In particular, according to data presented by Finbold, in 2022, the number of cryptocurrency-related heists hit 190 as of December 9, representing a growth of 43.93% from last year’s figure of 132. Notably, the number of heists hit double digits for the first time in 2018 at 38, a record growth of over 320% from the 2017 figure of 9. The lowest number of incidents was recorded in 2011 at 4. At the same time, the value lost in heists has varied over the years, with the top ten incidents leading to an accumulative fiat value loss of $4.28 billion. The March 2022 Ronin Network (Axie Infinity) heist ranks top with $620 million stolen, followed by Poly Network at $610 million. The Binance hack of October 2022 resulted in a loss of $570 million, followed by Coincheck at $532 million. The recent FTX crypto exchange collapse ranks in the fifth spot at $477 million, while the infamous MT Gox incident occupies the sixth spot overall at $470 million.
The growing number of crypto heists
The record number of heists in 2022 is an indicator that security issues have continued to persist since the inception of the digital currency space. Therefore, despite the sector entering an extended bear market, digital currencies are standing out as cash cows for hackers. Indeed, hackers are taking advantage of the cryptocurrency sector’s infancy stages to initiate the heists by leveraging sophisticated techniques, such as using multiple wallets and exchanges, to obscure their tracks and make it more difficult to identify them. In this line, the anonymity and lack of regulation in the cryptocurrency market partly make it easier for hackers to operate without being detected or traced. Historically, cryptocurrency thefts mainly saw hackers target users’ private keys to gain access to their funds through phishing, keylogging, social engineering, or other techniques. It is worth mentioning that the heists have taken different vectors, with hackers going for popular products in space. For instance, in recent months, the vast majority of targets have been decentralized finance (DeFi) protocols as the sector gains popularity. Other common means of attacks include exploiting blockchain bridges and market manipulation.
New vectors of crypto heists
However, the theft is taking a new turn, with insiders accused of using centralized platforms to steal. Notably, the current bear market has extended following the fraud allegations labeled against FTX founder Sam Bankman-Fried. The embattled ex-CEO has been charged with embezzling customer funds without following the right criteria. At the same time, the amount lost in the FTX collapse could be higher, considering that authorities are still investigating the matter. Overall, centralized platforms have increased their security levels by incorporating approaches such as implementing stringent KYC protocols and embracing anti-money laundering approaches. Consequently, they are less attractive to external bad actors. Interestingly, experts have also pointed to the open-source nature of the crypto space, arguing that with the sector’s growing popularity, hackers are increasingly exploiting vulnerabilities. Notably, hackers seek to exploit any code weakness to steal funds. Additionally, due to the anonymous nature of cryptocurrencies, stolen funds are mainly challenging to trace, making it difficult to compensate victims. Remarkably, tracing becomes a challenge with the existence of transaction masking features, with some funds channeling into laundering. However, for the few incidents where customers are compensated in digital assets, there has always been fear of the market destabilizing. For instance, after creditors reached a deal to compensate Mt Gox victims, there were fears that the liquating a significant amount of digital assets would crash the markets.
Managing the future of crypto heists
With the need for more regulations and formal systems in the crypto space, the responsibility mostly stops with investors and specific businesses. Overall, while it may not be possible to eliminate the risk of crypto heists, a combination of better security measures, regulatory oversight, and individual awareness is fronted as the measures to reduce the risk of these attacks and protect investors significantly. In general, the growing number of crypto heists has accelerated the need to enact the proper regulations with different jurisdictions seeking to protect investors. However, most regulators are torn between promoting innovations in crypto and protecting investors.