October is the “biggest month in the biggest year ever” for cryptocurrency hackers, with US$718 million stolen from decentralized finance sites across 11 different hacks, according to Chainalysis, a U.S.-based company that tracks such data.
At this rate, 2022 will surpass 2021 as the biggest year for hacking on record, with over US$3 billion stolen so far across at least 125 hacks, the firm said. The figure for 2021 was US$3.2 billion.
Decentralized Finance (DeFi) stands out as a new preferred target for hackers, with DeFi representing almost 99% of the total losses from exploits in July to September, according to a report by Singapore-based security services platform Immunefi.
“Just a few years ago, centralized exchanges were by far the most frequent targets of hacks in the cryptocurrency industry,” Kimberly Grauer, head of research at Chainalysis, told Forkast in an email.
“Today, successful hacks of centralized exchanges are rare because these organizations prioritized their security … now hackers are always looking for the newest and most vulnerable services.”
Cross-chain bridges have been especially vulnerable, with a major exploit of the Binance Bridge last week adding to three major bridge hacks this month, totaling US$600 million. Bridge exploits accounted for over half of all losses to hacks this year, Chainalysis added.
“Bridge design is still an unresolved technical challenge, with many new models being developed and tested,” Grauer said. “These varying designs present novel attack opportunities that may be exploited by bad actors.”
Organized hackers, such as the North Korean state-backed Lazarus Group, have become the most sophisticated in terms of exploits and laundering stolen funds, she said. Chainalysis estimates that in 2022, North Korea-linked groups have stolen at least US$1 billion in cryptocurrency from DeFi protocols.
However, “the techniques we’re seeing used in these October attacks are mostly nothing new,” Jasper Lee, audit tech lead at Sooho.io, said in an email to Forkast.
The underlying issue is that many DeFi protocols and dApps are being launched without “proper security,” with attackers picking the “lowest-hanging fruit,” said Lee.
Hacks were already on pace for a record-breaking year by July, but Chainalysis data showed the monthly volume of total illicit activity involving crypto declined during the first half of 2022 as markets slumped.
“For cybercriminals, the payload associated with hacking something like Wintermute or Nomad is much more lucrative than that for going after individuals,” said Henry Chambers, a senior director with Alvarez & Marsal Disputes and Investigations.
Chambers, a founding member of the Crypto Fraud and Asset Recovery Network (CFAAR) chapter in Hong Kong, said the slump in prices may also have reduced the number of inexperienced investors attracted to crypto.
This demographic would be a main target for crypto fraudsters and scammers, and their absence could be contributing to hacks outpacing other forms of illicit activity, Chambers said.
CFAAR launched in the UK in 2021 and opened its Hong Kong outlet this year with the stated goal of improving crypto asset recovery awareness and making digital asset adoption safer and more secure.
DeFi and cryptocurrency attract cybercriminals due to the blockchain’s fast transactions and pseudonymity, said Jonathan Crompton, a partner of RPC law firm and another founding member of CFAAR Hong Kong Chapter.
The lack of centralized, traditional financial institutions can be appealing to many users, but it can also cause them to fall victim to scams and hacks more often and recover less. In total, only 4% of lost crypto funds were recovered in 2022, according to Immunefi.
Crompton concluded the best way of responding to a case of crypto hacking or fraud remains to avoid it in the first place — better awareness and preventative practices are key.
News of record-breaking hacks could also cause investors to avoid DeFi altogether, Henry Liu, chief executive officer of crypto asset exchange BTSE, told Forkast in an email.
“The space remains unfriendly to retail investors especially, who lack the expertise to appropriately assess the security of their chosen investment platforms,” Liu said.
According to Chainalysis’ Grauer: “While not foolproof, a valuable first step towards addressing issues like this could be for extremely rigorous code audits to become the gold standard of DeFi, both for those building protocols and for the investors evaluating them.”
Grauer added that asset recovery is becoming more advanced. US$30 million of funds were recovered from the over US$625 million Axie Infinity bridge exploit conducted by the North Korean Lazarus group earlier this year, representing the first-ever recovery from the notorious hackers.