Cryptocurrency Fraud
,
Cybercrime
,
Cybercrime as-a-service
Private Key and Seed Phrase Compromise Remains Top Attack Vector, TRM Labs Reports
Heists perpetrated by cryptocurrency-targeting hackers netted twice as much in stolen proceeds in the first half of 2024 as they did in the first half of 2023.
See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing
Blockchain intelligence platform TRM Labs says in a new report that in the first six months of this year, hackers stole $1.4 billion in crypto, compared to $657 million in the same timeframe last year.
In addition, “more money was stolen during each of the first six months of 2024 than in the corresponding months in 2023,” TRM Labs said, adding that in the same timeframe, the median value of cryptocurrency stolen in any single attack also rose by 150%.
This year, “similar to 2023, a small number of large attacks made up the lion’s share of the haul: the top five hacks and exploits accounted for 70% of the total amount stolen so far this year,” it said. “Private key and seed phrase compromises remain a top attack vector in 2024, alongside smart contract exploits and flash loan attacks.”
Despite that rise, “thefts from hacks and exploits are a third below the same period in 2022, which remains a record year,” it said.
From the early days of Bitcoin, experts have often reported seeing the volume of hack attacks – and quantity of stolen cryptocurrency – directly correlate with the rise or fall in crypto’s value. When crypto grows more valuable, many attackers shift to targeting it, and that goes now not just for Bitcoin but a variety of other tokens too.
Over the past year, that appears to be precisely what’s happened, thanks to the value of various types of digital coins, including Ether – aka ETH – rising, Ari Redbord, global head of policy at TRM Labs, told Reuters. “While we have not seen any fundamental changes in the security of the cryptocurrency ecosystem, we have seen a significant increase in the value of various tokens – from bitcoin to ETH and Solana – compared to the same time last year,” he said.
Comparing January 2023 to the end of last month, the value of a Bitcoin rose from $16,547 to $62,892, Ether from $1,197 to $3,453 and Solana from $10 to $147.
While attackers solely hacked decentralized finance platforms in the first quarter of this year, in the second quarter hackers shifted their focus, with 70% of losses tracing to centralized finance, web3 security platform Immunefi recently reported.
The biggest single thefts this year so far involved centralized finance platforms DMM Bitcoin, which lost more than 4,500 bitcoins – then worth $305 million – and BtcTurk, which lost $55 million. These two thefts alone constitute nearly two-thirds of total crypto heist losses so far this year, Immunefi said.
How hackers stole DMM Bitcoin’s Bitcoin remains unclear. “Potential vectors include stolen private keys or address poisoning – a tactic wherein attackers send tiny amounts of cryptocurrency to a victim’s wallet to create fake transaction histories, potentially confusing users into sending funds to the wrong address in future transactions,” TRM Labs reported.
The theft of private keys or seed phrases traces in no small part to information-stealing malware, or info stealers, experts say. Such malware – including RedLine, LokiBot, Mars and Aurora, among many others – is built to steal session cookies and saved passwords from browsers, which can be used to evade multifactor authentication controls as well as access crypto wallets. Some criminals who wield info stealers use this stolen information to launch their own crypto heists. Others sell it as “log” data on a number of thriving cybercrime markets for others to buy and use.
For cryptocurrency aficionados, one defensive imperative remains not only having defenses in place to block info stealers, but also staying vigilant against attempted scams, including phishing attacks, experts say.
For crypto platforms, TRM Labs said this year’s surge in attacks is a reminder that they need to employ multi-layered defenses, “such as regular security audits, robust encryption, multi-signature wallets and secure coding practices,” educate employees about security, as well as prepare and regularly practice their incident response plans, “including potentially offering bounties for the return of stolen funds” (see: Cryptohack Roundup: Thieves Steal $45M; Hacker Returns $71M).