Scary stats: $3B stolen in 2022 as of ‘Hacktober,’ doubling 2021

November 1, 2022 Coin Telegraph

Scary stats: B stolen in 2022 as of ‘Hacktober,’ doubling 2021

Blockchain security firm Peckshield shared the stats on Halloween night, but also added the month saw $100 million in crypto returned.

The month of October has broken all records for crypto exploits and the amount of digital loot pilfered — living up to its new moniker of "Hacktober" — according to the latest figures.

On Oct. 31, blockchain security firm PeckShield tweeted some scary statistics for the month, reporting a total of $2.98 billion in stolen digital assets as of Oct. 31, 2022, which is nearly double the $1.55 billion lost in all of 2021.

"Hacktober" saw around 44 exploits affecting 53 protocols, it added. Malicious actors made off with a whopping $760 million in the month, however, $100 million had been returned.

#PeckShieldAlert ~44 exploits (53 protocols affected) grabbed ~$760.2M in Oct. 2022, and ~$100M already returned the exploited protocols (Total loss: $657.2M)
As of October 2022, the stolen funds (~$3B) in 2022 “doubled” last year’s loss pic.twitter.com/mKZAjVk7UU
— PeckShieldAlert (@PeckShieldAlert) October 31, 2022

After October, March was the second-highest month for hacked funds with just under $710 million stolen. The majority of this was from the Ronin bridge exploit which resulted in $625 million in crypto assets being pilfered.

The top exploit for October was by far the BNB Chain which lost $586 million according to PeckShield. It listed the Mango Markets DeFi protocol as second, despite it including an agreement with the exploiter to return some of the funds.

There were several other notable exploits in October according to DeFiYield’s Rekt Database. These include the Freeway crypto yield platform which it classified as a $60 million rug pull, Transit Swap which lost $29 million, Team Finance taking a $13 million hit, and Moola Market losing $9 million.

DeFiYield released its own report on Nov. 1 depicting the dire state of the hackfest that took place last month.

It claims that more than $1 billion was lost to crypto scams in October though it includes what it considers as rug pulls and Ponzis in addition to direct protocol exploits. DeFiYield reported 35 total incidents for the month, 15 of which were rug pulls.

On a brighter note, the report stated that almost $890 million in crypto funds had been recovered so far in 2022.

Olympus DAO Hacked for 30,000 OHM Worth $300,000, Perpetrator Returns Funds Within Hours

October 21, 2022 The Daily Hodl

FBI Warns About Decentralized Finance Exploits and the Losses Associated With Them

August 31, 2022 Bitcoin.com

FBI issues alert over cybercriminal exploits targeting DeFi

August 30, 2022 Coin Telegraph

Coin Telegraph

Smart contracts governing DeFi platforms identified as a particular cause for concern for the enforcement agency.

The U.S Federal Bureau of Investigation (FBI) has issued a fresh warning for investors in decentralized finance (DeFi) platforms, which have been targeted with $1.6 billion in exploits in 2022.

In an Aug. 29 public service announcement on the FBI's Internet Crime Complaint Center, the agency said the exploits have caused investors to lose money — advising investors to conduct diligent research about Defi platforms before using them, while also urging platforms to improve monitoring and conduct m rigorous code testing.

The law enforcement agency warned that cybercriminals are out in force to take advantage of "investors' increased interest in cryptocurrencies," and "the complexity of cross-chain functionality and open source nature of Defi platforms."

The #FBI warns that cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal investors cryptocurrency. If you think you are the victim of this, contact your local FBI field office or IC3. Learn more: https://t.co/fboL1N17JN pic.twitter.com/VKdbpbmEU1
— FBI (@FBI) August 29, 2022

The FBI observed cybercriminals exploiting vulnerabilities in smart contracts that govern DeFi platforms in order to steal investors' cryptocurrency.

In a specific example, the FBI mentioned cases where hackers used a "signature verification vulnerability" to plunder $321 million from the Wormhole token bridge back in February. It also mentioned a flash loan attack that was used to trigger an exploit in the Solana DeFi protocol Nirvana in July.

However, that's just a drop in a vast ocean; according to an analysis from blockchain security firm CertiK in M, since the start of the year, over $1.6 billion has been exploited from the DeFi space, surpassing the total amount stolen in 2020 and 2021 combined.

FBI recommends due diligence, testing

While the FBI admitted that "all investment involves some risk," the agency has recommended that investors research DeFi platforms extensively before use, and when in doubt, seek advice from a licensed financial adviser.

The agency said it was also very important that the platform's protocols are sound, and to ensure they have had one or more code audits performed by independent auditors.

Typically, a code audit involves a review of the platforms underlying code to identify vulnerabilities or weaknesses which could be exploited.

According to the FBI, any DeFi investment pools with an "extremely limited timeframe to join" or "rapid deployment of smart contracts" should also be approached with extreme caution, especially if they have not conducted a code audit.

Crowdsourced solutions, generating ideas or content by soliciting contributions from a large group of people, were also flagged by the law enforcement agency.

"Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions."

The FBI said DeFi platforms can also do their part to increase security by testing their code regularly to identify vulnerabilities, along with real-time analytics and monitoring.

An incident response plan and informing users about possible platform vulnerabilities, hacks, exploits, or other suspicious activity are also among the recommendations.

However, failing all that, the FBI urges American investors targeted by hackers to contact them through the Internet Crime Complaint Center or their local FBI field office.

Earlier this year, U.S. Deputy Attorney General Lisa Monaco announced the FBI was stepping up its efforts to address crime in the digital asset space with the formation of the Virtual Asset Exploitation Unit.

The specialized team is dedicated to cryptocurrency and includes experts to help with blockchain analysis as part of a shift in focus toward disruption of international criminal networks, rather than just their prosecution.

Binance Smart Chain Creates a $10 Million Bug Bounty Fund to Tighten Protocol Security

July 26, 2021 Bitcoin.com

CipherTrace expands to cover Binance Smart Chain amid wave of exploits

May 28, 2021 Coin Telegraph

binance smart chain

Binance beefs up blockchain analytics amid a surge in DeFi exploits.

Cryptocurrency and blockchain intelligence company CipherTrace has announced analytics support for Binance Smart Chain (BSC) amid a rise in attacks and vulnerabilities on protocols running on the network.

In an announcement on May 27, the firm stated that it aims to identify higher-risk financial transactions taking place on BSC and its decentralized applications which now number more than 600. CipherTrace already tracks the activity of over a thousand digital assets. Dave Jevans, CEO of CipherTrace, stated that once support for a blockchain is added, the firm can add analytics for all applications built on that network.

The inclusion of CipherTrace’s analytics also allows Virtual Asset Service Providers (VASPs), such as exchanges, banks, OTC desks, hosted wallets, and other financial institutions, to flag transactions occurring on BSC that have a high probability of originating in illicit activity, including fraud.

Binance Chief Compliance Officer, Samuel Lim, noted that compliance with global anti-money laundering regulations is paramount and CipherTrace will help them achieve that.

“CipherTrace incorporating Binance Smart Chain data into its attribution system to support applications and exchanges is a move to combat illicit activities. In the long run, this will gain BSC more credibility and partnerships in the fiat and regulated space.”

BSC has been the epicenter of illicit activity and DeFi exploits over the past few months. The list of protocols losing money to malicious actors is growing, the largest of which is PancakeBunny which lost as much as $200 million in BNB and its native token in a massive flash loan attack on May 20.

Other DeFi protocols running on BSC that have been hacked or exploited recently include Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, and Spartan Protocol.

Earlier this month, Marie Tatibouet, chief marketing officer of crypto exchange Gate.io told Cointelegraph that the lack of due diligence has exacerbated these exploits due to BSC’s centralized nature, adding that “they are greenlighting hundreds of projects every single week.”

Alpha Homora defies market slump, bolsters TVL and token price on v2 relaunch

May 13, 2021 Coin Telegraph

Alpha

The leveraged yield farming protocol looks to put multiple missteps in the past with a successful relaunch.

After a rocky first quarter, decentralized finance (DeFi) platform Alpha Homora announced the relaunch of its v2 leveraged yield farming program today — and so far both traders and users are celebrating as both total value locked (TVL) and ALPHA token prices soar.

The version 2 of the platform, which allows for leverage up to 7x on popular yield farming positions on protocols such as Sushi, Curve, and Balancer, notably had to shut down to new positions after a devastating hack in February. The protocol suffered $37 million in losses, which counts among the most devastating exploits in DeFi history.

However, the relaunch so far has gone swimmingly by multiple metrics. The ALPHA token — which underwent a revamped tokeneconomic design during the downtime — is up 11.1% to $2.28 on the day, and TVL has increased by nearly $100 million since the relaunch to a total of $675 million.

#AlphaHomoraV2 now has...

$675M TVL

$500M lent

$170M collateral

$99M borrowed

Though the demand to use the product is high, we'll maintain security measure that we set out to do by keeping $100M credit limit for now.

Will actively monitor & increase accordingly
— Alpha Finance Lab (@AlphaFinanceLab) May 13, 2021

It now remains to be seen how long the protocol will remain stable. In addition to the February exploit, the platform was tied to Rari Capital’s $11 million loss earlier this week, though that particular exploit was due to no fault on Alpha Finance Lab’s part.

The relaunched v2 also came with a new set of audits, but ultimately the greatest test of a DeFi protocol is time — the longer it’s survived scrutiny from would-be exploiters, the more users can trust its longevity.

Some observers are additionally off-put by Alpha’s unusual model, which has little precedent in Tradfi. However Leo Cheng of C.R.E.A.M. Finance, whose Iron Bank protocol-to-protocol lending platform enables v2’s leveraged yield farming, argued in an interview with Cointelegraph that if flash loans can be a key cog in DeFi’s capital efficiency, leveraged lending is a logical next step.

By nature, says Cheng, a smart contract “doesn’t quite care, and it doesn’t quite see the borders with the smart contract projects” with regards to where funds are coming from. As long as a transaction will end with the various protocols involved in the green, the transaction will go through.

Alpha Finance Labs did not respond to multiple requests for comment.

Exploits

FBI recommends due diligence, testing

Share this video