In the 2008 superhero film The Dark Knight, there is a great scene where the Joker makes a statement on Batman’s bold and ultimately successful attempt to catch the villain by saying: “This is what happens when an unstoppable force meets an immovable object.”
It’s a quote that’s always stuck with me, and one that, in my opinion, captures well the collision we are currently experiencing in our industry between the cryptocurrency and cybersecurity worlds. Two superpower industries coming together – and we get to decide if it will result in new possibilities or increased evil.
Both the crypto and cybersecurity markets have seen incredible growth in the past few years. Cybersecurity, for its part, grew 12.4% as a whole to reach $150.4 billion in 2021, according to Gartner. The market also blew through all other record years for acquisitions and financing, with $77.5 billion in M&A and $26.3 billion in VC funding in 2021 alone. It’s an incredible pace that isn’t showing signs of slowing down anytime soon.
Crypto isn’t far behind. Bitcoin had a market capitalization of $1.07 trillion as of February 21, 2021 (an increase of 19,000+% since 2012) and the global blockchain market is expected to reach $23.3 billion by 2023. Other estimates predict the market size for cryptocurrency will reach $1.9+ billion by 2026. Between cryptocurrency, NFT marketplaces, meta-universes and others – it’s clear this area will soon dominate our world.
However, as with all hyper-growth markets, with rapid rise inevitably comes new threats. The dislocation of threats between offense and defense is often greatest at these moments in time, as our abilities to defend against bad actors lag behind the breakneck pace of exciting innovation. And much like in other domains, when this gap grows, bad things can happen.
We’ve seen this dynamic manifest in a significant way in the crypto space over the past year. Losses in 2021 from cryptocurrency were at an all-time high, with an estimated $4+ billion lost to hacks or scams. Making up this total is events like hackers exploiting vulnerabilities in systems of companies like Poly Network to steal $600 million in cryptocurrency, or more recently at Wormhole to steal $320 million. At an even greater scale is the recent announcement by the Justice Department that it had seized more than $3.6 billion in allegedly stolen bitcoin after a hack of cryptocurrency exchange Bitfinex.
Meanwhile, we are also seeing the potential of cryptocurrency used for harm. The anonymity and global access to cryptocurrency has fueled the growth of ransomware, providing an easy and (mostly) untraceable payment system for cybercriminals worldwide. The average ransomware demand (with few exceptions, paid in bitcoin or another cryptocurrency) rose 518% in 2021, with payments requested as high as $50 million and the average payout sitting at $570,000. What’s more, crypto is in many cases being used to fund other types of adversaries, including drug dealers, arms traffickers and terrorists.
These are just a few examples, but the staggering sums involved in these hacks show the scale of the challenge at hand. Yet, the reality is we are in early innings. As this market continues to grow, so too will the threats. If this is just the second inning of opportunity, imagine what the top of the ninth will bring in terms of risk if we don’t invest in preparing ourselves for this coming tsunami.
The good news is that we have the benefit of foresight on our side. We have seen again and again what happens when an emerging technology market explodes, leaving a trail of threats in its path – just look at cloud, IoT, ICS etc. We have a unique opportunity at this moment to fully embrace the potential of this new technology category, but also work to secure it in parallel. We can see this threat coming and we must act.
There is plenty of room for innovation where the worlds of crypto and cyber collide, some of which is already starting today. Bleeding-edge companies are jumping into this market with technologies for AI-based forensic investigations, blockchain pen-testing, compliance and smart contract monitoring. They’re also getting leveraged by U.S. federal law enforcement agencies, including DHS, FBI, IRS, SEC and other government organizations, as well as proving their viability in court cases. Some of the companies leading the way here include Chainalysis, TRM Labs, Elliptic, Solidus Labs, CertiK, Fireblocks, Anchain, Coinfirm, Elementus and Coin Metrics.
But there’s room for improvement. There are only a handful of companies that are early movers with viable cybersecurity technologies in this space, but we need an industry. We, for instance, don’t have many companies offering security for the blockchain itself, or companies that can reference the blockchain and provide analytics from it for blacklisting or creating watch list of nefarious actors that can integrate with existing security stacks to make it useful at scale. We also lack solutions or standards for wallet or private key hygiene or authentication, which accounts for a significant portion of attacks (like the 2021 attack on BitMart that stole $196 million with a compromised private key).
While potentially unpopular, regulation also likely has a role to play here. With traditional banking, we have safeguards in place. For instance, money transfers today typically have a clearing period, especially for large amounts, giving time to fix any issues. Regulators help monitor these types of transactions and guarantee them, which makes corporations and governments more comfortable with using them for their digital transaction needs. This regulation needs to be thoughtfully drafted in partnership with experts and industry to not stifle innovation. Finally, there is self-regulation by the companies themselves to meet basic standards of care.
As investors, we also have a role to play. As we fuel the next wave of innovation, we need to do our diligence and ensure we are funding the companies that will fuel the next generation of emerging technologies. It’s an area NightDragon is committed to doing its part on, as we have added tZero Group CISO and crypto expert Chris Russell to our Advisory Council and continue to evaluate investment opportunities.
If we’re heading towards a digital crypto, NFT, Web3 and Metaverse world, which most would argue we are, we should make it a SAFER and more SECURE world. That’s a choice we need to make as an industry right now.