The world of cryptocurrency predominantly resides in the digital realm, exposing it to numerous evolving cyber threats that pose new risks and inflict substantial losses on individuals and organizations.
Let's delve into some key cybersecurity trends within the crypto space this year, which are anticipated to persist into 2024, causing harm to additional victims.
1. Hacks and exploits
Both crypto exchanges and various decentralized finance (DeFi) platforms experienced multiple hacks and exploits this year, with some incidents involving hundreds of millions of USD. For instance, the blockchain protocol Mixin Network suffered a loss of nearly $200 million in September due to a hack, while the DeFi protocol Euler Finance faced an exploit resulting in a loss of $197 million in March.
In total, blockchain intelligence company TRM Labs documented 160 hacks through November this year, a figure comparable to that of 2022. However, despite the similar number of incidents, hackers were only able to pilfer $1.7 billion in bitcoin (BTC) and other cryptoassets, which is less than half of the amount stolen in 2022. Researchers attribute this reduction in losses to improved industry security measures, increased law enforcement efforts, and enhanced industry coordination.
Losses in 2022 vs. 2023
The data also indicates that nearly 60% of the total stolen amount this year can be attributed to infrastructure attacks, wherein criminals gain access to servers, networks, or software. Meanwhile, the remaining portion results from smart contract (self-executing programs) attacks through code exploits, protocol attacks, and other means.
Meanwhile, one hack stood out this year when the hacker of the KyberSwap decentralized exchange began demanding transfer control over the platform in exchange for the return of funds amounting to around $50 million worth of cryptoassets. The situation related to the incident that occurred in November appears to remain unresolved.
As hackers are likely to continue targeting crypto exchanges (especially centralized ones), it is advisable to retain on these platforms only the amount of cryptoassets necessary for trading, while securing larger amounts in more robust options, such as hardware wallets.
Crypto scams constitute a broad category encompassing various subcategories such as exit scams, investment fraud, deceptive smart contracts, and more. Furthermore, a single scheme can involve multiple scams, like a combination of an investment and romance scam. With the significant uptrend in the BTC and crypto market this year, one might anticipate an increase in scammer activity.
Nevertheless, at least the first half of this year proved to be less "profitable" for these criminals.
According to data from the blockchain analysis company Chainalysis, up to June, crypto scammers garnered nearly $3.3 billion less in 2023 than they did in 2022, totaling just over $1 billion for the year. This decline was attributed to the vanishing act of two major investment scams: VidiLook and Chia Tai Tianqing Pharmaceutical Financial Management.
Meanwhile, a specific group of hackers, the North Korean hacker group Lazarus, is no stranger to crypto scams either. The group, estimated to have pilfered cryptoassets worth $3 billion over six years, is now suspected of launching a phishing operation on Telegram, with a focus on the crypto industry. Crypto security specialist SlowMist asserts that members of this group are currently posing as reputable investment institutions to deceive crypto projects into sending funds to criminals. This particular scam falls under the category of phishing scams, which will be further discussed separately below.
Phishing scammers employ deceptive tactics, such as impersonation and the creation of fake websites, to gain access to a victim's funds. In a recent case in December, a significant incident sent shockwaves through the DeFi and Web3 (the new generation internet) industries. A former employee of Ledger, a major hardware wallet manufacturer, fell prey to a phishing attack, enabling the attacker to inject malicious code into Ledger's software. This software is used to control third-party apps' access to cryptoassets on hardware wallets. Following the revelation of this news, users of all decentralized applications (dapps) were advised to cease interactions until further notice. Approximately $600,000 worth of cryptoassets were stolen.
Simultaneously, Chainalysis issued a warning about another type of crime – approval phishing scams. In this scenario, the scammer tricks the user into signing a malicious blockchain transaction, granting approval for the scammer's address to spend specific tokens within the victim's wallet. Researchers estimate that some victims have lost tens of millions to these scams.
Therefore, this emerging type of phishing scam serves as a crucial reminder not only to double-check the identity of individuals or websites with whom you interact on the internet before signing any transaction but also to verify the address before initiating a transaction.
4. Pump & dump schemes and rug pulls
Participants in the cryptoverse should also remain vigilant against manipulation and deceptive tactics, including pump-and-dump schemes and so-called rug pulls. The former involves manipulating a token's price through misleading statements, attempting to inflate the price before selling the overvalued funds, and leaving unsuspecting investors at a loss. While this year's data is pending, Chainalysis estimated that 24% of tokens launched last year experienced a price decline in the first week, indicative of potential pump-and-dump activity.
On the other hand, a rug pull is another fraudulent tactic where, after collecting money from investors, criminal teams vanish with all the funds. Hacken estimates that rug pulls accounted for 65% of losses in the crypto landscape in the third quarter of this year. The researchers recorded 78 incidents that cost investors almost 50 million $. Checking whether a crypto project has undergone an independent third-party audit, which might indicate potential risks, can help prevent falling victim to a rug pull. According to Hacken, out of the 78 rug pulls examined, only 12 reported having undergone any kind of audit. Furthermore, even if there's an audit, it might have a poor score.
Meanwhile, while scams had dropped in the first half of this year, on particular type of crypto-related crime gained steam: ransomware. Actually, per Chainalysis, at least at the time, it was the only type of crypto-related crime to grow this year. Through June, criminals extorted at least 449 million $, or 64% more than in the same period in 2022, or the year when losses due to ransomware dropped as large organizations improved cybersecurity and data backup practices, allowing them to refuse to pay the ransom.
However, the growth this year was attributed to the fact attackers are targeting larger organizations in an attempt to win bigger “prizes”. Additionally, there were registered more successful smaller-scale ransomware attacks.
Ransomware strains and their payment sizes
As the year draws to a close, criminals are making concerted efforts to maximize their gains. In November alone, approximately 340 million $ was lost in the BTC and crypto market due to hacks and fraud, representing a 15.4-fold increase compared to October, according to Immunefi data. With a growing awareness of cybersecurity threats, BTC and crypto users, as well as organizations, hopefully, will be better equipped to protect themselves in 2024. Stay vigilant and stay safe!
More from Cybernews:
Subscribe to our newsletter