Cryptocurrency Theft Haul Surges Alongside Crypto Value

Private Key and Seed Phrase Compromise Remains Top Attack Vector, TRM Labs Reports
Cryptocurrency Theft Haul Surges Alongside Crypto Value
Image: Shutterstock

Heists perpetrated by hackers who target cryptocurrency netted twice as much in stolen proceeds in the first half of 2024 as they did in the first half of 2023.

See Also: The Need for a New Integrated GRC Architecture

Blockchain intelligence platform TRM Labs said in a new report that in the first six months of this year, hackers stole $1.4 billion in crypto, compared to $657 million in the same time frame last year.

Also, "more money was stolen during each of the first six months of 2024 than in the corresponding months in 2023," TRM Labs said, adding that in the same time frame, the median value of cryptocurrency stolen in any single attack rose by 150%.

This year, "similar to 2023, a small number of large attacks made up the lion's share of the haul: the top five hacks and exploits accounted for 70% of the total amount stolen so far this year," it said. "Private key and seed phrase compromises remain a top attack vector in 2024, alongside smart contract exploits and flash loan attacks."

Despite that rise, "thefts from hacks and exploits are a third below the same period in 2022, which remains a record year," it said.

From the early days of bitcoin, experts have often reported seeing the volume of hack attacks - and quantity of stolen cryptocurrency - directly correlate with the rise or fall in crypto's value. When crypto grows more valuable, many attackers shift to targeting it, and that it true now not just for bitcoin but for a variety of other tokens too.

Over the past year, that appears to be precisely what's happened, thanks to the value of various types of digital coins, including Ether - aka ETH - rising, Ari Redbord, global head of policy at TRM Labs, told Reuters. "While we have not seen any fundamental changes in the security of the cryptocurrency ecosystem, we have seen a significant increase in the value of various tokens - from bitcoin to ETH and Solana - compared to the same time last year," he said.

Comparing January 2023 to the end of last month, the value of a bitcoin rose from $16,547 to $62,892, Ether from $1,197 to $3,453 and Solana from $10 to $147.

While attackers solely hacked decentralized finance platforms in the first quarter of this year, in the second quarter hackers shifted their focus, and 70% of losses traced to centralized finance, Web3 security platform Immunefi recently reported.

The biggest single thefts this year so far involved centralized finance platforms DMM Bitcoin, which lost more than 4,500 bitcoins - then worth $305 million - and BtcTurk, which lost $55 million. These two thefts alone constitute nearly two-thirds of total crypto heist losses so far this year, Immunefi said.

How hackers stole DMM Bitcoin's bitcoin remains unclear. "Potential vectors include stolen private keys or address poisoning - a tactic wherein attackers send tiny amounts of cryptocurrency to a victim's wallet to create fake transaction histories, potentially confusing users into sending funds to the wrong address in future transactions," TRM Labs reported.

The theft of private keys or seed phrases traces in no small part to information-stealing malware, or info stealers, experts say. Such malware - including RedLine, LokiBot, Mars and Aurora, among many others - is built to steal session cookies and saved passwords from browsers, which can be used to evade multifactor authentication controls as well as access crypto wallets. Some criminals who wield info stealers use this stolen information to launch their own crypto heists. Others sell it as "log" data on a number of thriving cybercrime markets for others to buy and use.

For cryptocurrency aficionados, one defensive imperative remains not only having defenses in place to block info stealers, but also staying vigilant against attempted scams, including phishing attacks, experts say.

TRM Labs said this year's surge in attacks is a reminder to crypto platforms that they need to employ multilayered defenses, "such as regular security audits, robust encryption, multi-signature wallets and secure coding practices," educate employees about security, as well as prepare and regularly practice their incident response plans, "including potentially offering bounties for the return of stolen funds" (see: Cryptohack Roundup: Thieves Steal $45M; Hacker Returns $71M).

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.