We'll come right out and say it: 2022 was the year of self-custody. This week, we're looking back on the Top 5 security stories and the lessons learned along the way. Remember these events in the years to come.

5) $625 million stolen in Ronin Network exploit

We begin in spring 2022, a much simpler time. Gamers were playing to earn tokens in the video game Axie Infinity, which was tied to the Ronin Network, an ethereum sidechain.

But it's all fun and games until someone loses a key. In March, an attacker hacked the network's private keys, exploited validator nodes, and made off with what was then about $625 million.

Investigators have since tied the attack to a North Korean hacking group known as Lazarus. About $30 million in funds was recovered in September.

🔑 Key Insight: Crypto projects are only as secure as their weakest link, and often that's the underlying network infrastructure. Sidechains, bridges, and other forms of tokenization typically rely on trust. Minimize how much you trust third parties.

bankrupt-exchange-celsius-on-phone-and-desktop

4) Celsius freezes for bankruptcy, leaving user funds stranded

It was a cold snap in summer. By June, the price of bitcoin had slipped more than 50% YTD, and lending platforms like Celsius found themselves on thin ice.

At first, the platform suspended withdrawals, assuring its users that it was "stabilizing liquidity" amid "extreme market conditions."

It turned out the problem wasn't liquidity but reserves. Celsius filed for bankruptcy in July and listed a shortfall of $1.2 billion. Affected users can reportedly file claims until January.

🔑 Key Insight: Liquidity problems shouldn't be a problem for exchanges and lending platforms if they truly have the assets they say they have. Learn more about the risks of obscured supply in this deep dive into "fake bitcoin."

Securing bitcoin’s scarcity: fighting fake bitcoin
Bitcoin has a limited supply, so why does it seem like the market’s being manipulated? The truth may surprise you.

3) Tornado Cash developer arrested in Amsterdam

Bitcoin and other crypto transactions are public if done on-chain. Today, blockchain analytics allow corporations and government to track funds from address to address. But there's one strategy for preserving privacy: mixing coins.

In August, however, the U.S. Treasury Department decided to crack down on one open-source mixing platform: Tornado Cash. Officials sanctioned the ethereum-based platform, citing suspected money laundering usage.

Days later, developer Alexey Pertsev was arrested in Amsterdam for his suspected involvement. Pertsev is still detained as of December 2022.

🔑 Key Insight: Government officials frequently conflate a desire for privacy with criminal activity, but there are many legitimate reasons for seeking privacy. This arrest raises many questions that nations will grapple with in years to come, but here's an important one: Is open-source code free speech?

trucker-parked-in-lot

2) Canada blacklists bitcoin addresses tied to trucker protest

In early 2022, a group of truckers and supporters began blockading the border crossings from Canada into the U.S to challenge COVID-19 restrictions. Other supporters began raising money to continue the protest.

The Canadian government was not amenable, and officials invoked emergency powers to crack down on people associated with the protest. In doing so, the government leaned on institutions to sanction bitcoin addresses linked to the convoy and freeze bank accounts of people who just donated to the effort.

🔑 Key Insight: Freezing the financial assets of protestors is not to be taken lightly. While bitcoin kept on trucking as a network, the government response was eye-opening and made an important case for the importance of self-custody in securing financial freedom, as discussed in this op-ed by our CEO Nick Neuman in Fortune.

FTX-arena-sponsorship

1) Game over for FTX

"I don’t trust a single piece of paper in this organization."

That's what new FTX CEO John Ray said about the now-bankrupt exchange while testifying before Congress earlier this month.

He has his work cut out for him. The records are a mess. The umbrella of related entities and corporations is a sight to behold. And former CEO Sam Bankman-Fried will soon have his day in court.

In the end, all that matters is the one thing we know since the company went bankrupt in mid-November: $8 billion of customer money is gone.

🔑 Key Insight: It's hard to conceptualize $8 billion, but here's a helpful exercise. Imagine a professional sports team.

Imagine all the players on the team, the uniforms, the coaches, the concession stands, the merchandise, all the fans in the arena, and the fans watching from home. Imagine all the hope it signifies.

Now, imagine that team didn't exist. That's how big $8 billion is.

Hold your keys.


Our weekly Security Briefing newsletter breaks down the latest news in bitcoin, cybersecurity, and digital privacy. Sign up below!


Read more

The top 5 privacy and security stories of 2021
As technology advances, the world of privacy and security changes with it. The end of the year is a good time to reflect on recent trends and the personal steps you can take to stay as secure as ever.
You’ve successfully subscribed to Casa Blog
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.