Can you explain the FBI’s involvement in this investigation, and how Polaris Infosec is assisting Sky Mavis in this process?
|Tin Nguyen, CEO of Polaris Infosec and a former FBI agent |
The reason the FBI is involved is that the incident has US stakeholders, which could be victims, users, internal team members, or third parties like exchanges. Anytime there’s a major incident that involves the United States, even when it’s overseas, the FBI can be involved. I’m currently managing the relationship between Sky Mavis and the FBI, while advising Sky Mavis on its recovery, helping it develop the roadmap on how it needs to remediate its systems to enhance its security. In light of what happened, Sky Mavis has done an excellent job in responding in order to protect and continue serving its community. But it is still an active investigation.
What comes next after identifying the hackers, and where does the $625 million actually go?
What different law enforcement agencies and organisations can do in situations like this is immediately reaching out to any known crypto exchanges to request the freezing of wallets and transfers. The problem is, as exchanges are located all around the world and there is no international standard for crypto regulation, exchanges don’t have to cooperate with law enforcement from other countries.
There are different methods to trace crypto transfers, such as the use of Chainalysis, which specialises in crypto tracking. However, these tracking companies can’t actually affect the transfers.
That being said, there are exchanges and wallets that are agreeable to customers and will help them find and retrieve funds if they can. But usually, that’s very hard. And even if you’re able to retrieve funds, usually it’s only a fraction.
Are there chances the money can be returned, like in the case of the cryptocurrency platform Poly Network in 2021?
Incidents in which hackers return money have happened, but that’s usually with individual hackers or non-organised hackers who return funds for any number of reasons, such as guilt, job offers, fear of capture, or because they were making some kind of statement. There are many different levels of hackers but the greatest threats are always the APTs, which stands for Advanced Persistent Threat. These hackers have a large network and a high skill level, and are also much more organised than other groups.
Generally speaking, if you are dealing with APTs, no matter the origin, it’s almost impossible to take direct action. Even if you know 99 per cent that they are from a certain country, entities like the FBI can’t just capture them but may have to rely on local support.
There are several things we can do, however. One, we can make sure additional attacks are met with greater resistance and higher levels of security. Two, we can use that attack to collect intelligence, in order to prevent attacks on other organisations. Three, you can now improve security globally by sharing information with companies and organisations so they can individually improve security.
The key point is that, as community security solutions improve, hackers also evolve. We need to learn from these events to stay ahead.
|Axie Infinity game |
What is your assessment of Vietnam’s current cybersecurity capability, especially as the tech startup scene in the country is flourishing?
Vietnam has a lot of talent in tech, from IT to development to blockchain. However, in terms of blockchain experts with strong security background, that’s a different matter. As you can see with Sky Mavis, a unicorn company that’s worth billions, but it got hacked. As blockchain experts, it also needs to become security experts.
People usually have misperceptions that if you know about blockchain or any tech software, you know about security. But that’s not true.
Almost all startups in Vietnam lack internal security teams because that’s not on their priority list, even though it should be. Sky Mavis is now spending a lot of money on its back-end to recover from the hack. Security is like an insurance policy. If companies would just take the time to work on security to protect the technology they developed, either with an internal team or outsourcing, they will save so much time and money if things go wrong, and chances are increasing that they will.
How do you think this hack, one of the biggest to hit the crypto world, will impact the investment prospects for blockchain games?
Is investment going to continue to pour into blockchain gaming? For sure. However, if there’s one thing that is a takeaway from this incident, it’s that investors need to do due diligence with security. They need to ask how secure the platform is, and if they have a plan to address security. And once someone invests in a company, they should assist them with developing a security plan.
The problem is that most investment firms in Vietnam haven’t had mechanisms to assess the security capabilities of a platform. Some firms that focus on tech investments may have teams to assess the technology for a product, but tech teams are not necessarily cybersecurity teams.
If one of your portfolio companies gets hacked and loses millions of US dollars, they might not survive, and so neither does your investment. The average loss for a business in Southeast Asia is currently $2.1 million, and the cybersecurity risk is increasing, especially in Vietnam, because it’s not a cyber-aware market.
You usually don’t hear about these hacks in the news, but in reality, they’re happening every day. Companies usually keep it private and pay the attackers to maintain a reputation. But that’s not a very smart solution because hackers now know they’re willing and able to pay and that increases the chances for a another attack. It also motivates attackers to continue targeting other businesses. So, as investments in the Vietnam market expand, so should company security measures and solutions.