Reading time: ~2 m
We talk about how much, how and from whom cybercriminals stole in the crypto market in 2022, and how to protect yourself from scammers
In the past few years, attackers have been very actively profiting from the crypto market. The money that flows into their pockets would be enough to launch 48 rockets to Mars.
According to the calculations of Chainalysis analysts, since the beginning of 2022, attackers have robbed crypto projects by about $ 3 billion For comparison: in 2020, fraudsters stole assets for about $ 1.5 billion. in 2021, this figure increased by 80% to $ 7.7 billion.
Attackers make all participants and all sectors of the crypto market suffer. Billions of dollars are flowing from the crypto industry into the hands of criminals, which are unlikely to return back.
In this article, the editors of BeInCrypto collected information about what harm the attackers caused to the crypto market in 2022.
Non-fungible tokens (NFTs) are one of the most attractive targets for scammers. Due to the explosive growth in popularity, the product attracted the attention of not only users, but also hackers. For the first 2 quarters of 2022, hacks of NFT collections brought attackers a total of $84.6 million.
As a result of hacking the Discord server of the NFT collection Bored Ape, attackers stole 2 NFT worth at least $70K.
The NFT marketplace OpenSea was hacked at least twice in January of this year alone. For the first time, the attacker managed to remove more than $700 K. in ETH. The second time the theft was larger – at least 8 expensive NFTs were stolen from the marketplace for a total amount of more than $1.3 million. Both times, fraudsters took advantage of critical vulnerabilities of the platform: “interface problems” and an error in the program.
Another NFT marketplace, TreasureDAO, lost over 100 NFT from various collections. The total amount of damage according to preliminary data is estimated at $1.4 million. Hackers also took advantage of a bug in the protocol.
DeFi sector: projects, blockchains, sidechains
DeFi products are the main victim of criminal acts. New projects are often launched without proper security audits, so attackers easily find vulnerabilities in smart contracts and steal money from developers and users.
For example, on March 9, Fantasm Finance lost about $2.6 million in ETH due to the vulnerability of the smart contract.
On the first of April, the Ola Finance lending protocol was stolen about $4.6 million as a result of a hacker attack of the “re-entry” type.
Audius’ decentralized audio streaming service was also the victim of a hacker attack on $6 million. The attacker managed to change the configuration of the smart management contract.
In March, The Hundred Finance DeFi Credit Protocol lost about $6.5 million in ETH. The hackers used a “re-entry” attack.
DeFi-project Elephant Money became a victim of scammers who managed to steal more than $11 million from reserves. To attack, they used vulnerabilities in several smart contracts at once.
The Qubit Finance project lost about $80 million as a result of hacking. Here the attackers again took advantage of the vulnerabilities of the protocol.
One of the biggest attacks remains the hacking of the game Axie Infinity. From the game sidechain Ronin Network hackers kidnapped from above $615 million in ETH and USDC. Presumably, the North Korean group Lazarus Group is behind the incident.
Another Achilles heel of the crypto industry. Since the beginning of 2022, attackers have attacked cross-chain bridges thirteen times and stolen a total of $2 billion, analysts at Chainalysis found out.
In June, the Harmony Horizon Bridge lost $100 million as a result of hacking. During the attack, hackers took advantage of a long-identified vulnerability. Later, the scammers laundered the stolen goods through the now Suspended Mixer Tornado Cash.
The Nomad cross-chain bridge was also hacked, as a result of which about the scammers fell into the hands of scammers. $190 million Custom tools. Subsequently, the attackers returned $ 9 million.
In February, hackers brought the cryptocurrency to more than $320 million in ETH, by hacking the Wormhole cross-chain protocol. The reason was also discovered by the intruders creeTic vulnerability. Later, all losses were covered.
Loss in numbers
~ $85 million
lost the NFT sector
~ $725 million
lost DeFi sector
~ $2 billion
lost cross-chain bridges
Fraudsters most often use schemes focused on exploiting errors in protocols and vulnerabilities in smart contract projects. “Re-login” attacks and hacking Discord servers are also among the favorite hacking techniques.
However, attackers do not cease to invent new schemes. Here are just a few of the hacking innovations that have been spotted in 2022:
- Crypto wallet scams. This scheme was used with MetaMask. By sending fake e-mails, attackers try to fish out mnemonic phrases of users.
- Celebrity-enabled crypto scams. Attackers attract famous people to advertise the project in order to inspire user confidence.
- Fake airdrops. For example, in The Fair, fraudsters asked users to verify their data and make an advance payment for participation in the distribution of tokens, posing as the administration of the Telegram messenger.
How to protect yourself from scammers
Remember that no one but you will protect your money. In order to minimize risks, it is enough to adhere to a few basic rules:
- Private key, password, mnemonic phrase
Do not tell anyone this information and do not keep it on devices with internet access. It is best to write it down on paper and store it in a place known only to you.
- Cold Wallet
It is safest to keep cryptocurrency in storage without access to the Internet. Stealing funds from a hardware wallet is almost impossible.
- Caution on the Internet
It is better not to use public Wi-Fi – such connections are most often insecure. However, even if you are using a private network, use antivirus software. Download apps, programs, and files only from trusted sources.
- First try, then trust
Before you enter your data somewhere or deposit money, carefully study the history of the project. Choose to work only reliable platforms with a good reputation. Each time, check the addresses and domains to which you are going to send something.
All information contained on our website is published in good faith and objectivity and for informational purposes only. The reader is solely responsible for any actions taken on the basis of information received on our website.