The landscape of cryptocurrency security is ever evolving, and as we navigate through 2024, the industry has witnessed a significant shift in the nature of crypto hacks. The year has seen an increase in the frequency of these incidents, but interestingly, the focus of attackers has moved away from smart contracts to more vulnerable targets such as private key leaks.
In the first quarter of 2024 alone, hackers absconded with digital assets valued at a staggering $542.7 million, marking a 42% increase from the previous year. This surge is attributed to the attackers’ strategic shift in targeting, opting for the less fortified private key information over the more robust smart contracts. Phishing attacks, which lure individuals into divulging sensitive information, have become a preferred method for these cybercriminals.
One of the most notable incidents of the year involved a trader who lost $71 million in crypto to a sophisticated phishing attack. In a surprising turn of events, the stolen funds were returned after the incident garnered significant attention, leading to the identification of the attacker’s location.
Tekedia Mini-MBA edition 15 (Sept 9 – Dec 7, 2024) has started registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The decrease in smart contract exploits is credited to the development of more advanced security tools that help identify and rectify weaknesses before they can be exploited. Despite this progress, the total losses due to crypto hacks remain substantial, with over $700 million lost across 108 incidents in 2024 so far. The decentralized finance (DeFi) sector continues to be a hotbed for such attacks, with Ethereum experiencing the highest volume of hacks.
The rise in crypto hacks underscores the importance of robust security practices and the need for continuous vigilance in the crypto community. Users are encouraged to employ secure storage methods for their private keys and to be wary of phishing attempts. As the crypto space grows, so does the sophistication of attackers, making it imperative for both individuals and platforms to prioritize security to safeguard their digital assets.
For a deeper dive into the biggest hacking attempts of 2024 and an analysis of the methods used by hackers, readers can refer to specialized reports that provide a comprehensive overview of the incidents and their impact on the crypto ecosystem. These reports not only detail the hacks but also offer insights into the future roadmap for enhancing security measures within the industry.
Here are some essential preventive measures to protect against crypto hacks:
Use Hardware Wallets: Hardware wallets provide an extra layer of security by storing private keys offline, making them inaccessible to online hackers.
Enable Two-Factor Authentication (2FA): 2FA adds a second verification step to ensure that only the rightful owner can access the crypto assets.
Be Wary of Phishing Attempts: Always verify the authenticity of websites and emails before entering sensitive information. Phishing is a common method used by hackers to gain access to private keys and other secure data.
Keep Software Updated: Regularly update all software, including wallets, to the latest versions. Updates often include patches for security vulnerabilities.
Use Strong, Unique Passwords: Create complex passwords that are difficult to guess and use a different password for each account or service.
Avoid Public Wi-Fi for Transactions: Public Wi-Fi networks are less secure and can be a hotbed for man-in-the-middle attacks. Always use a secure, private connection when dealing with cryptocurrencies.
Regular Backups: Keep regular backups of your wallet’s seed phrase or private key in a secure location. This ensures access to your assets in case of hardware failure or loss.
As we navigate through the rest of 2024, the crypto community must remain alert and informed. The lessons learned from each hack can serve as valuable knowledge to fortify defenses and prevent future losses. The collective effort to improve security protocols and educate users will be crucial in building a more resilient and trustworthy digital economy.
Cryptocurrency: The New Frontier For Concealing Illicit Funds Trails by Money Launderers – Chainalysis Report
According to a report by Chainalysis, an American blockchain analysis firm headquartered in New York City, it revealed that money launderers are increasingly using crypto to conceal the movement of illegally obtained funds.
The report revealed that the widespread adoption of crypto has turned it into a tool for laundering proceeds from various off-chain crimes such as narcotics trafficking and fraud. By 2024, money laundering through crypto had encompassed all types of crime, not just those inherently tried to the crypto ecosystem.
Recall that in Nigeria, in February this year, the Central Bank of Nigeria (CBN) governor Yemi Cardoso, alleged that over $26 billion in illicit flows passed through Binance last year. This led the Nigerian government to block Binance operations in the country, as well as other crypto firms to avert what it considers continuous manipulation of the forex market and illicit movement of funds.
In data highlighted by Chainalysis, since 2019, nearly $100 billion in funds have been sent from known illicit wallets to conversion services. The highest amount recorded was in 2022, with $30 billion identified, largely attributable to transactions involving sanctioned services.
In 2022, just 542 deposit addresses received over $1 million in illicit cryptocurrency. For a total of $6.3 billion, which was over half of all illicit value received by centralized exchanges that year.
These amounts represent the dollar value of the assets at the time they leave wallets associated with illicit actors. The estimates only include the totals moved from illicit sources to crypto services and exclude the value of transactions among intermediaries, which can involve tens or hundreds of individual transactions.
Fast forward to 2023, 109 exchange deposit addresses received over $10 million worth of illicit cryptocurrency each, and collectively, they received $3.4 billion in illicit cryptocurrency. Overall, centralized exchanges remain the primary destination for funds sent from illicit addresses, at a rate that has remained relatively stable over the last five years. Over time, the role of illicit services has shrunk, while the share of illicit funds going to DeFi protocols has continued to grow.
Crypto criminals may not be the only ones trying to hide their illicit fund movements across blockchains, as Chainalysis noted that traditional money launderers and criminals working outside crypto may be moving their cash on-chain too. Traditional money launderers are starting to utilize crypto networks to create “large-scale money laundering infrastructure” to clean cash that originated, outside of crypto, Chainalysis Head of Research Kim Grauer told CoinDesk.
This is primarily attributed to the overall growth of DeFi generally during the period, but noted that DeFi’s inherent transparency generally makes it a poor choice for obfuscating the movement of funds.
2023 mostly resembled 2022 in terms of the breakdown of service types used for money laundering, but there was a slight decrease in the share of illicit funds moving to illicit service types, and an increase in funds moving to gambling services and bridge protocols.
A big share of crypto money laundering activity is relatively unsophisticated and consists of bad actors simply sending funds directly to exchanges. However, crypto criminals with more sophisticated on-chain laundering skill sets such as notorious North Korean cybercriminals associated with hacking gangs like Lazarus group tend to utilize a greater variety of crypto services and protocols.
Overall, the report notes that crypto criminals are diversifying their money laundering activity across more nested services or deposit addresses to better conceal it from law enforcement and exchange compliance teams. Spreading the activity across more addresses is also a strategy used to lessen the impact of any one deposit address being frozen for suspicious activity.