According to a recent study by the firm Atlas VPN, during the first half of 2022, hackers in the crypto market stole $1.97 billion.
Among the most striking breaches was the one suffered by Axie Infinity’s Ronin layer, which lost more than $600 million to alleged North Korean hackers.
The most targeted ecosystem was BNB Chain with 47 hacks. But the one that suffered the biggest drain of funds was Ethereum, with more than 50% of the total amount of thefts.
Among the various negative aspects surrounding the cryptocurrency market, theft by hackers stands out. During the first half of this year, crypto hackers made off with an estimated $2 billion. The extractions were divided into different tokens, according to data from the firm Atlas VPN recently published on its official site.
The main target of the criminals was the Ethereum ecosystem, particularly its decentralized finance or DeFi applications. It is of utmost importance to keep in mind that blockchain is the most secure technology in the whole world. The thefts occur in a specific place that depends on the human hand and, therefore, errors. This is the programming of smart contracts.
Usually, developers leave bugs in some projects, which are exploited by highly experienced computer criminals. Some decentralized applications or Dapps have high security standards and others not so much. Hence, hackers have a wide catalog of choice, since there are numerous platforms within DeFi. It should be noted that, although Ethereum is the main target, it is not the only one.
Crypto hackers on the attack in 2022
A total of $1.97 billion was extracted by crypto hackers from DeFi projects in just 6 months. This is a colossal figure, which is equivalent to the entire LTV of decentralized finance during the first half of 2020. From the Ethereum ecosystem, they took 50% of that entire amount in a total of 32 attacks.
Within what was stolen on Ethereum, more than 60% was extracted from the Ronin protocol, on which the popular Axie Infinity game runs. This play-to-earn application suffered a scandalous breach in which criminals stole the equivalent of $625 million dollars. The sum was extracted between the Ether coin and the USDC stablecoin.
As highlighted above, bugs in programming are entirely the responsibility of the developers and not the blockchain. In that regard, the game’s top executive, Alexander Larsen, told Coindesk that the company itself was fully responsible for what happened and apologized to users for the programming security flaws.
In any case, the thefts in the DeFi space are becoming a worrying trend that generates concern in the community. Crypto hackers are on the prowl and as long as there is no regulatory system with standard security protocols, they will be able to gain victims in the ecosystem. Some projects have strong programming security, but it is not shared with their rivals.
Solana was next on the crypto hackers’ list
The aforementioned report based on data from analytics firm SlowMist Hacked determined that the second most stolen project was Solana. It is one of the most promising blockchains thanks to its scalability power, which can process more than 50,000 transactions per second and has advantageous features for users and programmers.
This ecosystem suffered 5 attacks during the first half of the year. Although there were 27 fewer than in Ethereum, they were accurate and painful for the projects hit. From the Solana Dapps, the hackers took about $383.9 million US dollars in digital coins and tokens. Of these, the largest corresponds to the breach of the Wormholebridge platform.
In early February, it became known that crypto hackersextracted $325 million from Wormhole, leaving the Solana community in shock. The sensitivity of this hack is that the protocol is a bridge that allows users to move their funds between the Solana and Ethereum ecosystems. The result was a total distrust of this type of applications that until then were considered one of the most striking tools for the massification of DeFi.
The theft of this bridge became at that time the second largest in the history of decentralized finance. Until then, the record was held by the Poly Network breach in August 2021, with an approximate extraction of $600 million. In that case, the hacker returned the funds voluntarily and was rewarded by the protocol’s management.
Other ecosystems affected by crypto hackers
BNB Chain, the chain of the powerful Binance exchange, came in third place in terms of amounts stolen and first in terms of number of breaches. In just 6 months, this ecosystem suffered 47 attacks by cybercriminals, who took a total of $141.4 million dollars.
“The worst month for DeFi projects was May, where 37 breaches were reported.”
Likewise, among the hackers’ victims, non-fungible token (NFT) platforms stand out. In this space, some 45 vulnerabilities were reported, costing the investment community about $84.6 million in collectibles. From centralized exchanges (CEX) hackers made off with $35.8 million in 4 attacks.
In parallel, crypto hackers drained $263,382 from digital wallets in two incidents. Thus, the number of attacks on crypto market platforms in general doubled. Compared to 90 incidents in the first half of 2021 there were now 175, according to data from the aforementioned report. This equates to 94% growth.
The proliferation of crime within cryptocurrency platforms becomes one of the biggest challenges ahead for developers. Regaining investors’ trust becomes an uphill task as long as thefts become one of the most profitable activities for criminals. The worst month for DeFi projects was May, when 37 breaches were reported.
The most recent thefts in DeFi
As a sign of the boom in crypto market thefts, it is noted that the most recent event occurred about 3 days ago. The victim was the decentralized liquidity services platform Crema Finance, which runs on the Solana blockchain. In a series of texts on the social network Twitter, the company announced the extraction of almost $9 million by a hacker.
For now, the project suspended its activities and is working with experts to track the activity of criminals. They also state that the door is not closed for an amicable return of the extracted funds before taking further action.
Another major theft of recent date occurred against the Harmony chain. The crypto hackers who carried out this theft came from North Korea, one of the most active countries in money theft. The aforementioned platform suffered the mining of about $100 million in different currencies such as Ethereum, BNB and USDT and Wrapped Bitcoin. The breach was also executed on a bridge(Horizon Bridge).
Although Harmony is not among the most important of the multipurpose blockchains, some of its projects are of relevance. One of them is the popular DeFi Kingdoms game, which is one of the most complete in the entire crypto universe and is shaping up as a prelude to what could be a future metaverse platform.
In any case, the thefts within DeFi prolong the agony of a market that has suffered consecutive blows.
Lazarous is the most fearsome gang of hackers
Among the main beneficiaries of the thefts from crypto platforms are professional hackers from North Korea. Particularly, the Lazarous group is counted, which would have in its history thefts in the order of $2 billion dollars. Consequently, sophisticated North Korean hackers would have been responsible for the theft from Harmony.
They were also allegedly behind the colossal extraction of Axie Infinity’s Ronin. Now, experts explain, the Asian criminals are specializing in targeted attacks instead of small hacks. To this end, their actions are shifting from small protocols to bridges. This is where most of the money is being collected, as it involves combined figures from different protocols.
Likewise, these pirates would focus their thefts on projects in the Asia-Pacific region. Although Harmony, their most recent trophy, has its central point in the United States, a large part of the team is located in the aforementioned eastern region.
Thus, North Korean crypto hackers emerge as the most active and have perpetrated 15 successful attacks. Not far behind them are the American hackers, also with 15 verified thefts. The list is followed by criminals from Russia, China, the United Kingdom and Japan.
Negative consequences for decentralized finance
As one might expect, this negative burden on this financial form is one of the main drivers of the debacle. While the fall of Bitcoin and the rest of the cryptocurrencies has directly caused interest in decentralized finance to plummet, insecurity plays a major role. The most important applications are abandoned en masse since the end of 2021.
But in the second quarter of 2022, with the shock of the fall of Terra, the problems multiplied for DeFi projects. Dapps for lending, liquidity and decentralized exchanges have lost most of the trading volume and total value locked (TVL) since the peaks reached in November 2021.
To put a case in point, the Aave protocol held a TVL greater than $33 billion in November and now barely exceeds $5 billion. Capital flight, the collapse of Terra and the decline in the value of tokens and, with them, their yield, are among the main causes of investors abandoning DeFi.
But the actions of crypto hackers, which have always been a cause for concern, are now becoming a top-level alert due to the accelerated growth of hacking episodes. The lack of clear regulation also interferes with the ability of law enforcement agencies to prosecute criminals more effectively.
DeFi’s LTV continues to deflate
Overall, the bleeding of decentralized finance in terms of LTV, is one of the most outrageous. By November of last year they had amassed $303 billion in investor funds. Now, the figure is equivalent to $83.2 billion in the same currency denomination.
Of the amount described above, some $52.16 billion is in the Ethereum ecosystem, according to statistics portal Defillama.com. Many participants in that market claim that DeFi should not be subject to regulation. Doing so would be an attack on their very philosophy.
Despite what the concept of DeFi means for the financial independence of millions of people, non-regulation wreaks havoc. One should not lose sight of the fact that just as theft by crypto hackersproliferates, so do fake projects
The latter are platforms that offer attractive returns to attract the capital of thousands of users. Once they have enough capital deposited, the creators proceed to appropriate it by taking advantage of the anonymity guaranteed by the decentralized finance ecosystem. Rugpulls are becoming one of the phenomena that cause the abhorrence of DeFi.
Although avoiding a scam is more feasible than avoiding the exploitation of a bug by hackers, new users are often easy prey to them. In any case, the recommendation is to always keep your eyes open before putting money into decentralized projects, as they give criminals an advantage.