In a twist of fate or however you deem it, cryptocurrency hackers are returning the money they stole. But why is that? This startling yet puzzling move has got many speculating. Did they suddenly gain a conscience, is it perhaps an elaborate ploy, or simply a result of an increase in regulatory attention?
In a report released on 22 May 2023 by TRM labs, a blockchain intelligence firm, an intriguing trend is emerging in the world of crypto. During the first three months of 2023, a series of 40 attacks orchestrated by hackers resulted in approximately $400 million being illicitly acquired from various crypto projects.
However, amidst these disconcerting developments, an encouraging discovery surfaces ─ a remarkable 70% decrease in such incidents compared to the first quarter of last year. Furthermore, TRM's report reveals a noteworthy evolution in the nature of these cyber intrusions. The average magnitude of the pilfered sums has notably diminished, plummeting from $30 million in 2022 to a significantly reduced $10.5 million for the same time frame this year.
Additionally, hackers have displayed a growing tendency to return the funds they have absconded, opting for a "white hat" reward from the very projects they exploited. As a result, TRM Labs estimates that victims of these breaches managed to recover nearly half of the misappropriated funds throughout 2023.
One such noteworthy case earlier this March involves the TenderFi protocol, where an attacker seized a substantial sum of $1.6 million. Surprisingly, he chose to return half of the ill-gotten gains, prompted by a generous $850,000 bounty offered by TenderFi.
In a strikingly similar occurrence during the same month, the malefactor responsible for exploiting the Euler lending protocol astounded the crypto community by agreeing to relinquish the entire $200 million worth of digital assets they had absconded with.
Then as of last month, another fascinating tale unfolded in the realm of crypto exploits. The perpetrator who orchestrated the draining of the Safemoon protocol exhibited a partially redemptive gesture by returning $7.1 million out of the $9 million that was pilfered.
These developments leave us pondering the motivations that prompt hackers to engage in such unexpected acts of restitution and raise several fascinating questions: What compelled these individuals to return a portion, or in some cases, the entirety of their ill-gotten gains? Is it a newfound sense of ethical responsibility, the allure of lucrative bounties, or simply a platform for them to display their abilities?
TRM Labs' report proposed a compelling explanation for this unexpected trend of hackers returning stolen funds ─ one that revolves around the mounting regulatory scrutiny surrounding crypto hacks, coupled with a series of prominent enforcement cases.
To begin, let us examine the growing emphasis on Know Your Customer (KYC) and Anti-Money Laundering (AML) policies adopted by crypto exchanges. As these platforms intensify their efforts to fortify their security measures, it becomes increasingly arduous for hackers to convert their stolen coins into tangible assets. This can potentially serve as a deterrent.
Simultaneously, Tornado Cash, the widely utilised Ethereum (ETH) mixing protocol renowned for its ability to facilitate money laundering on the ETH network, has encountered a formidable obstacle. Since August 2022, Tornado Cash finds itself ensnared by the United States of America (US)'s sanctions, effectively blacklisting all Tornado-related funds across regulated exchanges. This development sets in motion a chain of intriguing repercussions, leading us to question the broader ramifications it may hold for both hackers and the regulatory landscape.
In addition to the aforementioned factors, another intriguing development has emerged in the realm of decentralised finance (DeFi) exploits, potentially contributing to the observed shift in hackers' behavior. The notable case of Avraham Eisenberg, who made headlines as the first individual known to be apprehended for a DeFi exploit, warrants closer examination. Eisenberg's audacious act involved the exploitation of the Mango Markets protocol, a brazen endeavour that he openly confessed to, thereby exposing a vulnerability within the protocol. The consequences of his actions caught up with him in December when he was arrested in Puerto Rico.
TRM Lab's head of legal and government affairs Ari Redbord elaborated, "The ability to trace and track stolen funds has gotten better and better ─ not just by investigators using blockchain intelligence like TRM, but by sleuths on Twitter using open source tools ─ and has created an environment where hacked funds are being tracked publicly in real time. Malicious hackers are increasingly having difficulty off-ramping funds and are therefore settling for bug bounties. We are also seeing so-called 'white hat' hackers become more and more a part of the ecosystem and could be a helpful way for DeFi services to harden cyber controls.”
TRM Labs concluded the report by stating that the slowdown in hacks is "most likely a temporary reprieve rather than a long-term trend.” "Although we are likely to see crypto hacks rebound, widespread adoption of industry security measures and increased user education, can help prevent the industry from revisiting or exceeding the record-setting USD 3.7 billion stolen in 2022," the report surmised.
And by exploring these intricacies, we can gain a deeper understanding of the ever-evolving landscape of crypto security and the potential measures to safeguard against such threats.