Reading time: ~ 2 m
At the end of the decade 2011-2021, the total equivalent of stolen cryptocurrencies by hackers exceeded $ 12.1 billion. This is only about the loss of business – exchanges and other platforms, including DeFi.
Crystal Blockchain analysts have prepared a report on hacks and fraud in the cryptocurrency industry for the period from 2011 to 2021. The equivalent of user losses in fiat currencies grows with market capitalization. If at the beginning of 2014, the disappearance of 850,000 BTC from MtGOX balances was estimated at “only” half a billion dollars and became the largest hack in the world, then in recent years, losses in hundreds of millions of dollars are no longer surprising to anyone.
As the cryptocurrency market grows, the number of crimes, the subject or means of which are cryptoassets, is growing. On the one hand, new companies enter the market, attracting the attention and funds of investors with ambitious projects. On the other hand, the possibility of quick “earnings” and the high-tech nature of the object of the crime attracts sophisticated fraudsters who are able to implement hacks and schemes of the “highest level”.
In the previous two years, mass frauds with the disappearance of their organizers prevailed in the field of cryptocurrency crimes. In 2019, the PlusToken Ponzi scheme raised more than $ 2.9 billion from the Chinese population, representing almost 50% of the total crime for the year. In 2020, a similar WoToken scheme lured away $ 1.1 billion from investors, which was about 15% of the total crime in 2020.
Since 2020, nearly half of all cryptocurrency hacks have been related to DeFi projects, according to CipherTrace reports. For 8 months of 2021, losses in DeFi accounted for almost 54% of all criminal activities in the industry. The situation is complicated by the fact that not all new players in the cryptocurrency industry have managed to adjust security systems adequately to the possible threat.
How scammers steal cryptoassets
Common approaches of fraudsters to stealing cryptocurrency assets, as well as hacking cryptocurrency exchanges and their ecosystems:
The use of elements of social engineering in relation to exchange personnel, as well as the distribution of malware and bribery of personnel. This gives attackers access to administrative accounts and internal exchange systems.
Hacking the accounts of the founders and developers of the exchange software. A particularly dangerous period in the life cycle of a crypto project is the split stage, which exposes parent or subsidiary companies to additional risks due to the leakage of critical information during the reorganization.
Withdrawing liquidity from DeFi pools (rug pull). Typically, scammers manage to lure investors and withdraw their tokens from their controlled pool against the backdrop of a large-scale advertising campaign and a common among investors syndrome of loss of profits, FOMO.
Spoofing or hacking a web application of a cryptocurrency exchange that connects a client with his money on exchange servers, as well as an attack on clients’ hot wallets. Custodial services of cryptocurrency exchanges have many advantages, for example, high transaction speed, customer support, insurance, etc. However, centralized control over private keys, user accounts and passwords has proven to be a serious security risk for exchanges.
Another form of risk arises when the developers involved in a project lack the financial knowledge to anticipate the consequences of price manipulation and arbitrage loopholes. So, in October 2020, a hacker took advantage of the opportunity for uncontrolled arbitration on the Harvest Finance platform. He used an instant loan of $ 50 million to manipulate the prices of the liquidity pool and was able to withdraw $ 25 million worth of crypto assets. After the attack, the FARM token price collapsed by 65%. Subsequently, similar attacks have occurred more than once.
Situation in the world
According to a study by Crystal Blockchain, over the past ten years, there have been 120 attacks on security systems, 73 attacks on DeFi projects and 33 fraudulent schemes, which led to the theft of crypto assets totaling about $ 12.1 billion.
The report notes that more than $ 1.7 billion were stolen from DeFi projects. According to Crystal experts, this is due to the fact that new technologies still have many vulnerabilities.
The largest hack occurred in 2021 on the DeFi Poly Network project. The goal of the hacker was to steal tokens worth more than $ 614 million. Subsequently, part of the stolen tokens was returned.
BTC-e exchange became the leader in “dirty bitcoin laundering”. For several years, more than 200,000 BTC have been legalized. According to the Crystal database, more than a third (39%) of all stolen bitcoins were distributed through fraudulent exchanges – trading platforms involved in exit scams, illegal transactions, or holding digital assets confiscated by the authorities.
Summary of the report from the Crystal team
The most common method of stealing cryptocurrencies has become the penetration into the security systems of cryptocurrency exchanges. The largest exchange loss incurred as a result of a security breach is considered to be the incident with the Japanese exchange Coincheck in 2018 ($ 535 million). In total, security breaches led to theft in the amount of $ 3.18 billion;
$ 7.12 billion stolen from fraud;
$ 1.76 billion from hacked DeFi protocols. In 2020-2021, DeFi hacks have been gaining momentum and continue to grow;
The countries most susceptible to exchange security breaches are the United States, the United Kingdom, South Korea, Japan and China.
In 2021, NFT fraud is gaining popularity among cryptocriminals. This is facilitated by the explosive growth of community interest in NFT and the high market capitalization of tokens, which reached $ 75.6 billion in 2021. The growth of the sector has led to the emergence of new “shadow” players.
Almost eleven years have passed since the successful hacker attack on the MtGox cryptocurrency exchange. But despite technological advances, a young and wealthy industry remains vulnerable to cybercrime.
Many companies have never been able to fully develop or implement reliable methods of countering hacker attacks. Just like ten years ago, cybercriminals are uncovering security holes in cryptocurrency platforms, and the Bonnie and the Clydes of the digital age are successfully pursuing their criminal designs.
#Cryptocurrency #projects #lost #billion #ten #years #result #hacker #attacks