Gemini CISO Khaja Ahmed Talks Cyberattacks, AI, and Crypto Security Challenges in CoinDesk’s Cybersecurity Webinar

Cybersecurity threats have long been an issue for crypto exchanges and their customers. These attacks often prey on the most vulnerable in our population, especially those with minimal financial or technical expertise.

But within the past year, attacks from state actors and other hackers have recently become increasingly sophisticated, putting a wider swath of retail and institutional investors at risk. Now more than ever, it’s imperative for investors to remain vigilant and take the necessary steps to safeguard their information.

“The spike we’ve seen within the past four to six months has been crazy,” Gemini CISO Khaja Ahmed said in a Coindesk webinar presented by Fireblocks. “A spike in two senses–a spike both in the sophistication of these attacks and a spike in the volume… there are concerted attacks at a scale we have never seen before.”

Ahmed and Fireblocks VP of security and trust Shahar Madar joined Coindesk writer Jeff Wilser for an extended webinar discussing the scale of these cybersecurity threats, common attack strategies on centralized exchanges, how exchanges can protect customers, and some other security best practices.

Here are three takeaways from the webinar:

Cyberattacks Are Not Limited to Crypto

The crypto industry has faced significant criticism for being vulnerable to hacking attacks. The largest to date came in 2022 when hackers broke into the Ronin Network and stole roughly $625 million in ether and stablecoin.

But the threat posed by malicious actors is widespread across industries, according to Ahmed. A majority of individuals have already had their personal identifiable information (PII) hacked for simply being part of the current digital economy.

“Everybody’s PII has been stolen multiple times,” Ahmed said. “Your social security number, your mother maiden’s name, your last five addresses, all have been stolen from Experian, from Equifax, from UnitedHealthcare, from Premera. It’s probably easier to list the companies that haven’t been hacked compared to the companies that have been hacked.”

AI Is Fueling Cyberattacks, but Security Teams Can Still Win

The use of AI deepfakes and other technologies has made some cyber threats especially difficult to combat. But Madar noted that well-designed software security systems should still be able to thwart attacks in almost every case. Part of the issue is that attackers don’t have to cut through the same red tape as those designing the defense systems.

Still, you don’t have to be afraid of AI tricking someone into doing something they don’t want to if the security team properly sets up the right systems and protocols.

“If your network and system architecture does not allow them to do certain things, they will not be able to do it,” Shahar said. “If your architecture is flawed, everyone has production access rights, and they can just execute whatever they want… it doesn’t matter that you can detect deep fakes.”

Ahmed said combating these AI-fueled attacks will ultimately come down to cybersecurity teams getting the authentication, key and credential management/cryptography right, and ensuring that the service infrastructure is resistant to compromise.

“I think that can mitigate some of the problems,” Ahmed said. “We certainly do that at (Gemini).”

It’s Time For the Crypto Industry to Work Together

The number of phishing attacks over the past four to six months has increased significantly.

Gone are the days of getting a text in broken English asking to wire money to a random account to secure a Nigerian princess. Now, it’s state actors or sophisticated hacking cells running pig butchering scams, account hijacking, and other elaborate schemes to steal crypto.

That makes it especially important for crypto industry exchanges to work together and with their suite of software partners to identify threats quickly and neutralize them.

“We need faster signaling on the nature of the attacks as they evolve,” Ahmed said. “So we know what to mitigate… we can probably start anticipating the kinds of attacks and start coming up with mitigation (strategies).”

“It is something that has to happen across the industry," he added. "It involves the underlying platform on which the service is running, it involves application development frameworks. It involves cryptographic libraries… Developing methodologies and tools that can mitigate some of those attacks is going to be super important.”

Onward and Upward!
Team Gemini