Last year, the cryptocurrency sector broke a sad record. For the first time, hackers have managed to steal nearly 4 billion dollars. Hackers, including Kim Jong Un’s henchmen, have exploited the fragility of certain protocols…
Chainalysis experts have just released their annual report on cryptocurrency hacks. Last year, the pirates did not twiddle their thumbs, despite the gradual collapse of the market. The total loot of cybercriminals amounts to $3.8 billion.
This is an absolute record. The pirates had no never made so much money by tackling the world of cryptoassets. A year earlier, crime paid just $3.3 billion, compared to just $500 million in 2020 and 2019. The previous spike above the billion was in 2018, a lean year for investors .
Hacks orchestrated by North Korea
Among the most prolific hackers of the year are the lazarus gang (also known as APT38). Funded by North Korea, the hackers are notably suspected of having hacked the Harmony blockchain in order to steal 100 million dollars in April 2022. They are also behind the attack against the Ronin Network, which resulted in the $624 million theft.
According to Chainalysis, $1.7 billion in cryptocurrency was stolen by the North Korean government-sponsored group in 2022. Once returned to North Korea, the stolen funds are used in part to finance the nation’s nuclear weapons. .
“Cryptocurrency hacking now contributes to a significant portion of the North Korean economy”explains Chainalysis, pointing out that the country’s exports only brought in $142 million in 2020.
Read also: Another bankruptcy endangers the cryptocurrency industry
Decentralized finance, as fragile as it is transparent
A few years ago, most hacks were aimed cryptocurrency exchange platforms. While the industry was still in its infancy, colossal sums were stolen from exchanges. We will particularly remember the Mont Gox hack, which resulted in the theft of more than 800,000 bitcoins. This period is over. Now, exchange platforms are not more in focus cybercriminals. Rather, hackers are looking to cash in on the rise of fully decentralized blockchain-based services… whose security does not match that of centralized platforms.
In fact, these are decentralized finance (DeFi) protocols who suffered the most last year. More than 82% of stolen cryptocurrency last year was stolen from DeFi services. The report states that 64% of the $3.1 billion stolen from decentralized services came from gateways between blockchains.
Still fragile, these bridges, allowing funds to be transferred from one network to another, have been massively attacked by hackers. By exploiting a security flaw, hackers can seize assets temporarily stored on a smart contract, details Chainalysis. Smart contracts, also called smart contracts, are automatic programs that manage blockchain transactions.
For the analysis firm, decentralized finance is particularly vulnerable because of its high transparency. Based on blockchains, these services make all of their code, including that of the essential smart contracts that govern their operation, available to the public. De facto, hackers are free to explore the code as they please to flush out a breach.
“If a bridge becomes large enough, any errors in the underlying smart contract code or other potential flaws will almost certainly be found and exploited by malicious actors”summarizes Chainalysis.
Security that is too often overlooked?
Interviewed by Chainalysis, David Schwed, head of blockchain cybersecurity firm Halborn, believes that DeFi protocol developers usually show themselves negligent in computer security. They focus more on growth:
“The DeFi community generally doesn’t demand better security – they want to move to protocols with high returns”.
The expert recommends that each flagship DeFi protocol be overseen by a security team of 10-15 people, with “a specific area of expertise”. He also advises developers to do audit their lines of code by a specialized third party prior to deployment. This precaution could prevent a hacker from finding a breach while user funds are already in transit.
At the same time, illicit transactions on blockchains increased slightly last year, notes another Chainalysis study. They represent 0.24% of total transfer volume, against 0.12% in 2021. Despite this jump, partly linked to the rise in piracy and the fall in prices, criminal transactions remain anecdotal. Most transfers are made by investors and users.
chain analysis
