You can also listen to this podcast on iono.fm here.

JIMMY MOYAHA: A company called TRM Labs put out a cryptocurrency report that suggests that between June last year and June this year there have been more than double the amount of crypto hacks that we saw in 2023. In 2023 we had about $657 million worth of crypto that was stolen as a result of hacking activities. And this year, ending June 2024, that number’s gone up to $1.38 billion.

I’m joined on the line by the head of growth at Valr, Blake Player, to take a look at this and try to understand what’s happening. Good evening, Blake. Thanks so much for taking the time. How are we at this point? I thought cryptos were supposed to be the safe ecosystem.

BLAKE PLAYER: Good evening. Thanks for having me on the call. I think what we’re talking about here is actually just general cybercrime, which crypto is not uniquely exposed to.

You’ll find that all industries are subject to cybercrime. While that number does seem quite big for crypto, there is a much bigger number out there that is generally the cost of cybercrime across all industries.

I was reading a report recently in terms of ransomware, and I think at the moment ransomware is costing companies globally more than R20 billion per year, and that’s just one sort of degree of cyber threat. So certainly this is something that happens.

There are security risks in every industry, and crypto is particularly, I suppose, prone to this because of the nature of cryptocurrency being generally immutable; once money’s been sent you, you’re not able to reverse the transactions – which can sometimes happen in the traditional space.

So there is that additional risk there., but it’s certainly not unique to crypto.

JIMMY MOYAHA: I suppose a part of that, as you rightly mentioned, is the fact that while it’s not unique to crypto, crypto is the newest [target], and the numbers are increasing. And so a jump from year one to year two might look bigger than in other years.

Blake, I want to look at the fact that a lot of the targeting seems to be geared more towards the service providers and the platform providers and the exchanges, and not so much towards private individuals. Is it because the exchanges sort of consolidate more crypto, and therefore hackers might think there is more for them to access there?

BLAKE PLAYER: I do think that individuals are certainly targeted. There are lots of prominent crypto personalities that have been hacked, including Vitalik [Buterin], the founder or creator of Ethereum. So there are a number of individual attacks.

But you are right in that large exchanges and other crypto businesses who hold a lot of crypto are a big target just because, if you do manage to get in, the payoff is quite high, whereas with an individual typically the payoff can be quite low.

But that’s not always true. Often individuals are much easier to compromise. The security is often a lot less stringent and people tend to do things like reuse passwords, or not use two FAS [Framework Advanced Security], and we see a lot of that type of activity.

In terms of exchanges, most exchanges – or at least those that are out there – have very, very tight security and whole teams like Valr dedicated to ensuring cybersecurity.

So it is very difficult to compromise an exchange – not to say it’s impossible. But it is a high priority for any crypto business.

And you’ll find that most credible exchanges out there are doing a huge amount and spending huge resources to maintain security.

So it is certainly an attractive target, but also a more difficult one.

JIMMY MOYAHA: Blake, would you say a lot of these hacking incidents are as a result of wanting to look at things like financing illicit activities and so on? There have been reports from the United Nations, as well as from the US itself, that countries like North Korea are using crypto to finance their nuclear weapons. Is it just in general that we’re seeing the fact that decentralised ecosystems like cryptocurrencies and blockchain are becoming more popular, or is it more that people want someone to blame and crypto might be the convenient place to blame?

BLAKE PLAYER: Look, I think if you look at any new technology there are always people who will look at only the negative parts of it, and people don’t like change. People weren’t very happy when cellphones first came out, or when the internet first came out.

There were huge campaigns to stop people from doing business on the internet because ‘how can you trust somebody who is selling something online?’ So this is not a unique phenomenon.

I think generally people are hesitant to change, and particularly when it comes to money it’s something that people are nervous about.

So I do think that a lot of the downsides tend to get overemphasised in the crypto space and the positives or the great advances that crypto has made from a financial technology perspective often are a bit underplayed – in traditional media at least.

Yes, so I do think obviously that there are some properties of crypto that make it more, I suppose, attractive for use cases in certain activities, like what you see with North Korea or certain terrorist groups that do tend to use it, because of its nature of not really being able to be seized or stopped.

But that’s a very small percentage of overall crypto activity. There’s a much bigger market out there doing a lot more interesting things.

So I wouldn’t spend too much time focusing on that part, but rather on the part that is really changing the world and making a difference in financial infrastructure.

JIMMY MOYAHA: Blake, would you say holding your crypto in a hard wallet is still probably one of the safest methods that individuals can use to protect their cryptos?

BLAKE PLAYER: It is certainly one of the ways you can protect your crypto – not necessarily the safest.

I think it really depends on who you are and how technically sophisticated you are, and the way that you go about doing it. It could easily be as dangerous as storing it somewhere else with a central custodian. With the hard wallet you’ve got to secure your own keys.

As an example, if I use a Ledger or a Trezor, which are two of the most popular [custodians], when I set up that wallet I get a private key, which is represented as a ‘seed phrase’ [crypto wallet recovery password].

Now I’ve got to store that seed phrase somewhere, or I’ve got to remember it.

What a lot of people – who are told that ‘you’ve got to hold your own crypto’, and that is true, it is a generally safe way if you do things properly – often lose these seeds.

Or they keep them in an unencrypted form in the email or in some other insecure place, and then they get compromised because they’ve reused a password somewhere and then suddenly they lose all their crypto.

Now that could be avoided if you are not sure about how to securely store these seeds by trusting a central custodian; but of course then you’re moving towards trusting somebody else to do better than you can.

So I suppose the question people need to answer is whether they think that their custodian can do a better job of securing the crypto than they can. In that case it might be a better choice to use a custodian like Valr or [others] that are out there.

But if you do back yourself and you know what you’re doing holding it, holding it in a hard wallet is not a bad decision.

JIMMY MOYAHA: While we’re on the topic of custodians, Blake, I want to look at obviously the importance of the correct custodians. The FSCA [Financial Sector Conduct Authority] has been very clear – and we’ve had them on the show – around the crypto asset service provider [Casp] licence. How important is it to hold your crypto with a provider that is licensed? I say this because I know Valr has a licence. I know you’ve got your Casp licence for category one and two, and it’s always good to see that there are players in the industry that are wanting to play by the rules.

BLAKE PLAYER: Yes, that is true. Valr is a licensed financial service provider, so we were awarded a Casp licence earlier this year.

And certainly if you are in South Africa it does help a lot to store and work with licensed crypto providers because you do have more recourse in the event that something goes wrong.

You know there has been a comprehensive process that has gone through that crypto service provider’s policies, how it does storage and custody, and that the operators behind that exchange are legitimate business people who are doing the right thing.

So I think the licensing regime does provide confidence to people who, when they first join up and sign up with a crypto exchange, [feel] it’s very difficult to tell whether they can trust it. So the licensing does provide a layer of additional trust.

That being said, we always do recommend that people should do their own research and homework on the exchanges that they use – and particularly the crypto providers.

But of course, particularly in South Africa, it would be important to make sure you’re dealing with somebody who’s licensed, because not only is there a chance of their being unlicensed, that they get shut down by the regulator, but you’re just not sure who’s behind and operating that exchange or service provider and that they could be a bad actor if they haven’t managed to go through the licensing process.

JIMMY MOYAHA: R25 billion worth of crypto was stolen in a 2024. Be sure you’re dealing with the right service provider. Be sure you’re dealing with licensed entities and be sure you do your research. Thanks so much for those insights, Blake.

That was Blake Player, the head of growth at Valr, joining me to reflect on the increase in a crypto hacking.