Following a year in which crypto-based fraudsters inflicted unprecedented levels of harm on their victims, digital asset-based scams and hacks are on the rise this year.
The US Department of Justice (DOJ) announced the seizure of six “virtual currency accounts” containing over $112 million in digital assets connected to investment scams on Monday.
The accounts were reportedly used to launder the proceeds of “cryptocurrency confidence scams,” in which fraudsters “cultivate long-term relationships with victims met online, eventually enticing them to invest in fraudulent cryptocurrency trading platforms.”
According to Assistant Attorney General Kenneth Polite Jr., the DOJ hopes to “swiftly return” the stolen funds to victims. Polite referred to the perpetrators as “transnational criminal organizations” that use “confidence scams and technological savvy to defraud Americans.”
“Depriving scam organizations of their ill-gotten gains is an important part of our strategy to combat these ruthless schemes,” said Eun Young Choi, head of the DOJ’s National Cryptocurrency Enforcement Team (NCET). The seizures “demonstrate the value of early notification by victims to law enforcement,” according to Choi, who praised the unfortunate wretches who came forward and admitted to being duped in this manner.
The DOJ’s efforts were aided by the FBI, which runs an Internet Crimes Complaint Center (IC3) that reported a total of $2.57 billion in crypto-related losses in 2022. Not only did this account for the majority of the $3.31 billion in total losses reported to the IC3 last year, but the digital asset component was up 183% from 2021.
According to the FBI, the majority of online fraud cases involve so-called ‘pig butchering’ rings that develop trust with their victims over time before directing them to digital asset investments run by other members of the ring. These ‘investments’ frequently show significant gains at first, after which victims are encouraged to increase their investment ante.
Many of these scams, according to the FBI, involve “malicious smart contracts accessed through cryptocurrency wallet software.” This is consistent with other stories about ‘fish farming’ rings that use malicious multi-sig wallets to steal victims’ deposited virtual assets.
According to the South China Morning Post, an Italian ex-pat in Hong Kong lost $1.8 million over five weeks after falling victim to a romance scammer he encountered on Tinder. According to Hong Kong officials, while the number of such cases dropped 7% between 2021 and 2022, the total amount scammed last year increased 16% to HKD697 million (US$88.8 million).
Hacks and rug pulls more frequent, less valuable
Immunefi, a ‘whitehat’ hacker group that describes itself as the ‘leading bug bounty platform for Web3,’ recently released its Crypto Losses in Q1 2023 report. The report shows a significant rise in the number of ‘blackhat’ hacks in the first three months of the year but a dramatic fall in the value of funds lost to these hacks.
Immunefi reported 73 hacks in the three months ending March 31, up from just 25 in the same time last year, based on publicly available data. The $437.5 million lost in these hacks, however, was down 64.4% year on year, owing in part to the dramatic drop in the fiat worth of most tokens since Q1 2022.
Decentralized finance (DeFi) platforms appear to be irresistible to hackers, accounting for 99.6% of Q1 losses, compared to 0.4% for centralized finance (CeFi) platforms like digital asset markets. Total CeFi losses in the first quarter were $1.8 million due to two incidents, a substantial decrease from the $76.4 million losses in the first quarter of 2022.
Hacks of two DeFi projects—lender Euler Finance and ‘self-sovereign finance solution’ Bongdao—together accounted for 72.5% of all Q1 financial losses. Euler Finance had $197 million worth of various tokens stolen last month, but following what Euler Labs called “successful negotiations” with the hacker(s), the funds were recently returned. Only 40.5% of the overall funds stolen in Q1 have so far been recovered (although the last $20 million of the Euler funds weren’t returned until this week, so the real percentage figure will be slightly higher).
The usual suspects
Hacks accounted for 95.7% of crypto-focused financial losses due to criminal activity in Q1, with rug pulls representing a mere 4.3% of this criminal pie. Interestingly, nearly three-quarters of these rug pulls took place on BNB Chain, the proprietary network operated by controversial digital asset exchange Binance. BNB Chain also accounted for over 41% of total sums lost to hacks and rug pulls in Q1.
According to Immunefi’s report, triaging team lead Adrian Hetman stated that BNB Chain “has a serious issue with developers using forked code.” Its community lacks a security-first mindset and attracts a large number of users looking for a quick method to make money.”
In Q1, BNB Chain experienced 33 noteworthy thieving incidents, dethroning the previous champion Ethereum, which experienced only 22 such exploits. Arbitrum, the new ‘layer 2’ attempt to address Ethereum’s notorious scaling issues, led the way with eight negative incidents, outperforming rival Ethereum scaling ‘solutions’ Polygon (5) and Optimism (1). (3).
BNB was also the most targeted blockchain in 2022, experiencing 65 negative incidents, representing 36% of all chain attacks. That was up sharply from the 43 attacks BNB endured in 2021. It’s worth noting that BNB’s Q1 total is already more than half the number of incidents it recorded during all of 2022.
Previous leader Ethereum experienced 49 assaults in 2022, just four more than in 2021. Last year, the perennially problematic Solana chain placed third with 12 incidents, with Avalanche (8) and Polygon (4) rounding out the top five.
BNB placed third on the overall money list in 2022, with $570 million lost, trailing only Ronin ($625 million) and FTX ($650 million). BNB suffered losses last October after a hacker allegedly discovered a ‘critical flaw’ in the software, allowing them to create millions of new BNB.
The man in the white hat
Immunefi also published its most recent report on the motivations that lead a hacker to choose a white hat over the black Stetsons of the malicious hacking fraternity. According to the Hacker Ecosystem Survey, 77% of whitehat respondents were interested in solving technical problems, which was slightly higher than the 69% who were interested in cash rewards for exposing software vulnerabilities. Other motivators included expanding career possibilities (62%), and something related to ‘community’ (38%).
More than half of whitehats are between the ages of 20 and 29. Around 8% are precocious adolescents, while only 1.8% have been breathing for more than half a century. And, yes, they are almost entirely male (95.5%), though the number of females has increased by one percentage point since the previous poll.
Nearly 54% of whitehats consider hacking to be their main occupation, down from 60.2% in the previous survey. Two-thirds said bounty size was the most important element in deciding which bounty program to hunt on. Surprisingly, bounty size was rated third (36.3%) in whitehats’ decision to reject a bounty program, trailing ineffective communication (49.6%) and a lack of confidence in a project or program (62.8%).
Whitehats identified reentrancy as the most serious vulnerability (43.2%), far clear of access control (18.2%). Surprisingly, a large majority of whitehats (76.1%) observed increases in attack surfaces while also seeing increased security measures by projects (88.5%).
Source: coingeek.com
