Blockchain security firm SlowMist is revealing that hundreds of exploits happened on decentralized networks last year resulting in billions of dollars in losses. In its latest annual report, the security firm says that the crypto industry recorded losses of $3.77 billion in 303 incidents last year, a 61% decrease compared to the $9.79 billion in […]
The post Over $3,770,000,000 Lost to Blockchain-Related Hacks in 2022: Security Firm SlowMist appeared first on The Daily Hodl.
The industry is likely to see “further attempts from hackers targeting bridges in 2023," while users are urged to be warier of their private keys.
The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.
The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:
“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”
Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.
Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”
On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.
The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.
Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:
“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”
The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.
Related: Revoke your smart contract approvals ASAP, warns crypto investor
Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.
The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.
December proved to be the month with the least crypto stolen in 2022, although there were still 23 major incidents, according to CertiK.
Cryptocurrency hackers and exploiters seemingly slowed down for the 2022 holidays as December saw $62.2 million worth of cryptocurrencies stolen, the “lowest monthly figure” of the year, according to CertiK.
The blockchain security company on Dec. 31 tweeted a list of the month's most significant attacks. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month, followed by the $7.6 million worth of flash loan-based exploits.
#CertiKStatsAlert
— CertiK Alert (@CertiKAlert) December 31, 2022
Combining all the incidents in December we’ve confirmed ~$62.2M lost to exploits, hacks and scams.
The lowest monthly figure this year.
Exit scams were ~$15.5M
Flashloans were ~$7.6M
See the details below pic.twitter.com/1ub3mYVv6K
A later tweet on Jan. 1 confirmed that the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. 2 the largest of the month.
The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow millions worth of HAY.
At the time, the decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY, causing the loan to be significantly undercollateralized, leading to the protocol's loss and a depeg of its stablecoin.
The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23, where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.
Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.
CertiK labeled the exploit an “exit scam” due to the fact an admin key was required to conduct the attack. Defrost denied the allegations to Cointelegraph, claiming the key was compromised.
Related: Crypto’s recovery requires more aggressive solutions to fraud
The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November, a figure largely skewed by the $477 million hack of crypto exchange FTX.
#CertiKStatsAlert
— CertiK Alert (@CertiKAlert) December 1, 2022
36 major attacks were recorded in November totalling a loss of ~$595 Million.
As always, make sure a project has an audit & KYC before investing!
Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm
Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to bad actors, largely on cross-blockchain bridges and DeFi protocols.
Data from blockchain analytics firm Chainalysis shows that October is “the biggest month in the biggest year ever for hacking activity.” The firm added that crypto hackers have grossed over $3 billion across 125 hacks so far this year. Crypto-Hacking Activity Soars in October Chainalysis shared some crypto-related hacking statistics Wednesday. The blockchain data analytics […]
Decentralized finance (DeFi) crypto hacks are already on the rise this month, according to the blockchain analysis firm Chainalysis. Chainalysis notes that October has been the most prolific month for hackers so far this year, with $718 million worth of assets stolen across 11 different attacks aimed at DeFi protocols. Chainalysis says the current total […]
The post Crypto Hacks Explode in October, With $718,000,000 Stolen From DeFi Sector in Just Two Weeks: Chainalysis appeared first on The Daily Hodl.
A rapidly growing crypto market means that hacks and scams are accounting for less overall activity, and their percentage of total usage continues to decline.
Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace.
The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021.
In its Cryptocurrency Crime and Anti-Money Laundering Report released June 13, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 and Q1 2022 netted attackers $2.4 billion.
Over half of that figure came from just two events, the largest being the late March 2022 Ronin Network exploit worth about $650 million and the $610 million August 2021 hack of the Poly Network, most of which was returned by the anonymous hacker.
Within a similar time period, anti-money laundering (AML) related fines in the banking sector increased dramatically with 80 institutions fined in 2021, up from just 24 in 2020 according to Kyckr.
While the total dollar amount of the fines fell from 2020, last year saw the banks pay $2.7 billion worth of fines for AML or Know Your Customer (KYC) related violations, the largest single fine totaling around $700 million.
While significant sums have been exploited in crypto, CipherTrace detailed the rapidly expanding crypto ecosystem, noting the total crypto market activity for 2020 was around $4.3 trillion, which grew to approximately $16 trillion of activity just in the first half of 2021.
CipherTrace says that the growth of the crypto market also brings with it increased scrutiny from the world's regulators, who are “starting to take decisive action to ensure that the space isn’t just a modern-day wild west.”
Related: A life after crime: What happens to crypto seized in criminal investigations?
Some of the most significant regulatory events cited in the report include the United States President Biden’s crypto executive order in March to study blockchain technology, Dubai establishing a virtual assets regulator, and the European Union’s proposed anti-money laundering laws.
CipherTrace added organizations are going to have a “very real incentive to shape up” or face “heavy losses at the hands of the government,” adding it expects the threats existing in crypto will be the focus of future regulatory efforts.
