Criminals had a successful 2021 by stealing as much as $ 3.2 billion in cryptocurrencies, but they could be even more successful this year, Chainalysis said in its 2022 report The Crypto Crime Report.
Namely, in the first three months of this year, hackers have already stolen $ 1.3 billion from crypto exchanges, platforms, and private wallets – and the victims are mostly in DeFi (decentralized finance).
In the past, hacker attacks on cryptocurrencies have largely been the result of security breaches in which hackers gained access to victims ’private keys. The March 2022 violation of the Ronin Network, which enabled the theft of $ 615 million in cryptocurrency, proved the continued effectiveness of such a malicious technique.
This is confirmed by Chainalysis data, according to which from 2020 to the first quarter of 2022, 35% of the total value of cryptocurrency was stolen thanks to a security breach.
However, especially for DeFi protocols, the biggest thefts usually succeeded due to incorrect code. Code exploitation and flash loan attacks – a type of code exploitation that involves manipulating the prices of cryptocurrencies – accounted for much of the value stolen outside of Ronin’s attack.
Code exploitation happens for several reasons. First, in line with DeFi’s belief in decentralization and transparency, open-source development is a major component of DeFi applications. This is an important and generally positive trend: since DeFi protocols move funds without human intervention, users should be able to revise the underlying code to trust the protocol. But it also benefits cybercriminals, who can analyze vulnerability scripts and plan exploits in advance. In hacking BadgerDAO last year, for example, a hacker tested the exploitation and laundering process several months before the attack.