[ad_1]
Digital asset-based scams and hacks have soared this year, following a year in which crypto-based fraudsters inflicted unprecedented levels of damage on their victims.
On Monday, the US Department of Justice (DOJ) announced the seizure of six “virtual currency accounts” containing more than $112 million in digital assets linked to investment fraud. The accounts were allegedly used to launder the proceeds of “cryptocurrency trust scams” in which fraudsters “establish long-term relationships with victims they meet online, eventually persuading them to invest in fraudulent cryptocurrency trading platforms.”
Assistant Attorney General Kenneth Polite Jr. said the DOJ hoped to “soon return” the stolen funds to the victims. Polite describes the perpetrators as a “transnational criminal organization” that combines “fraud of trust with technological savvy to deceive Americans.”
Eun Young Choi, director of the DOJ’s National Crypto Currency Enforcement Team (NCET), said, “Snapping the profits from fraudulent organizations is an important part of our strategy to combat this vicious scheme.” The seizure “demonstrates the value of early notification by victims to law enforcement,” and Choi thanked the unfortunate people who were brave enough to come forward and admit to being conned in this way.
The DOJ’s efforts received assistance from the Federal Bureau of Investigation (FBI), which operates the Internet Crime Complaints Center (IC3) which reported a total of $2.57 billion in crypto-related losses in 2022. That not only represents a large portion of the $3.31 billion in total losses that reported to IC3 last year, but the share of digital assets is also up 183% from 2021.
The FBI says most online fraud cases involve so-called ‘hog-slaughtering’ rings that build relationships with their brands, building trust over time before directing victims to digital asset investments run by other members of the network. These ‘investments’ often show significant returns initially, after which victims are encouraged to up the ante on their investments. Once they do, the noose is tightened, and the money is gone.
The FBI notes that many of these scams involve “malicious smart contracts accessed via cryptocurrency wallet software.” That’s according to other reports regarding “fish farming” rings that utilize malicious multi-sig wallets to deprive victims of stored virtual assets.
The South China Morning Post recently reported on the sad story of an Italian expatriate in Hong Kong who lost $1.8 million over five weeks after falling prey to a romance scammer he met on Tinder. Hong Kong authorities said that while the number of such cases fell by 7% from 2021 to 2022, the total number defrauded last year rose 16% to HKD697 million (US$88.8 million).
Hacks and rugs pull more often, worth less
Immunefi, a ‘whitehat’ hacking group that describes itself as the ‘leading bug bounty platform for Web3,’ recently released its Crypto Loss report for Q1 2023. The report shows a significant increase in the number of ‘blackhat’ hacks in the first three months of the year. , but a dramatic reduction in the value of the funds lost as a result of this hack.
Using publicly available data, Immunefi reported 73 hacks in the three months ending March 31, up from just 25 in the same period last year. However, the $437.5 million lost in this hack is down 64.4% year-over-year, due in part to the dramatic decline in the fiat value of most tokens since Q1 2022.
So-called decentralized finance (DeFi) platforms appear especially tempting to hackers, accounting for 99.6% of Q1 losses, compared to just 0.4% for centralized financial (CeFi) platforms such as digital asset exchanges. CeFi’s total loss in Q1 was $1.8 million from the two incidents, a significant reduction from the $76.4 million loss in Q1 2022.
The hacks of two DeFi projects—lender Euler Finance and ‘self-finance solutions’ Bongdao—together accounted for 72.5% of all Q1 financial losses. Euler Finance has a $197 million worth of various tokens stolen last month, but is following what Euler Labs is calling “successful negotiation” with hackers, funds just got refunded. So far only 40.5% of the total stolen funds in Q1 (although the last $20 million of Euler’s funds were not returned until this week, so the actual percentage figure will be slightly higher).
The usual suspect
Hacks accounted for 95.7% of crypto-focused financial losses due to criminal activity in Q1, with the pull of the rug representing just 4.3% of this criminal pie. Interestingly, nearly three-quarters of this rug pull occurred on BNB Chain, the proprietary network operated by the controversial digital asset exchange Binance. BNB Chain also accounted for over 41% of the total amount lost to rug hacks and pulls in Q1.
The Immunefi report quotes triage team lead Adrian Hetman as saying BNB Chain “has a serious problem with developers using forked code. The community lacks security and attracts a large number of users looking for quick ways to make money.”
BNB Chain experienced 33 notable theft incidents in Q1, toppling the previous champion Ethereum, which suffered just 22 such exploits. Arbitrum, a new ‘layer 2’ effort to alleviate Ethereum’s infamous scaling challenges, charged out of the gate with eight negative incidents, beating out rival Ethereum scaling ‘solutions’ Polygon (5) and Optimism (3).
BNB was also the most targeted blockchain in 2022, experiencing 65 negative incidents, representing 36% of all chain attacks. That’s a sharp increase from the 43 attacks BNB experienced in 2021. It should be noted that BNB’s Q1 total was already more than half the number of incidents recorded during 2022.
The previous record holder, Ethereum, experienced 49 attacks in 2022, just four times as many as in 2021. The troubled chain Solana consistently ranks third with 12 incidents last year, while Avalanche (8) and Polygon (4) round out top five position.
In terms of dollar value, BNB ranks third on the 2022 overall money list with a loss of $570 million, behind only the Ronin ($625 million) and FTX ($650 million). The BNB loss occurred last October after a hacker reportedly discovered a ‘critical bug’ in the software that allowed them to mint new BNB millions.
The man in the white hat
Immunefi also released its latest report on the motivation behind hackers’ decision to wear white hats instead of the black Stetson of the dangerous hacking fraternity. The Hacker Ecosystem Survey found that 77% of whitehat respondents are interested in solving technical challenges, slightly more than those seeking financial rewards for exposing software vulnerabilities (69%). Other motivators include increased career opportunities (62%) and something to do with the ‘community’ (38%).
More than half of white hats are between the ages of 20-29. About 8% were precocious adolescents, while only 1.8% claimed to have been breathing for more than half a century. And yes, they are almost all men (95.5%), although the number of women has increased by one percentage point from the previous survey.
Nearly 54% of white haters see hacking as their main job, down from 60.2% in the previous survey. Two-thirds identified prize size as a key factor in choosing which bounty program to pursue. Interestingly, bounty size ranked third (36.3%) in white hats decisions to close the bounty program, behind inefficient communication (49.6%) and lack of trust in the project or program (62.8%).
The largest single vulnerability identified by whitehat was re-entry (43.2%), far above access control (18.2%). Somewhat paradoxically, most whitehats reported an increase in attack surface (76.1%) but also saw an increase in security measures by the project (88.5%). And the circle of life continues…
Follow CoinGeek’s Crypto Crime Cartel series, which investigates group flows — from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple,
Ethereum, FTX, and Tether—which have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.
New to Bitcoins? Check out CoinGeek Bitcoins for Beginners section, the ultimate resource guide for learning more about Bitcoin—as Satoshi Nakamoto originally envisioned it—and the blockchain.
[ad_2]
Source link