In the past few years, attackers have been very actively cashing in on the crypto market. With this money, you can create competition for Elon Musk.
According to Chainalysis analysts, since the beginning of 2022, attackers have robbed crypto projects of about $3 billion. For comparison: in 2020, fraudsters stole assets by about $1.5 billion. In 2021, this figure was higher – up to $7.7 billion.
Attackers make all participants and all sectors of the crypto market suffer. Billions of dollars are flowing from the crypto industry into the hands of criminals, which are unlikely to come back.
NFT sector
Non-fungible tokens (NFTs) are one of the most attractive targets for scammers. Due to the explosive growth in popularity, the product attracted the attention of not only users, but also hackers. In the first 2 quarters of 2022, NFT collection hacks brought the attackers a total of $84.6 million.
It is noteworthy that since the summer of 2021, scammers have robbed the NFT market of more than $100 million, according to Elliptic analysts. Experts also note that in reality this figure is even higher, since only public reports of hacks were used for statistics.
As a result of the hacking of the Discord server of the Bored Ape NFT collection, the attackers stole 2 NFTs worth at least $70,000.
The OpenSea NFT marketplace was hacked at least twice in January this year alone. For the first time, the attacker managed to withdraw more than $700,000 in ETH from the platform. The second time, the theft was larger – at least 8 expensive NFTs were stolen from the marketplace for a total amount of more than $1.3 million. Both times, the scammers took advantage of critical platform vulnerabilities: “problems with the interface” and an error in the program.
Another NFT marketplace, TreasureDAO, lost over 100 NFTs from various collections. According to preliminary data, the total amount of damage is estimated at $1.4 million. Hackers also took advantage of an error in the protocol.
DeFi sector: projects, blockchains, sidechains
DeFi products are the main victim of criminal activities. New projects are often launched without proper security audits, so attackers easily find vulnerabilities in smart contracts and steal money from developers and users.
For example, on March 9, the Fantasm Finance protocol lost about $2.6 million in ETH due to a smart contract vulnerability.
On April 1, about $4.6 million was stolen from Ola Finance’s lending protocol in a “reentry login” hack.
Audius, a decentralized audio streaming service, was also the victim of a $6 million hack. The attacker managed to change the configuration of the control smart contract.
DeFi lending protocol Hundred Finance lost about $6.5 million in ETH in March. The hackers used a “re-entry” attack.
DeFi project Elephant Money was the victim of scammers who managed to steal more than $11 million from reserves. To attack, they used vulnerabilities in several smart contracts at once.
A vulnerability in the code of the Fei Protocol DeFi project allowed attackers to withdraw about $80 million from Rari Capital pools. The attack later shut down cryptocurrency financial solutions provider Babylon Finance.
The Qubit Finance project lost about $80 million as a result of the hack. Here, the attackers again took advantage of protocol vulnerabilities.
One of the biggest attacks remains the Axie Infinity hack. Hackers stole over $615 million in ETH and USDC from the Ronin Network gaming sidechain. The North Korean Lazarus Group is believed to be behind the incident.
Cross chain bridges
Another Achilles heel of the crypto industry. Since the beginning of 2022, attackers have attacked cross-chain bridges thirteen times and stole a total of $2 billion, Chainalysis analysts found out.
In June, the Harmony Horizon bridge lost $100 million in a hack. During the attack, hackers took advantage of a long-identified vulnerability. The scammers later laundered the stolen goods through the now sanctioned Tornado Cash mixer.
The Nomad cross-chain bridge was also hacked, as a result of which about $190 million of user funds fell into the hands of fraudsters. Subsequently, the attackers returned $ 9 million.
In February, hackers withdrew more than $320 million in ETH by hacking the Wormhole cross-chain protocol. The reason was also a critical vulnerability discovered by attackers. Later, all losses were covered.
New attacker schemes
Fraudsters most often use schemes that focus on exploiting bugs in protocols and vulnerabilities in project smart contracts. Reentry attacks and hacking into Discord servers are also among the favorite hacking techniques.
However, attackers do not stop inventing new schemes. Here are just a few of the hacker innovations that have been seen in 2022:
- Cryptocurrency scam. Such a scheme has been used with MetaMask. By sending fake email messages, attackers try to extract mnemonic phrases from users.
- Crypto scams with celebrity support. Attackers involve well-known people to advertise the project in order to inspire user confidence.
- Fake airdrops. For example, in February, scammers asked users to verify their data and make an advance payment for participation in the distribution of tokens, posing as the administration of the Telegram messenger.
How to protect yourself from scammers
Remember that no one but you will protect your money. In order to minimize the risks, it is enough to follow a few basic rules:
Private key, password, mnemonic phrase
Do not share this information with anyone and do not keep it on devices with Internet access. It is best to write it down on paper and keep it in a place known only to you.
cold wallet
It is safest to keep cryptocurrencies in a vault without internet access. It is almost impossible to steal funds from a hardware wallet.
Caution on the Internet
It is better not to use public Wi-Fi – such connections are often insecure. However, even when using a private network, use antivirus software. Download applications, programs and files only from trusted sources.
Trust but verify
Before entering your data somewhere or depositing money, carefully study the history of the project. Choose only reliable platforms with a good reputation for work. Check the addresses and domains to which you are going to send something every time.