The answer to the most vulnerable places for hackers has been found: where hacker attacks in the crypto industry are aimed


In 2022, the largest number of hacker attacks in the cryptocurrency industry was committed. In total, crypto firms have lost almost $4 billion, according to Chainalysis, an analytics firm. Chainalysis provides data on attack statistics on cryptocurrency projects for 2022, when a record number of user funds were stolen. The peak of hacker activity occurred in early spring and mid-autumn. For example, in October, about 20% of the total annual volume – $775.7 million – was stolen from 35 companies.

It is interesting not only the fact of hacker attacks, but also the fact that most of them turned out to be connected with North Korea.. In addition to the above statistics, Chainalysis specialists emphasized the vulnerability of DeFi protocols, the number of hacker attacks on which increased in 2022.. Representatives of the company said in social networks:


“This week we are releasing a preview of the hacker attacks section of our 2023 Crypto Crimes Roundup.. In 2022, $3.8 billion was stolen through hacker attacks. In your opinion, what percentage is DeFi protocols?”


Attacks on DeFi Protocols


DeFi protocols accounted for 82.1% of all malicious attacks in 2022, according to the report.. This is almost 9% more than in 2021, when the figure was 73.3%.


Chainalysis analysts also drew attention to another interesting fact. Bridges that allow transferring cryptocurrencies from one blockchain to another have become the most vulnerable.. Usually this happens through the “freezing” of the client’s assets in the smart contract of the first network, and then an equivalent amount of assets is already produced on the second one.


This is especially true for those smart contracts where there are vulnerabilities in the code that allow hackers to carry out such attacks.. After all, the goal of DeFi projects is openness – the publication of such information is necessary so that users know what exactly will happen to their property when they use it.


The centralized exchanges are trying to do something similar with their Proof-of-Reserves, especially after the FTX collapse in early November.


But, if openness is a guarantee for the user, then for a hacker it is an opportunity to scan the code for vulnerabilities. Attack time is also taken into account to maximize the amount stolen. On this occasion David Schwed, chief operating officer of cybersecurity company Halborn, said:


“A reliable protocol should be worked on by 10 to 15 people on the security team, and each should be responsible for performing highly specialized tasks.. The DeFi community as a whole doesn’t need better security – they want protocols with higher returns.. But this motivation leads to other problems.”


North Korean hackers


The main participants in the attacks, according to experts, are North Korean hackers who were able to steal more than $1.7 billion in cryptocurrency. At the same time, $1.1 billion of the total volume is accounted for by DeFi protocols.


A distinctive feature of North Korean hackers is their algorithm of actions after the theft. Most of them send “mined” cryptocurrency to other DeFi protocols. This is due to the fact that in the course of the crime, hackers get into possession a lot of illiquid tokens that are not placed on centralized exchanges (CEX). Therefore, hackers have to transfer such cryptocurrency to other DeFi protocols, often to decentralized exchanges (DEX), where they exchange them for more liquid assets.


In addition, North Korean hackers sent loot to mixers, which facilitated money laundering.. Tornado Cash was the most used mixer between 2021 and 2022 but was sanctioned in August 2022. Another bitcoin mixer used by North Korean hackers turned out to be Sinbad. From December 2022 to January 2023, 1,429.6 BTC were spent through it.


Case of the Nomad Bridge


In August 2022, information appeared in the news that a hacker attack had been carried out on the Nomad bridge. As a result, $200 million was stolen.


The attacker took advantage of a vulnerability related to the movement of tokens between different blockchains through smart contracts. Among the stolen funds were cryptocurrencies such as WBTC, WETH, USDT, USDC, ETH, ADA, as well as AVAX.


Thus, inter-network bridges remain the most vulnerable to attacks, providing the user with the opportunity to interact with tokens on different blockchains.. For the same reason, the Uniswap community has criticized the recent protocol rollout on BNB Chain using the Wormhole bridge.


This material and the information in it does not constitute individual or other investment advice.. The opinion of the editors may not coincide with the opinions of the author, analytical portals and experts.