Crypto thieves pocketed $1B in 2023


Over $920 million dollars has been stolen from blockchain users in the first half of the year. Cybercriminals struck with a series of smart contract attacks, phishing attacks, thefts from trading platforms, online fraud, and other security incidents, according to a report by the blockchain security firm SlowMist.

A total of 185 security incidents brings the average loss per incident to almost $5 million.

DeFi (Decentralised Finance), NFT (Non-Fungible Token), and cross-chain bridge incidents were the most common, with 131 cases and losses of approximately $487 million, as of June 30th, 2023.

ADVERTISEMENT

The Ethereum blockchain suffered the most losses, with approximately $276 million, followed by the Polygon ecosystem, with around $122 million.

More than half of NFT security incidents resulted from vulnerabilities in the projects themselves, which were exploited by attackers. This was followed by phishing attacks, which accounted for 46%.

Wallet security incidents totaled 5 cases, with about $109 million in losses. The most extensive and costly incident was the Atomic Wallet Hack.

Seven security incidents on trading platforms amounted to $56.62 million in losses. Ten public chain security incidents brought $672,000 to adversaries, and the other 32 security incidents amounted to $266 million in losses.

Compared to the first half of 2022, total losses have decreased by 54% year on year. 187 incidents with approximately $2 billion in losses were recorded in 2022.

Some were lucky enough to recover funds

Not all incidents ended up being a total loss. There were ten incidents where all or part of the lost funds were recovered after an attack. Out of $232 million stolen funds, $219 million were returned.

According to the SlowMist report, these are the most prominent phishing gangs:

ADVERTISEMENT

Pink Drainer: This gang has stolen about $3 million in assets from 1,932 victims. One victim alone lost an NFT worth nearly $320,000. The group obtained Discord tokens through social engineering attacks and sent phishing links through Discord administrator accounts. Many users accidentally opened malicious websites and signed malicious signatures, resulting in asset losses.

Vemon Drainer: This phishing service provider has defrauded $27 million from over 15,000 victims. The gang created 530 phishing websites, targeting over 170 brands, including Arbitrum, Blur, zkSync, Optimism, and MetaMask. They use various scams and the gang mainly launders money through platforms such as Tornado Cash, ChangeNOW, and SimpleSwap.

Monkey Drainer: This phishing organization is notorious for stealing millions of dollars. They made a total profit of $16,506,602 through phishing, of which phishing NFTs made a profit of $9,374,344, and ERC20 Tokens made a profit of $7,132,257. The organization mainly phishes through bait websites related to fake NFTs published by fraudulent KOL Twitter accounts, Discord groups, etc., involving more than 2,000 domain names. On March 1st, 2023, Monkey Drainer abruptly shut down its services and destroyed all related files, servers, and equipment.

Pussy Drainer: Since January 6th, this gang’s phishing activities have affected more than 3,000 victims, with a total amount stolen of approximately $15 million. The biggest victim lost assets worth $2.3 million.

Inferno Drainer: This scam manufacturer gradually emerged on May 19th. It specializes in multi-chain scams and mainly charges a 20% fee for stolen assets. According to the data, nearly 4,888 victims have been found so far, with stolen assets totaling about $5.9 million. Inferno has already created more than 689 phishing websites, targeting more than 220 brands.

Only one hacker group is mentioned in the report – the famous Lazarus Group, associated with the government of North Korea.

The FBI identified Lazarus Group as responsible for the Harmony Hack incident last year, causing a loss of about $100 million. On January 13th this year, the hackers began to move the funds.

On June 3rd, some Atomic Wallet users reported that their assets had been stolen, amounting to $100 million in losses. The investigation found 142 new suspicious addresses related to hackers. It was revealed that the fund transfer mode of the Atomic Wallet hackers was similar to the strategy previously used by Lazarus Group.

Due to the “anonymity” feature of the blockchain, SlowMist cannot guarantee the absolute accuracy of all data.

ADVERTISEMENT