Facebook,” the team at Casa noted.
They added that Meta began 2021 “amidst growing calls for governments to break up Big Tech.” In April, phone numbers and personal information for over 500 million users “were published online for free.”
As noted by Casa:
“A few months later, a whistleblower claimed on “60 Minutes” that Meta prioritized profit above user safety when it came to combatting hate and misinformation. The next day, a router configuration change knocked Meta offline for six hours, along with other company apps.”
Then, a FBI document “revealed that Whatsapp, Meta’s popular messaging app, makes user data easy to obtain with a subpoena or warrant.”
Casa added that Meta’s recent controversies “illustrate the risk when centralized entities have so much data.” As firms rush to define the “metaverse,” we should “keep a close eye on data retention policies. As we like to say at Casa, don’t collect what you can’t protect,” Casa noted.
They also mentioned that ransomware took “center stage” in May of 2021 when Colonial Pipeline was “hit with a massive attack disrupting the oil and gas supply chain through much of the United States.”
Casa also noted:
“Hacking group DarkSide was reportedly behind the attack and requested a ransom of 75 bitcoin. The Department of Justice announced in June that it had recovered most of the bitcoin, leading many to wrongly speculate that authorities had managed to crack the private key encryption behind Bitcoin.”
The firm added that even hackers can “do a poor job of protecting their private keys.”
The update from Casa also mentioned that Bitcoin’s Taproot upgrade is “a welcome boost to privacy with Bitcoin transactions that will help the network continue to grow.”
Although price action and adoption dominated headlines, 2021 was “an important year for the Bitcoin network, which received its first major upgrade in four years: Taproot,” according to Casa.
As noted in the update:
“Activated with little controversy, Taproot was an important technical upgrade for Bitcoin. The release implemented Schnorr signatures and will provide the network with improved privacy and lower transaction fees. With Taproot, it will be far cheaper to spend from a multisig wallet.”
The company confirmed that like the rest of the industry, Casa is “working on Taproot-enabled implementation, and although there are some technical details left to work out, we are excited for this next step in Bitcoin development.”