Crypto Hackers Heading For Bonanza Year As Theft Increases, Says Chainalysis
October is the “biggest month in the biggest year ever” for cryptocurrency hackers, with $718 million stolen from decentralized finance websites across 11 different hacks, according to Chainalysis, a US-based company that tracks such data.
At this rate, 2022 will surpass 2021 as the biggest hacking year ever, with over $3 billion stolen so far across at least 125 hacks, the firm said. The figure for 2021 was $3.2 billion.
Decentralized finance (DeFi) stands out as a new preferred target for hackers, with DeFi representing nearly 99% of total losses from exploits in July to September, according to a report by Singapore-based security services platform Immunefi.
“Just a few years ago, centralized exchanges were by far the most frequent targets of hacking in the cryptocurrency industry,” said Kimberly Grauer, head of research at Chainalysis. Discard in an email.
“Today, successful hacks of centralized exchanges are rare because these organizations prioritized their security … now hackers are always looking for the newest and most vulnerable services.”
Cross-chain bridges have been particularly vulnerable, with a major exploit of the Binance bridge last week adding to three major bridge hacks this month, totaling US$600 million. Bridge exploits accounted for over half of all losses to hackers this year, Chainalysis added.
“Bridge design remains an unsolved technical challenge, with many new models being developed and tested,” Grauer said. “These different designs provide new attack opportunities that can be exploited by bad actors.”
Organized hackers, such as the North Korean state-backed Lazarus Group, have become the most sophisticated when it comes to exploits and laundering stolen funds, she said. Chainalysis estimates that by 2022, North Korea-linked groups have stolen at least $1 billion in cryptocurrency from DeFi protocols.
Nothing new
But “the techniques we’re seeing used in these October attacks are largely nothing new,” Jasper Lee, audit engineering lead at Sooho.io, said in an email to Discard.
The underlying problem is that many DeFi protocols and dApps are being launched without “proper security,” with attackers picking the “lowest hanging fruit,” Lee said.
Hacks were already underway for a record year in July, but chain analysis data showed that the monthly volume of total illegal activity involving crypto fell during the first half of 2022 as markets fell.
“For cybercriminals, the payload associated with hacking something like Wintermute or Nomad is much more lucrative than going after individuals,” said Henry Chambers, senior director at Alvarez & Marsal Disputes and Investigations.
Chambers, a founding member of the Crypto Fraud and Asset Recovery Network (CFAAR) Hong Kong chapter, said the drop in prices may have also reduced the number of inexperienced investors attracted to crypto.
This demographic will be a prime target for crypto scammers and fraudsters, and their absence could help hacks outpace other forms of illegal activity, Chambers said.
Launched in the UK in 2021, CFAAR opened its Hong Kong outlet this year with the stated goal of improving awareness of crypto asset recovery and making digital asset adoption safer and more secure.
Stay knowledgeable
DeFi and cryptocurrency attract cybercriminals because of blockchain’s fast transactions and pseudonymity, said Jonathan Crompton, a partner at the RPC law firm and another founding member of the CFAAR Hong Kong Chapter.
The lack of centralized, traditional financial institutions may be appealing to many users, but it can also lead to them falling victim to fraud and hacking more often and recovering less. In total, only 4% of lost crypto funds were recovered in 2022, according to Immunefi.
Crompton concluded that the best way to respond to a case of cryptohacking or fraud remains to avoid it in the first place – better awareness and preventive practices are key.
News of record-breaking hacks could also prompt investors to avoid DeFi altogether, Henry Liu, CEO of crypto-asset exchange BTSE, told Discard in an email.
“The space remains unfriendly to retail investors, especially those who lack the expertise to assess the safety of their chosen investment platforms,” Liu said.
According to Chainalysis’ Grauer: “While not foolproof, a valuable first step toward solving problems like this could be for extremely strict code audits to become the gold standard of DeFi, both for these building protocols and for the investors who evaluate them.”
Grauer added that asset recovery is becoming more advanced. US$30 million of funds were recovered from the over US$625 million Axie Infinity bridge exploit carried out by the North Korean Lazarus group earlier this year, representing the first ever recovery from the infamous hackers.