The Dark Side of Digital Currency: Over $30B Pillaged in Crypto Hacks Since 2012

Cryptocurrency, a ground-breaking innovation that has transformed the FinTech industry and beyond, undoubtedly holds tremendous potential. However, beneath its transformative facade lies a darker side that cannot be ignored. The realm of crypto has witnessed malicious actors exploiting its vulnerabilities through scams and hacks, leading to catastrophic financial losses.

Did you know that a recent report by SlowMist unveiled some staggering figures in the world of cryptocurrency?

Brace yourself: a mind-boggling $30 billion worth of cryptocurrency has been hacked in a whopping 1,101 documented incidents spanning from 2012 to the present day.

That is equivalent to around 2.5% of the entire market capitalisation of cryptocurrencies! This begs the question: just how vulnerable is the world of digital currencies? SlowMist's comprehensive analysis identified the top five most prevalent types of hacks: smart contract vulnerabilities, rug pulls, flash loan attacks, scams, and private key leaks.

Delving deeper into the numbers, we find that among these documented incidents, there were 118 exchange hacks, 217 hacks within the Ethereum (ETH) ecosystem, 162 within the BNB Smart Chain ecosystem, 119 within the EOS ecosystem, and 85 hacks associated with non-fungible tokens (NFTs). It is worth noting that exchange hacks alone accounted for the largest losses, surpassing a staggering $10 billion over the past decade.

And just in the final week of June, the crypto market encountered a significant blow, witnessing a substantial setback of nearly $150 million due to a series of hacks and Web3 crypto scams.

Drop in Security Incidents since 2022
A finding from the report reveals a fascinating trend: hack events resulting in losses surpassing $1 billion reached their pinnacle during the early 2010s and again between 2019 and 2021. However, an intriguing twist emerges as we delve deeper into the data. Since 2022, there has been a discernible decline in the number of security incidents — a trend that resonates with similar discoveries made in other reports.

Notable Attacks in the Early Days
Embarking on a journey through the annals of Bitcoin's history, we encounter two monumental attacks that left an indelible mark on the cryptocurrency landscape. The year 2014 witnessed the infamous Mt Gox hack, a watershed moment in the industry. M. Gox, once the largest Bitcoin (BTC) exchange globally, faced a grim reality as it was forced to declare bankruptcy.

A staggering 850,000 BTC, valued at a jaw-dropping $25.2 billion at the time, had been silently siphoned away through a series of discreet hacks spanning several years. Thankfully, 200,000 BTC had been recovered which is worth a significant $6.1 billion, and they are currently engaged in the intricate process of redistributing them to its creditors.

Then in 2016, and another harrowing incident comes to the forefront — the Bitfinex hack. This security breach resulted in the loss of a staggering 119,576 BTC, valued at approximately $70 million at the time and now a mind-boggling $3.7 billion. Luckily in 2022, the Department of Justice's special agents managed to reclaim over three-fourths of the stolen funds, amounting to a remarkable 94,000 BTC.

No Rest for the Weary
If you think there is a respite coming, think again. Gaming hardware giant Razer has found itself embroiled in a potential hack that has targeted its digital wallet, Razer Gold — a platform cherished by customers for purchasing games and in-game content. The gravity of the situation prompted Razer to launch a thorough investigation into the incident, as it strives to safeguard the interests of its valued users.

Razer’s spokesperson confirmed that the company had been made aware of the breach on Sunday. While specific details regarding the extent of the impact on accounts or users were not disclosed, the spokesperson emphasised that Razer's team swiftly sprang into action. Conducting a comprehensive assessment of all Razer websites, they left no stone unturned in their quest to fortify the company's platforms.

In a revelation brought to light by the threat intelligence platform FalconFeedsio, a recent Twitter post uncovered a disturbing advertisement on a hackers' forum. The post disclosed the intent of a seller, operating under the username "Nationalist," to market a treasure trove of valuable assets related to Razer and its products.

These assets included source codes, encryption keys, database access, and backend login credentials. The audacity of the seller was further highlighted by the inclusion of an intriguing price tag of $100,000 in Monero — a cryptocurrency renowned for its claims of being untraceable and decentralised. The seller even expressed a willingness to entertain lower offers.

Arcadia Finance, a non-custodial decentralised finance (DeFi) protocol, has fallen victim to an exploit that resulted in losses amounting to a staggering $455,000 across the Ethereum and Optimism networks recently. In the wake of this unfortunate incident, Arcadia has taken swift action by collaborating with trusted security partners to mitigate the impact of the attack.

The protocol promptly halted its contracts, demonstrating a commitment to safeguarding user funds and restoring stability. The initial alert regarding the hack came from PeckShield, a renowned blockchain security expert, which identified the root cause as the "lack of untrusted input validation." This loophole allowed malicious actors to drain funds from the darcWETH and darcUSDC vaults. However, the vulnerabilities did not end there. PeckShield also shed light on another critical weakness in the DeFi protocol, specifically the "lack of re-entrancy protection." Exploiting this flaw enabled instant liquidation to bypass the internal vault health check.

Just last Saturday, CivFund fell victim to an exploitative breach in one of its contracts. While the exact details surrounding the exploit remain shrouded in uncertainty, the impact is undeniable. A staggering sum of over $180k in approved user funds has been pilfered by the attackers.

Then last Thursday, Multichain, the cross-chain bridge protocol, was thrust into the spotlight. The protocol faced an alarming series of unauthorised and substantial withdrawals, hinting at the possibility of a hack or even a rug pull orchestrated by insiders. This bewildering turn of events has left countless ecosystem participants grappling with a sense of disbelief and seeking answers to the unfolding mystery. With losses surpassing a staggering $125 million, Multichain's recent exploit has firmly etched its name among the annals of the largest crypto hacks on record.

Delving deeper into the matter, we can examine the intriguing movement patterns on the Chainalysis Reactor graph, shedding light on the intricate pathways taken by these illicit funds.

These attacks seem relentless with hacks happening almost on a daily basis as reported by SlowMist and some of the latest victims include AzukiDAO, Encryption AI, Poly Network — the list goes on.

Some of History’s Biggest Hacks Will Shock You
In an announcement that shook the industry on last March, Ronin Network came forward to disclose the staggering loss of a jaw-dropping $620 million. The gravity of the situation intensified as Etherscan, a trusted authority on blockchain analytics, delved deeper into the breach, revealing the malicious tactics employed by the attacker.

Exploiting hacked private keys, the assailant orchestrated a series of withdrawals from the Ronin bridge. Sky Mavis, the publishers of the immensely popular Axie Infinity game, and the Axie DAO found themselves ensnared in the web of this exploit as the Ronin validator nodes bore the brunt of the attack. The FBI attributed the Ronin Network hack to none other than the notorious North Korean hackers, specifically the infamous Lazarus Group.

Coincheck, a Japanese-based exchange, suffered a staggering loss of $530 million worth of NEM (XEM) tokens in January 2018. It was revealed that a staffing deficit at the time played a pivotal role, providing an opening for the hackers to exploit the system. The absence of a robust workforce created a window of opportunity, allowing unauthorised access to the exchange's infrastructure. Adding fuel to the fire, the presence of funds in hot wallets, coupled with insufficient security measures, provided the perfect storm for the hackers to successfully compromise the system.

Questionable Future in Terms of Security
These eye-opening statistics raise critical concerns about the security of our digital assets and the need for robust measures to safeguard the future of cryptocurrencies. How can we fortify our defenses against such malicious acts? What measures should be taken to ensure the integrity of this burgeoning market?