The most vulnerable: where hacker attacks in the crypto industry are aimed

Article Reading Time:
4 min.

According to analytics company Chainalysis, 2022 saw the largest number of hacker attacks in the cryptocurrency industry. In total, crypto firms lost $3.8 billion.

Chainalysis provides statistics onattacks on cryptocurrency projects in 2022, when a record number of user funds were stolen. The peaks of hacker activity occurred in early spring and mid-autumn. For example, in October, about 20% of the total annual volume - $775.7 million - was stolen from 32 companies.

Not only the fact of hacker attacks is interesting,but also that most of them were associated with North Korea. In addition to the above statistics, Chainalysis experts emphasized the vulnerability of DeFi protocols, the number  hacker attacks which increased in 2022. Company representatives posted on social networks:

“This week we are releasing a preview of the sectionhacker attacks included in our 2023 Crypto Crime Survey. In 2022, $3.8 billion was stolen through hacker attacks. In your opinion, what percentage came from DeFi protocols?”

Attacks on DeFi Protocols

According to the report, of all the attacks carried out by cybercriminals in 2022, 82.1% came from DeFi protocols. This is almost 9% more than in 2021, when the figure was 73.3%.

Chainalysis analysts also noticedand another interesting fact. The most vulnerable were the bridges that allow the transfer of cryptocurrencies from one blockchain to another. This usually happens through the “freezing” of the client’s assets in the smart contract of the first network, and after that an equivalent amount of assets is produced on the second.

This especially applies to thosesmart contracts, where there are vulnerabilities in the code that allow hackers to carry out such attacks. After all, the goal of DeFi projects is openness - the publication of such information is necessary so that users know what exactly will happen to their property when they use it.

Centralized exchanges are trying to do something similar with their Proof-of-Reserves, especially after the collapse of FTX in early November.

But if openness is a guarantee foruser, then for a hacker this is an opportunity to scan the code for vulnerabilities. The time of the attack is also taken into account to maximize the amount stolen. On this occasion, the chief operating officer of the cybersecurity company Halborn, David Schwed, said:

“A reliable protocol must be developed fromThere are 10 to 15 people on a defense team, and each must be responsible for highly specialized tasks. The DeFi community as a whole doesn't want better protection - they want protocols with big profits. But such motivation leads to other problems."

North Korean hackers

The main participants in the attacks, according toexperts are North Korean hackers who were able to steal more than $1.7 billion in cryptocurrency. At the same time, $1.1 billion of the total volume comes from DeFi protocols.

A distinctive feature of North Koreanhackers is their algorithm of actions after theft. Most of them send the “mined” cryptocurrency to other DeFi protocols. This is explained by the fact that during the course of the crime, hackers get into possession of quite a lot of illiquid tokens that are not listed on centralized exchanges (CEX). Therefore, hackers have to transfer such cryptocurrency to other DeFi protocols, often decentralized exchanges (DEX), where they exchange them for more liquid assets.

In addition, North Korean hackers sentlooted into mixers, which facilitated money laundering. Tornado Cash was the most used mixer between 2021 and 2022, but it was sanctioned in August 2022. Another Bitcoin mixer used by North Korean hackers turned out to be Sinbad. From December 2022 to January 2023, 1,429.6 BTC were transferred through it.

Nomad Bridge Case

In August 2022, the news reported that a hacker attack had been carried out on the Nomad firewall. As a result, $200 million was stolen.

An attacker took advantage of a vulnerabilityassociated with the movement of tokens between different blockchains through smart contracts. Among the stolen funds were cryptocurrencies such as WBTC, WETH, USDT, USDC, ETH, ADA, and AVAX.

Thus, most vulnerable to attacksThere are still cross-chain bridges that provide the user with the ability to interact with tokens on different blockchains. For the same reason, the Uniswap community criticized the recent protocol deployment on BNB Chain using the Wormhole bridge.

</p>

This material and the information in it does not constitute individual or other investment advice. The opinion of the editors may not coincide with the opinions of the author, analytical portals and experts.