Adding to the cryptocurrency sector’s 2022 woes, hackers stole $3.8 billion from crypto companies last year.
This, as a new crypto crime report from blockchain intelligence platform Chainalysis found that 2022 was the biggest year in the cryptocurrency sector’s decade-plus history for losses stemming from hacks by bad actors.
The crypto industry has historically suffered from the perception that its anonymous and decentralized technical architecture provides a haven for money laundering and other illicit activities around the globe.
North Korea-linked hackers alone made off with $1.7 billion of ill-gotten funds in 2022, according to the report, and most experts agree the North Korean government is using the stolen money to fund its nuclear weapons programs.
As reported by PYMNTS Wednesday (Feb. 1), billionaire Berkshire Hathaway Vice Chairman Charlie Munger has even gone so far as to call for the U.S. to issue an outright ban on cryptocurrencies, while the White House is calling on Congress to step up and do more in enforcing the digital asset industry.
Record Losses
The past year’s $3.8 billion lost to cybercrime is up from $3.3 billion in 2021 hacks, and $500 million illicitly absconded with during both 2020 and 2019, per the Chainalysis report.
Hacking activity reportedly “ebbed and flowed” throughout the year, with March and October of 2022 witnessing the biggest spikes in crypto cybercrime activity, the report stated.
October alone saw 32 separate cyberattacks where a staggering $775.7 million was stolen.
In early November, cryptocurrency exchange FTX suffered its now-infamous collapse.
While the company’s implosion was unrelated and was allegedly due to criminal acts coming from within the company, not outside, FTX has attributed some of the shortfall in its balance sheet to more than $400 million lost as a result of hacks across its international and U.S. exchanges.
As reported by PYMNTS, Chainalysis helped the FTX Debtors committee track the movement of those stolen funds.
DeFi’s Bullseye
In contrast to FTX, which while in solvent operation acted as a centralized cryptocurrency trading platform, decentralized financial (DeFi) protocols and platforms suffered the biggest breaches for the year — representing 82.1% of all stolen assets, or a whopping $3.1 billion, Chainalysis found.
This was up from 73.3% in 2021, with 64% of the losses suffered by DeFi actors coming from cross-chain bridge protocols specifically, according to the report.
DeFi is a type of financial technology that leverages distributed ledger technology, including the blockchains used for cryptocurrencies, to replace traditional financial intermediaries and trust mechanisms with peer-to-peer protocols and smart contracts that are meant to make it easier for people to use money without relying on third parties.
It has in the past been held up as a gold standard by crypto industry observers, who claim that its on-chain transparency inherently prevents the type of fraudulent behavior and scams that have consistently felled centralized crypto platforms.
While allegedly safe from internal fraud and the type of blowups that characterized 2022’s crypto landscape, DeFi appears instead to be increasingly vulnerable to external hackers.
That’s because all DeFi transactions happen on-chain, and the smart contract codes governing the technology’s underlying protocols are publicly viewable by default, so users can know exactly what will happen to their funds when they use them. But this transparency simultaneously creates vulnerabilities for hackers who can search through the publicly available code for any weaknesses to exploit.
The majority of DeFi hacks targeted cross-chain bridge protocols, which let users move their cryptocurrency assets from one blockchain to another. The way this works is by locking user assets into a smart contract on the original chain, and then mining an equivalent asset value on the second chain — in effect turning the smart contracts into centralized repositories of funds used to back the assets on the new chain. That makes them ripe for bad actors and hackers to pillage if any weak spots in the code exist and can be exploited.
Many of the issues leaving DeFi platforms open to cybercrime are due to investments in growth and user acquisition, rather than security. The Chainalysis report called on DeFi actors and developers to look to traditional financial institutions for examples of how to make their platforms more secure.
DeFi industry leaders are currently going after the $7.2 trillion global currency market, claiming in a paper published online last month that using stablecoins and DeFi protocols to send money instead of traditional financial intermediaries would cut the cost of global remittances by 80% and eliminate settlement risks.
Let’s hope some of those cost savings are reinvested into cybersecurity initiatives.
For all PYMNTS crypto coverage, subscribe to the daily Crypto Newsletter.