08/07/2024|11 minute read

As the Web3 and digital assets ecosystem continues to grow, hacks, scams and other threats remain a major cause for concern and a potential impediment to broader adoption. Data from various sources indicates that after a year of relative respite in 2023, crypto threats have increased dramatically in 2024. Web3 and digital assets market actors should take care to understand the current crypto threat landscape and take appropriate steps to guard against business disruption and monetary loss. In this paper we provide a detailed analysis of the 2023 and 2024 crypto threat landscape to assist in identifying key trends, typologies and vulnerabilities.

Total Value Lost to Crypto Threats

In 2023, the total value lost to digital asset hacks and scams decreased from 2022 levels, but the number of incidents remained stable, and attacks appeared to increase in sophistication. Reports indicate that the total value lost to digital asset incidents reached around $2 billion,[1] a reduction of more than 50 percent from 2022. The volume of cryptocurrency received by illicit addresses also decreased from $39.6 billion in 2022 to $24 billion in 2023, a 0.42 percent share of volume in 2022 and a 0.34 percent share in 2023, respectively.[2] The frequency of attacks remained relatively stable,[3] with the number of individual incidents growing from 219 in 2022 to 231 in 2023.[4] Despite reduced volume, the sophistication and size of digital asset incidents increased in 2023, with reports indicating that in Q3 2023 alone, $720 million in digital asset value was stolen across 117 major breaches.[5] And in November 2023, cryptocurrency thieves reportedly stole $363 million, setting a new record for single-month losses.[6]

In the first half of 2024, losses from crypto hacks have increased 900 percent year over year in Q2 2024, with a volume of stolen funds close to $1.4 billion.[7] Approximately $573 million of those losses come from hacking incidents in the Web3 ecosystem, a 112 percent increase from Q2 2023.[8] The top five hacks and exploits accounted for 70 percent of the total amount stolen so far in 2024.[9]

DeFi Hacks

Decentralized finance (DeFi) protocols, platforms built on blockchain technology that operate without the need for traditional intermediaries such as banks or brokers, present unique scenarios in which lack of oversight and security audits provides malicious actors with opportunities to exploit vulnerabilities in standards and code that govern the protocols. DeFi is an increasing focus of attackers. In January 2023 alone, DeFi suffered $38.9 million in losses across five protocols.[10] In February 2024, the DeFi sector lost more than $82 million, with only $1.3 million recovered.[11]

Some of the most common DeFi exploits involved price manipulation schemes, attacks on liquidity pools and cross-chain bridges, and private key security breaches. Smart contract vulnerabilities are still a prime target for hackers, with one DeFi protocol in June 2024 being targeted for over $20 million in losses spread through multiple assets over the course of six minutes.[12] After some exploits, scam accounts began impersonating the hacked protocols and posting potentially malicious links to entice users to seek refunds and revoke smart contract approvals.^[13]

One common type of DeFi attack vector involves exploits that allow the attacker to withdraw native DeFi tokens and dump them on the market, sometimes causing upward of 99 percent of the token's value to be lost.[14] In 2023, such exploits sometimes took the form of "flash loan" attacks. A flash loan is a type of uncollateralized loan that lets a user borrow digital assets with no upfront collateral as long as the borrowed assets are paid back within the same blockchain transaction.[15] In a flash loan exploit, the attacker uses flash loans to manipulate digital asset prices, often resulting in devastating losses for a DeFi protocol's treasury.[16] One analysis conducted in 2023 found patterns indicative of "pump and dump schemes" in 54 percent of ERC-20 tokens listed on decentralized exchanges (DEXs) in 2023 (these accounted for only 1.3 percent of all DEX trading volume).[17]

In another type of exploit, attackers target DeFi liquidity pools, which are reserves of cryptocurrency pairs locked in smart contracts and used to facilitate DeFi exchanges on platforms like DEXs. Here, the attackers target vulnerabilities in the code of the smart contracts that govern the liquidity pools and seek to manipulate the smart contracts to withdraw or misdirect liquidity pool funds.[18]

Another common DeFi attack in 2023 targeted cross-chain bridges, which are DeFi protocols that enable the transfer of digital assets or data between different blockchain networks. In one example of a cross-chain bridge attack, hackers used a wallet funded through Tornado Cash, a decentralized cryptocurrency tumbler, to exploit the Orbit Chain cross-chain bridge protocol and steal approximately $81 million in digital assets.[19]

Private key security also continues to pose vulnerabilities for DeFi. In one example from 2023, a DEX aggregator experienced a theft of around $2.7 million in digital assets in an attack in which the hacker is believed to have exploited a deprecated smart contract by updating it and then utilizing a leaked private key to withdraw funds.[20] In another notable example, in early 2024, a vulnerability in a set of seven packages on the Python Package Index (PyPI) repository was identified as being designed to steal BIP39 mnemonic phrases to recover private keys of cryptocurrency wallets.[21]

Hacks of Centralized Exchanges

Exploitation and hacks of centralized cryptocurrency exchanges continued in 2023 and 2024 with frequency similar to that of prior years. In a few notable examples, over $224 million in cryptocurrency funds were stolen in three separate incidents. In one incident, a cryptocurrency exchange was hacked for over $100 million in what is thought to have been a private key compromise.[22] In a similar hack, an exchange and blockchain protocol was hacked for a cumulative $97 million spread across various crypto tokens, which blockchain security firm Cyver also attributed to a private key leak.[23] In a third incident, $27 million worth of USDT was stolen from an exchange's "deployer" wallet - used to create smart contracts - when a user of the exchange withdrew the funds from the exchange to a DeFi wallet that had been previously compromised.[24]

Centralized exchanges overseas have been a common target of hackers in 2024. In May, a Japanese cryptocurrency exchange lost 4,502.9 bitcoin in a hack - the second-largest hack in Japan following the 2018 hack of the Coincheck exchange valued at 58 billion yen.[25] Here, the attacker split the stolen bitcoin among 10 wallets in batches of 500 bitcoin before the exchange took measures to avoid further unauthorized outflows. In July 2024, an Indian exchange's multisig wallet was hacked, purportedly in a North Korea-linked breach, for over $235 million in cryptocurrency over 200 different assets.[26] The hackers reportedly used a variety of decentralized services to launder the funds.

Wallet Hacks

Prominent digital asset wallet providers were also the subject of hacks in 2023. One wallet provider experienced an exploit through their JavaScript library that allows websites to connect to wallets, enabling exploiters to steal more than $600,000 in various cryptocurrencies.[27] Another wallet provider suffered a security breach in which contact information for almost 66,000 of its users was stolen, including email addresses and names - although the provider indicated that no seed phrases had been accessed or compromised in the breach.[28]

Scams

Although the overall amount of money lost in 2023 through various hacks and exploits fell from 2022 levels, 2023 saw an uptick in cryptocurrency phishing scams. One phishing scam in particular - a type of malware called Wallet Drainers - was frequently deployed on websites and tricked users into signing a fraudulent transaction, causing nearly $295 million in digital assets from 324,000 victims to be lost throughout the year.[29] Wallet-draining services were also used to steal funds totaling around $59 million in a nine-month time period by utilizing ads on well-known search engines and targeting victims through fake versions of crypto sites. To avoid detection in security audits, the scammers utilized web redirects, regional targeting and page-switching tactics.[30]

Phishing - the fraudulent practice of sending electronic media purporting to be from reputable sources to induce the sharing of personal information like passwords to a wallet or the signing of illicit transactions - remains prominent in Web3. Impersonators on popular social media platforms were the leading cause for over 57,000 victims of crypto phishing scams in February 2024 alone, representing $46.8 million in losses.[31] Scammers used social media platforms to lure victims to phishing websites from impersonated accounts and have begun using account abstraction as token approval spenders. Advertisements on a popular Ethereum blockchain explorer were used in a phishing campaign that prompted users to link their crypto wallets and allow scammers to withdraw the victims' crypto funds.[32]

In their sixth annual Elliptic Typologies Report, blockchain analytics firm Elliptic provided in-depth analysis on money laundering and terrorist financing through the crypto asset market and identified an uptick in "pig butchering" schemes - a type of long-term scam in which a victim, often targeted through social media, is gradually lured into making financial contributions, only to have their assets stolen.[33] The Federal Trade Commission (FTC) issued a consumer alert highlighting the dangers of such scams and early warning signs to look for.[34]

Another prominent scam being used to steal funds comes in the form of "address poisoning," in which a scammer mimics the first six and last six digits of a wallet address in hopes that the user does not notice differences in the middle address numbers that lead instead to an exploiter's wallet. In one instance, address poisoning led to a loss of $68 million worth of wrapped bitcoin in a single transaction.[35] Additionally, the Federal Bureau of Investigation (FBI) and FTC have warned of new scams involving fake jobs that use confusing compensation structures to convince victims to make cryptocurrency payments to earn more money or "unlock" work before the scammer disappears with the victim's funds.[36]

Industry participants are uniting to combat scams and provide more robust information sharing to prevent hacks. In 2024 the Tech Against Scams Coalition launched to prevent online fraud and financial schemes targeting consumers.[37] Also in 2024, a major U.S. cryptocurrency exchange co-founded the nonprofit Crypto Information Sharing and Analysis Center to support information sharing across the crypto ecosystem to combat and reduce cybersecurity exploits.[38]

Lazarus Group

In 2023 and 2024 the Lazarus Group, a group of North Korean hackers tied to the Democratic People's Republic of Korea, continued to be a massive cryptocurrency hacking threat. The Lazarus Group reportedly stole $600 million in cryptocurrency during 2023, accounting for almost one-third of all stolen funds throughout the year.[39] This is a decrease from 2022, during which the Lazarus Group is reported to have stolen $1.7 billion in cryptocurrency funds. In total, the state-sponsored criminal organization has reportedly been responsible for almost $3 billion in stolen cryptocurrency value.[40] This year, sanctions monitors advised the United Nations Security Council sanctions committee that they have investigated 97 suspected cyberattacks connected to North Korea on cryptocurrency companies during the period 2017 through 2024. The total value of these attacks increased from previous reports to be approximately $3.6 billion, with portions of these stolen funds being laundered through Tornado Cash.[41]

Ransomware

According to blockchain analytics firm Chainalysis, 2023 saw a major comeback for ransomware, with record-breaking payments and substantial increases in the scope and complexity of attacks, including increased targeting of high-profile institutions and critical infrastructure. Among other incidents, in 2023 a number of global companies fell victim to ransomware through supply chain attacks carried out by exploiting file transfer software MOVEit. Through this shift to high-profile targets, ransomware hackers were able to extort over $1 billion in cryptocurrency ransom payments in 2023 - a new milestone.[42] A cybersecurity advisory published in 2024[43] by the FBI shows that Akira, a ransomware group established last year, has been targeting critical infrastructure entities in North America, Europe and Australia since March 2023, breaching more than 250 organizations for around $42 million in ransomware proceeds.[44]

Money Laundering and Sanctions Evasion

Elliptic reported that in 2023 there was a continued increase in digital asset money laundering through so-called cross-chain crime, whereby criminals obfuscate the source of criminal proceeds by swapping digital assets between different tokens and across different blockchain networks, with no legitimate business purpose and often in rapid succession. Elliptic notes that in 2023 the amount of cryptocurrency funds laundered through cross-chain crime reached a record $7 billion.[45]

In 2023, the U.S. Department of the Treasury's Office of Foreign Assets Control sanctioned Tornado Cash, a decentralized Ethereum network mixing service. According to blockchain analytics firm TRM Labs, post-sanctioning, the overall volume of transactions on Tornado Cash fell by 85 percent. However, TRM Labs noted that when viewed as a percentage of total transaction volume, the number of illicit actors using Tornado Cash increased in 2023, indicating that while non-illicit use of Tornado Cash has diminished, illicit actors continue to use the service.[46]

According to CertiK, a blockchain audit company, a third of the losses from the 50 largest crypto exploits in 2023, valued at around $300 million, were transferred to the Bitcoin network. This may indicate that Bitcoin mixers are becoming an increasingly popular alternative to Tornado Cash, which operates on the Ethereum network.[47] It also indicates that bitcoin remains the cryptocurrency of choice for many illicit actors operating in the digital asset space.

Governmental Efforts Against Crypto Threats

U.S. government agencies continue to take action to combat crypto threats. In April 2024 the U.S. Department of the Treasury published prepared testimony given by Deputy Secretary of the Treasury Wally Adeyemo addressing illicit finance risks in cryptocurrency.[48] The deputy secretary highlighted three proposed reforms to address cryptocurrency threats, including introduction of secondary sanctions tools targeted at foreign digital asset providers that facilitate illicit finance, modernizing and closing gaps in existing authorities by expanding their reach, and addressing jurisdictional risk from offshore platforms.

Members of Congress have also expressed concerns over illicit use of crypto. In April 2024, Sens. Elizabeth Warren and Roger Marshall sent a bipartisan letter to various executive agency heads expressing concerns over sanctions evasion using cryptocurrency by Russia, Iran and North Korea.[49] Further, Sens. Elizabeth Warren and Angus King Jr. submitted another letter urging the Biden administration to increase efforts to combat cryptocurrency mining in Iran, which, the letter states, is potentially linked to funding of the terrorist organization Hamas.[50] The letter indicated that Iranian Bitcoin network mining may have produced as much as $1 billion in revenue in 2021 alone, allowing Iran to monetize energy resources that it otherwise would not be able to export due to sanctions.

Conclusion

2023 and 2024 may very well be remembered as the time when Web3 and digital assets leaped into the mainstream economy. However, despite many recent accomplishments for the sector, threats continue to plague the industry. As Web3 and digital assets market actors move to seize opportunities in 2024 and beyond, they should take parallel steps to understand how the crypto threat landscape impacts their business and craft strategies that allow them to move forward with confidence as crypto goes mainstream.

[1]Crypto Users Lost $2B to Hacks, Scams and Exploits in 2023, De.Fi Says.

[2]2024 Crypto Crime Trends: Illicit Activity Down as Scamming and Stolen Funds Fall, But Ransomware and Darknet Markets See Growth.

[3]Hack Hauls Halve From 2022.

[4]Funds Stolen from Crypto Platforms Fall More Than 50% in 2023, but Hacking Remains a Significant Threat as Number of Incidents Rises.

[5]Protecting Web3: Q3 2023 Security Insights Report.

[6]Crypto thieves steal $363M in Nov, the most 'damaging' month this year.

[7]Crypto exploits near $1.4B this year as hackers target CeFi: Report.

[8]Crypto Losses in Q2 2024 prepared by Immunefi.

[9]Thefts From Crypto Hacks and Exploits Surge in First Half of 2024.

[10]Quantstamp reports $38.9M lost in DeFi attacks in January.

[11]DeFi Exploits in February Cause Losses of $82 Million With Just $1.3 Million Recovered: Report.

[12]UwU Lend hit by $20M crypto hack.

[13]DeFi platform Hedgey Finance hit by $44 million exploit.

[14]Lucky Star Currency Exit Scam.

[15]What Are Flash Loans?

[16]Platypus DeFi Incident Analysis.

[17]54% of ERC-20 Tokens Listed on DEXes in 2023 Display Patterns That May Be Suggestive of Pump and Dump Schemes, but Represent just 1.3% of DEX Trading Volume.

[18]KyberSwap DEX Hacked for $48 Million, Attacker Teases Negotiations.

[19]Orbit Chain Loses $81M in Cross-Chain Bridge Exploit.

[20]OKX DEX suffers apparent $2.7 million exploit following suspected private key leak.

[21]Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets.

[22]Poloniex exchange suffers $100M exploit, offers 5% bounty.

[23]Justin Sun Confirms HTX, Heco Chain Exploited After $100M in Suspicious Transfers.

[24]Hacker Steals $27M in Tether From Wallet Linked to Binance Deployer.

[25]Japanese Crypto Exchange DMM Bitcoin Suffers $305M Hack.

[26]$235 million lost by WazirX in North Korea-linked breach.

[27]A LETTER FROM LEDGER CHAIRMAN & CEO PASCAL GAUTHIER REGARDING LEDGER CONNECT KIT EXPLOIT; Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft.

[28]Trezor discloses 66K users affected by phishing attack; Trezor security alert: Stay vigilant against a potential phishing attack.

[29]Scam Sniffer 2023: Crypto Phishing Scams Drain $300 Million from 320,000 Users.

[30]'MS Drainer' scammers used Google Ads to swipe $59M in crypto: Report.

[31]Crypto phishers stole $47M last month, impersonators on X to blame.

[32]Etherscan ads behind massive phishing campaign.

[33]Elliptic Typologies Report: Preventing Financial Crime in Cryptoassets.

[34]FTC: What to do if your online love interest offers to teach you how to invest your money.

[35]Exploiter Steals $68M Worth of Crypto Through Address Poisoning.

[36]FBI Alert: Scammers Defraud Individuals via Work-From-Home Scams.

[37]Announcing the Tech Against Scams Coalition.

[38]Kraken co-founds Crypto Information Sharing and Analysis Center (ISAC).

[39]North Korean Hackers Stole $600 Million in Crypto in 2023.

[40]North Korean hackers have pilfered $3B of crypto over past six years: Report; Crypto Country: North Korea's Targeting of Cryptocurrency.

[41]Exclusive: North Korea laundered $147.5 mln in stolen crypto in March, say UN experts; How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020-2023.

[42]Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline.

[43]Joint Cybersecurity Advisory: #StopRansomware: Akira Ransomware.

[44]Bitcoin ransomware Akira drains $42M from more than 250 companies: FBI.

[45]Record $7 billion in crypto laundered through cross-chain services; The State of Cross-chain Crime.

[46]Tornado Cash Volume Dramatically Reduced Post Sanctions, But Illicit Actors are Still Using the Mixer.

[47]Over $300M in stolen crypto assets reached Bitcoin mixers in 2023.

[48]Testimony of Deputy Secretary of the Treasury Wally Adeyemo Before the Committee on Banking, Housing, and Urban Affairs, U.S. Senate.

[49]Warren and Marshall Send Bipartisan Letter to Biden Admin for Info to Stop Russian Use of Crypto in Evading Sanctions, Fueling Weapons Program.

[50]Senators Warren and King Letter re Iran Crypto Mining.

Public link

Please use the above public link if you want to share this noodl on another website.