Blockchain Technology and the Metaverse

CSA's Singapore Cyber Landscape 2021 report was recently published on 29 August 2022. The following is an excerpt from chapter 4 - ‘Cyber Trends to Watch’ - which delves into various global developments that could impact, disrupt and reshape the cybersecurity landscape.

Web3, blockchain technology and the metaverse - these three buzzwords have recently gained intense popularity in 2021, as interest in cryptocurrencies and their underlying technology soared. Web3 refers to the next generation of the Internet where emphasis is placed on the decentralisation and user ownership of data or digital assets. Blockchain technology supports this new ‘iteration’ of the Internet as it builds a digitally distributed database where building blocks of data or transactions are dynamically shared across the nodes of a peer-to-peer network. Put together, the idea of non-fungible tokens (NFTs) was conceived as a unique piece of digital asset backed by blockchain technology to be used in the Metaverse – a universal and highly immersive virtual world where people can work, play, shop and socialise. Regardless of whether one is a believer in Web3, it has certainly emerged as fertile ground for new malicious cyber activities.

CRYPTOCURRENCY SCAMS

According to blockchain data platform Chainalysis, crypto-based crime hit a high in 2021, with cryptocurrency wallets linked to illicit activities receiving USD 14 billion – an increase of some 79% from 2020. Decentralised Finance (DeFi) – peer-to-peer financial platforms that enable transactions without the need for financial intermediaries – has been a key factor in the rise of crypto-based crime.

The anonymity afforded by DeFi, which has opened up opportunities in crypto-based crime, has also impeded investigations by law enforcement agencies. In addition to being “trustless” – in that users of DeFi platforms do not depend on intermediaries for a network or payment system – DeFi’s open and distributed nature also poses problems for regulators as it is difficult to track illicit activity and enforce regulations across borders. Furthermore, money trails associated with crypto laundering may only appear long after the incidents have taken place, as cybercriminals sit on stolen cryptocurrency in the hope that they can cash out unnoticed once law enforcement efforts die down. Such challenges incentivise and embolden cybercriminals to engage in crypto-based scams.

SECURING OUR DIGITAL ASSETS IN THE METAVERSE

Many think NFTs will be one of the core components of experiencing the Metaverse. Imagine this: your Metaverse self, a collector of many priceless NFT pictures, adding a pair of NFT sneakers onto your virtual avatar. Unfortunately, you are hit by a stroke of bad luck, and your account was hacked, and digital assets stolen. An improbable scenario, you say? Perhaps, but as the masses grow more receptive to the concept of the Metaverse (fuelled by Meta’s high-profile rebranding), securing our own digital assets will become ever more important.

Given the emphasis on decentralisation in Web3, there will be no secure platforms or protected spaces for individuals to park their assets under: all users are potentially at risk in this presently unregulated space. While organisations typically have greater resources to secure their assets, individuals will likely be much more susceptible to cyber-attacks by Cybercriminals. This is because scammers are likely to employ the same TTPs such as phishing and impersonation in their attacks, despite the move towards the Metaverse. Notably, there is also a liability shift as users will have to assume full responsibility of their own digital assets in the Metaverse. Cyber hygiene will be of utmost importance to prevent hacks; increased vigilance and cyber awareness will be more important than ever, to guard against scams and spear-phishing attacks.

STAYING CYBER-SAFE

As Singapore builds up its digital economy and more businesses go online, cyber hygiene is of paramount importance in the defence against cyber threats. CSA's  SG Cyber Safe Programme helps Singapore enterprises better protect themselves in the digital domain and raise their cybersecurity posture. The programme includes cybersecurity toolkits tailored for different enterprise roles as well as a cybersecurity certification programme comprising the Cyber Essentials mark and Cyber Trust mark to recognise enterprises with good cybersecurity practices.

For more cyber trends to watch, as well as insights on Singapore’s cybersecurity situation in 2021 against the backdrop of global trends and events, readers may refer to the newly launched  Singapore Cyber Landscape 2021 report.