The crypto theft problem is getting worse and worse

(Image credit: Lordowski / Shutterstock)

Almost as much cryptocurrency has been stolen this year as in the entirety of 2021, new analysis suggests.

According to blockchain market analysts at Chainalysis, thieves and fraudsters stole $3.2 billion in various cryptocurrencies last year. But in the first four months of 2022, $2.9 billion worth of crypto has already been stolen, with roughly one major theft occurring every week.

The volume of crypto heists has not necessarily changed, but attacks are becoming more devastating, in part due to the rising popularity of Decentralized Finance (DeFi) projects, and the amount of money being poured into these projects.

Targeting nascent projects

DeFi describes an ecosystem of financial applications that are built on the blockchain. They offer services similar to those available in traditional banks, but are underpinned by peer-to-peer systems. With DeFi, people can take out loans, or earn yield on their investments.

However, with many of these projects not yet fully tested and vetted, they are fast becoming a playground for cybercriminals and fraudsters.

The latest attack hit Beanstalk, an algorithmic stablecoin protocol built on Ethereum and launched in August. The fraudster managed to siphon out $182 million worth of digital assets.

Incidents such as this one emphasize the importance of vetting and code audits. Even projects that have had their code audited by third parties can still end up being abused.

> Cryptocurrency crime hit an all-time high in 2021

> Hackers are minting their own crypto to use in elaborate phishing scams

> This fake crypto exchange has swindled millions from its victims

Speaking to the Wall Street Journal, Max Galka, CEO of crypto forensics firm Elementus, said the hacker was following Beanstalk’s stated rules.

“Everything this guy did was consistent with the code,” Mr. Galka said.

However, the attacker managed to find a flaw in the code. With the help of a flash loan from a different DeFi service (a flash loan is similar to a “regular” loan, but the entire process happens almost instantaneously), he managed to buy enough of Beanstalk’s native governance token to earn absolute voting power.

With that power, he voted to withdraw all of the funds found on the protocol, and after returning the flash loan, got away with the difference. Whether or not the affected customers will be reimbursed, remains to be seen.

If crooks aren't looking for flaws in code, they're then trying to scam people into giving away their passwords, secret keys, and other credentials, or installing keyloggers or other malware. By assuming the identities of a trusted third party, they often try to trick people into believing they need to urgently address the issue, in order not to lose their funds.

Protect your digital assets with the best endpoint protection services right now

Via Wall Street Journal

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.