News

Cryptocurrency theft increases along with the value of cryptocurrencies

Published

7 months ago

on

Cryptocurrency Fraud
,
Cybercrime
,
Cybercrime as a Service

Private key and seed phrase compromise remains the primary attack vector, TRM Labs reports

Matthew J. Schwartz (Euroinfosec) • July 9, 2024


Image: Shutterstock

Cryptocurrency-targeting heists yielded twice as much stolen proceeds in the first half of 2024 as in the first half of 2023.

See also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing


TRM Labs Blockchain Intelligence Platform She said A new report says that hackers stole $1.4 billion in cryptocurrency in the first six months of this year, up from $657 million stolen in the same period last year.


Additionally, “more money was stolen during each of the first six months of 2024 than in the corresponding months of 2023,” TRM Labs said, adding that over the same time frame, the average value of cryptocurrency stolen in each individual attack increased by 150%.


This year, “similar to 2023, a small number of large attacks accounted for the lion’s share of the haul: the top five hacks and exploits accounted for 70% of the total amount stolen so far this year,” he said. “Private key and seed phrase compromises remain a major attack vector in 2024, along with smart contract exploits and flash loan attacks.”


Despite this increase, “thefts through cyberattacks and exploits are a third less than in the same period in 2022, which remains a record year,” he said.


Since the early days of bitcoin, experts have often reported seeing the volume of hacks and the amount of cryptocurrency stolen directly correlate with the rise or fall in the value of the cryptocurrency. When cryptocurrency becomes more valuable, many attackers switch to targeting it, and this is true not only for bitcoin but for a variety of other tokens mashed potato.


Over the past year, that appears to be exactly what has happened, with the value of various types of digital coins, including Ether (also known as ETH), rising, said Ari Redbord, global head of policy at TRM Labs, said Reuters. “While we haven’t seen any fundamental changes in the security of the cryptocurrency ecosystem, we have seen a significant increase in the value of various tokens, from bitcoin to ETH and Solana, compared to the same period last year,” he said.


Comparing January 2023 with the end of last month, the value of one bitcoin rose from $16,547 to $62,892, Ether from $1,197 to $3,453, and Solana from $10 to $147.


While in the first quarter of this year attackers exclusively hacked decentralized finance platforms, in the second quarter hackers shifted their focus and 70% of losses were traced back to centralized finance, security platform Web3 Immunefi recently said. reported.


The largest thefts so far this year involved centralized finance platforms DMM Bitcoin, which lost more than 4,500 bitcoins, then worth $305 million, and BtcTurk, which lost $55 million. Those two thefts alone account for nearly two-thirds of the total cryptocurrency theft losses so far this year, Immunefi said.


It is not yet clear how the hackers stole DMM Bitcoin’s bitcoins. “Potential vectors include stolen private keys or address poisoning, a tactic in which attackers send small amounts of cryptocurrency to the victim’s wallet to create false transaction histories, potentially confusing users and tricking them into sending funds to the wrong address in future transactions,” TRM Labs reported.


The theft of private keys or seed phrases is largely due to information-stealing malware, or info stealers, experts say. Such malware, including RedLine, LokiBot, Mars, and Aurora, among many others, is designed to steal session cookies and saved passwords from browsers, which can be used to bypass multifactor authentication checks and access crypto wallets. Some info stealer criminals use this stolen information to launch their own crypto heists. Others sell it as “log” data on a number of Thriving cybercrime markets so that others can purchase and use it.


For cryptocurrency enthusiasts, a defensive imperative remains not only to have defenses that can block information thieves, but also to remain vigilant against scam attempts, including phishing attacks, experts say.


TRM Labs said this year’s surge in attacks is a reminder to crypto platforms that they must employ multi-layered defenses, “such as regular security audits, robust cryptography, multi-signature wallets, and secure coding practices,” educate employees on security, and regularly prepare and execute their incident response plans, “including potentially offering bounties for the return of stolen funds” (see: Crypto Hacking Roundup: Thieves Steal $45M; Hacker Returns $71M).



Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version