A new report from a bug bounty platform shows that the amount of crypto assets lost to hacks and frauds took a dive in August. According to Immunefi, $23,366,220 worth of digital assets were lost in August, marking a sharp decline from the $320,498,660 worth of losses recorded in July. Crypto losses from hacks and […]
The post More Than $23,000,000 Worth of Crypto Lost to Hacks and Frauds in August: Bug Bounty Platform Immunefi appeared first on The Daily Hodl.
While total year-over-year losses to hackers dropped 58%, BNB Chain saw 119 security incidents leading to losses of around $70 million, followed by Ethereum, with 55 incidents netting hackers over $65 million.
More than $300 million in digital assets were lost to crypto hacks and exploits in the second quarter of 2023, according to on-chain data compiled in the quarterly report by the blockchain security company CertiK.
In the report, CertiK showed that there were a total of 212 security incidents in the quarter. The firm noted that across the incidents, malicious actors drained a total of $313,566,528 from Web3 protocols. Compared to the second quarter of 2022, when hacks and exploits took $745 million, the security firm pointed out that there was a 58% decline in the amount lost.
Despite the lower total amount recorded compared to 2022, the quarter saw an increase in the value lost to exit scams, which amounted to around $70 million in the second quarter of 2023. This is almost double the losses from similar scams in the first quarter, which was around $31 million.
Meanwhile, losses from flash loans and oracle manipulation exploits saw a drastic decrease in the second quarter compared to the first quarter of 2023. In the first quarter, there were a total of 52 oracle manipulation attacks leading to losses of around $222 million, with the infamous Euler Finance hack contributing 85% to the losses.
In the second quarter, there were a total of 54 flash loan and oracle manipulation attacks, which led to losses of around $23 million, an 89% decline compared to the first quarter.
Related: Poly Network urges users to withdraw after exploit affects 57 crypto assets
Apart from this, CertiK also highlighted that out of all the blockchains the firm analyzed, BNB Chain recorded the most incidents, with 119 incidents leading to $70,711,385 in losses. Ethereum came in second place, with 55 incidents netting hackers $65,999,953.
Meanwhile, a report from PeckShield showed that half of stolen nonfungible tokens (NFTs) are being sold within three hours of being stolen by malicious actors — indicating that hackers are quick to offload their ill-gotten gains after performing NFT theft.
Magazine: Should crypto projects ever negotiate with hackers? Probably
A new survey conducted by Kaspersky indicates one in three US digital asset investors have had their crypto stolen. The Russian cybersecurity firm surveyed 2,000 American adults about crypto last October. Kaspersky notes that 24% of the respondents said they currently own crypto assets. According to the study, a third of the digital asset owners […]
The post One in Three US Crypto Investors Fell Victim to Fraudulent Websites or Investment Scams: Kaspersky Study appeared first on The Daily Hodl.
The Federal Bureau of Investigation (FBI) says that the number of victims who fell to crypto investment scams reached record numbers in 2022. In a new report, the Bureau says that investment scams were the costliest schemes reported to the Internet Crime Complaint Center (IC3) last year. Losses sustained by investment scam victims rose from […]
The post FBI Says Crypto Scams Skyrocketed 183% in 2022, Causing $2,570,000,000 in Losses appeared first on The Daily Hodl.
The scammer behind the crypto wallet draining kit even recommended an alternative and gave advice to budding cybercriminals.
The cryptocurrency phishing scammer behind some of the most high-profile and high-value Web3 thefts is claiming to have packed up shop and is “moving on to something better.”
The scammer by the pseudonym Monkey Drainer posted to their Telegram channel on Mar. 1 that they “will be shutting down immediately” and all “files, servers and devices” related to the drainer “will be destroyed immediately” and it “will not return.”
The scammer even gave advice to budding “young cyber criminals” saying they shouldn’t “lose themselves in the pursuit of easy money” and only those “with the highest level of dedication” should operate a “large scale cybercrime” outfit.
Monkey Drainer even recommended a “flawless” alternative service to the one they once offered named “Venom Drainer” and pointed to a Telegram account for the service that was created only a day before Monkey’s announcement.
Blockchain security firm PeckShield tweeted on Mar. 1 that Monkey Drainer scammer deposited around 200 Ether (ETH) worth $330,000 within the last day into the crypto mixing service Tornado Cash, attempting to obscure their funds. 840 ETH worth $1.4 million was still in their primary wallet.
#PeckShieldAlert Scammer #MonkeyDrainer, who runs theft schemes for multiple clients (a sort of 'scam-as-a-service') announced to shut down their service
— PeckShieldAlert (@PeckShieldAlert) March 1, 2023
~200 $ETH has been transferred to Tornado Cash within the last 24 hours, while ~840 $ETH (~$1.4M) sits in their main address pic.twitter.com/1lg3KLRxhk
Blockchain security firm CertiK also shared Monkey’s message on a Mar. 1 tweet, saying the crypto wallet-draining kit they offered is understood to take a 30% “commission” of funds stolen funds from others' use of the software.
Wallet-draining kits from other providers have copied the model, and CertiK pointed to other vendors already reporting an uptick in requests since Monkey Drainer announced the shutdown.
3/ Wallet drainer vendors have noted the payment structure Monkey introduced and have since copied
— CertiK Alert (@CertiKAlert) February 28, 2023
Below are a few examples that we’ve seen: pic.twitter.com/i62aU5t2pv
Monkey Drainer is understood to have operated since late 2022 and is estimated to have stolen up to $13 million worth of cryptocurrencies and nonfungible tokens (NFTs) since that time.
Related: Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel
Other copycat phishing scammers and wallet-draining kits have stolen much more. A report from Web3 bug bounty platform Immunefi revealed $3.9 billion worth of crypto was lost to hacks, frauds, scams and rug pulls in 2022.
Possibly one of the single most high-profile and high-value theft by a wallet drainer in recent times was the January attack on Kevin Rose, the co-founder of the Moonbirds NFT collection.
Rose’s wallet was drained after he approved a malicious signature on a phishing website that transferred over $1.1 million worth of his personal NFTs to the attacker.
Blockchain security firm SlowMist is revealing that hundreds of exploits happened on decentralized networks last year resulting in billions of dollars in losses. In its latest annual report, the security firm says that the crypto industry recorded losses of $3.77 billion in 303 incidents last year, a 61% decrease compared to the $9.79 billion in […]
The post Over $3,770,000,000 Lost to Blockchain-Related Hacks in 2022: Security Firm SlowMist appeared first on The Daily Hodl.
The industry is likely to see “further attempts from hackers targeting bridges in 2023," while users are urged to be warier of their private keys.
The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.
The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:
“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”
Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.
Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”
On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.
The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.
Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:
“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”
The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.
Related: Revoke your smart contract approvals ASAP, warns crypto investor
Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.
The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.
December proved to be the month with the least crypto stolen in 2022, although there were still 23 major incidents, according to CertiK.
Cryptocurrency hackers and exploiters seemingly slowed down for the 2022 holidays as December saw $62.2 million worth of cryptocurrencies stolen, the “lowest monthly figure” of the year, according to CertiK.
The blockchain security company on Dec. 31 tweeted a list of the month's most significant attacks. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month, followed by the $7.6 million worth of flash loan-based exploits.
#CertiKStatsAlert
— CertiK Alert (@CertiKAlert) December 31, 2022
Combining all the incidents in December we’ve confirmed ~$62.2M lost to exploits, hacks and scams.
The lowest monthly figure this year.
Exit scams were ~$15.5M
Flashloans were ~$7.6M
See the details below pic.twitter.com/1ub3mYVv6K
A later tweet on Jan. 1 confirmed that the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. 2 the largest of the month.
The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow millions worth of HAY.
At the time, the decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY, causing the loan to be significantly undercollateralized, leading to the protocol's loss and a depeg of its stablecoin.
The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23, where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.
Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.
CertiK labeled the exploit an “exit scam” due to the fact an admin key was required to conduct the attack. Defrost denied the allegations to Cointelegraph, claiming the key was compromised.
Related: Crypto’s recovery requires more aggressive solutions to fraud
The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November, a figure largely skewed by the $477 million hack of crypto exchange FTX.
#CertiKStatsAlert
— CertiK Alert (@CertiKAlert) December 1, 2022
36 major attacks were recorded in November totalling a loss of ~$595 Million.
As always, make sure a project has an audit & KYC before investing!
Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm
Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to bad actors, largely on cross-blockchain bridges and DeFi protocols.
Data from blockchain analytics firm Chainalysis shows that October is “the biggest month in the biggest year ever for hacking activity.” The firm added that crypto hackers have grossed over $3 billion across 125 hacks so far this year. Crypto-Hacking Activity Soars in October Chainalysis shared some crypto-related hacking statistics Wednesday. The blockchain data analytics […]
Decentralized finance (DeFi) crypto hacks are already on the rise this month, according to the blockchain analysis firm Chainalysis. Chainalysis notes that October has been the most prolific month for hackers so far this year, with $718 million worth of assets stolen across 11 different attacks aimed at DeFi protocols. Chainalysis says the current total […]
The post Crypto Hacks Explode in October, With $718,000,000 Stolen From DeFi Sector in Just Two Weeks: Chainalysis appeared first on The Daily Hodl.
