Business and Technology
Crypto World's Cracks Widen
The recent Nomad hack was the eighth-biggest crypto theft on record. Other thefts from bridges this year include a $615 million heist at Ronin, used in a popular online game, and a $320 million theft at Wormhole, used in so-called decentralized finance applications.
When thieves stole an estimated $190 million from U.S. crypto firm Nomad last week, it was the seventh hack of 2022 to target an increasingly important cog in the crypto machine: Blockchain "bridges" - strings of code that help move crypto coins between different applications.
So far this year, hackers have stolen crypto worth some $1.2 billion from bridges, data from London-based blockchain analysis firm Elliptic shows, already more than double last year's total.
"This is a war where the cybersecurity firm or the project can't be a winner," said Ronghui Hu, a professor of computer science at Columbia University in New York and co-founder of cybersecurity firm CertiK.
"We have to protect so many projects. For them (hackers) when they look at one project and there's no bugs, they can simply move on to the next one, until they find a one weak point."
At present, most digital tokens run on their own unique blockchain, essentially a public digital ledger that records crypto transactions. That risks projects using these coins becoming siloed, reducing their prospects for wide use.
Blockchain bridges aim to tear down these walls. Backers say they will play a fundamental role in "Web3" - the much-hyped vision of a digital future where crypto's enmeshed in online life and commerce.
Yet bridges can be the weakest link.
"Blockchain bridges are the most fertile ground for new vulnerabilities," said Steve Bassi, co-founder and CEO of malware detector PolySwarm.
Nomad did not respond to requests for comment, but it has said it is working with law enforcement agencies and a blockchain analysis firm to track the stolen funds. Late last week, it announced a bounty of up to 10% for the return of funds hacked from the bridge.
Nomad said on Saturday it had recovered over $32 million of the hacked funds so far.
"The most important thing in crypto is community, and our number one goal is restoring bridged user funds," Mohan said. "We will treat any party who returns 90% or more of exploited funds as a white hats. We will not prosecute white hats," he said, referring to so-called ethical hackers.
Several cyber security and blockchain experts told Reuters that the complexity of bridges meant they could represent an Achilles' heel for projects and applications that used them.
"A reason why hackers have targeted these cross-chain bridges of late is because of the immense technical sophistication involved in creating these kinds of services," said Ganesh Swami, CEO of blockchain data firm Covalent in Vancouver, which had some crypto stored on Nomad's bridge when it was hacked.
"Cross-chain bridges are an attractive target for hackers because they often leverage a centralized infrastructure, most of which lock up assets," said Victor Young, founder and chief architect at U.S. blockchain firm Analog.
So how best to address the problem?
Some experts say audits of smart contracts could help to guard against cyber thefts, as well as "bug bounty" programs that incentivize open-sourced reviews of smart contract code.
Others call for less concentration of control of the bridges by individual companies, something they say could bolster resiliency and transparency of code.
See all News Updates of the Day
Africa News Tonight: Food Aid Reaches Darfur, Botswana Calls for Change in Diamond Certification, DRC Has First Female Prime Minister
Meta Closes Monitoring Tool for Disinformation, Fact-Checking
WASHINGTON—A digital tool considered vital in tracking viral falsehoods, CrowdTangle will be decommissioned by Facebook owner Meta in a major election year, a move researchers fear will disrupt efforts to detect an expected firehose of political misinformation.
The tech giant says CrowdTangle will be unavailable after August 14, less than three months before the US election. The Palo Alto company plans to replace it with a new tool that researchers say lacks the same functionality, and which news organizations will largely not have access to.
For years, CrowdTangle has been a game-changer, offering researchers and journalists crucial real-time transparency into the spread of conspiracy theories and hate speech on influential Meta-owned platforms, including Facebook and Instagram.
Killing off the monitoring tool, a move experts say is in line with a tech industry trend of rolling back transparency and security measures, is a major blow as dozens of countries hold elections this year -- a period when bad actors typically spread false narratives more than ever.
"In a year where almost half of the global population is expected to vote in elections, cutting off access to CrowdTangle will severely limit independent oversight of harms," Melanie Smith, director of research at the Institute for Strategic Dialogue, told AFP.
"It represents a grave step backwards for social media platform transparency."
Meta is set to replace CrowdTangle with a new Content Library, a technology still under development.
It's a tool that some in the tech industry, including former CrowdTangle chief executive Brandon Silverman, said is currently not an effective replacement, especially in elections likely to see a proliferation of AI-enabled falsehoods.
"It's an entire new muscle" that Meta is yet to build to protect the integrity of elections, Silverman told AFP, calling for "openness and transparency."
'Direct threat'
In recent election cycles, researchers say CrowdTangle alerted them to harmful activities including foreign interference, online harassment and incitements to violence.
By its own admission, Meta — which bought CrowdTangle in 2016 — said that in 2019 elections in Louisiana, the tool helped state officials identify misinformation, such as inaccurate poll hours that had been posted online.
In the 2020 presidential vote, the company offered the tool to US election officials across all states to help them "quickly identify misinformation, voter interference and suppression."
The tool also made dashboards available to the public to track what major candidates were posting on their official and campaign pages.
Lamenting the risk of losing these functions forever, global nonprofit Mozilla Foundation demanded in an open letter to Meta that CrowdTangle be retained at least until January 2025.
"Abandoning CrowdTangle while the Content Library lacks so much of CrowdTangle's core functionality undermines the fundamental principle of transparency," said the letter signed by dozens of tech watchdogs and researchers.
The new tool lacks CrowdTangle features including robust search flexibility and decommissioning it would be a "direct threat" to the integrity of elections, it added.
Meta spokesperson Andy Stone said the letter's claims are "just wrong," insisting the Content Library will contain "more comprehensive data than CrowdTangle" and be made available to academics and non-profit election integrity experts.
'Lot of concerns'
Meta, which has been moving away from news across its platforms, will not make the new tool accessible to for-profit media.
Journalists have used CrowdTangle in the past to investigate public health crises as well as human rights abuses and natural disasters.
Meta's decision to cut off journalists comes after many used CrowdTangle to report unflattering stories, including its flailing moderation efforts and how its gaming app was overrun with pirated content.
CrowdTangle has been a crucial source of data that helped "hold Meta accountable for enforcing its policies," Tim Harper, a senior policy analyst at the Center for Democracy & Technology, told AFP.
Organizations that debunk misinformation as part of Meta's third-party fact-checking program, including AFP, will have access to the Content Library.
But other researchers and nonprofits will have to apply for access or look for expensive alternatives. Two researchers told AFP under condition of anonymity that in one-on-one meetings with Meta officials, they demanded firm commitments from company officials.
"While most fact-checkers already working with Meta will have access to the new tool, it's not super clear if many independent researchers — already worried about losing CrowdTangle's functionality — will," Carlos Hernandez-Echevarria, head of the Spanish nonprofit Maldita, told AFP.
"It has generated a lot of concerns."
Forum