Over the past decade, cryptocurrencies have been a disruptive force in economics and business. Its popularity has soared due to its ability to conduct transactions anonymously and the potential for huge investment returns, but it is not without its problems.
The crypto market has allowed cybercrime to flourish as fraudsters take advantage of weak security and a lack of government regulation.
Some of the world's largest platforms, such as Ethereum and Bitcoin, have been implicated in cryptocurrency scams, with fraudsters using a variety of techniques to steal $3.8 billion worth of cryptocurrencies in 2022 alone.
In this article, we’ll learn more about cryptocurrency theft statistics, explain how thefts occur, look at the biggest heists of all time, and provide some tips for protecting users as they navigate the world of cryptocurrency.
Cryptocurrency theft is the illegal acquisition or use of cryptocurrency held by others. This can be done by hacking into a person's digital wallet, tricking them into revealing their credentials, or tricking them into making fraudulent transactions.
1. One of the most common cryptocurrency hacks occurs when scammers use keyloggers to infect other people's devices. This is a type of malware that captures information as you type and provides hackers with information about the target account, such as passwords or private keys.
2. Another common cryptocurrency theft technique is phishing. This is a form of social engineering where scammers manipulate someone into downloading a malicious file or sharing sensitive information. Phishing attacks work because scammers impersonate trustworthy organizations or individuals to make their requests appear legitimate. For example, a scammer might send an email that appears to be from a cryptocurrency exchange asking the user to log into their account. However, if users click on the attached link, they will be redirected to a website controlled by the scammers with the goal of stealing their credentials.
The methods used by cybercriminals to steal cryptocurrency are well known. However, despite growing public awareness of online fraud, crypto platforms still present multiple risks that make them vulnerable to cybercrime.
1) Vulnerabilities in digital wallets. Just like a wallet you might keep in your pocket, a digital wallet is where you store your cryptocurrency. However, instead of coins and banknotes, cryptocurrencies are stored as digital files with bits of data representing the monetary value. Ownership of this data is recorded on the blockchain, but tracking the movement of these assets can be difficult, just as it can be difficult to know where your physical cash comes from. This means that if anyone discovers that criminal hackers have stolen something from their digital wallet, there is nothing they can do.
2) Decentralized cryptocurrency exchange. According to its supporters, one of the main advantages of cryptocurrencies is that the system is decentralized. This means that it runs on a distributed network of computers with no single owner, unlike traditional banks that are managed by a central authority and its intermediaries. Decentralized systems can increase privacy, transparency, and censorship resistance, but mean that if something goes wrong, no one can be held accountable. This creates a lot of problems. For example, there is no authority to resolve disputes or negotiate conflicts between users, which may make it difficult for users to resolve disputed transactions or identity theft.
Another issue is that users are responsible for their own security practices. If you are a victim of fraud, the bank may be able to get your money back, but crypto platforms have no such obligation.
3) Government regulations. Since cryptocurrency platforms are not regulated by a central authority, they are subject to less government regulation. While this is seen as a positive by some, it also means there are not as many rules to protect systems from unauthorized access or protect users in the event of a security breach. For example, a cryptocurrency platform may have less stringent password management, two-factor authentication, and data encryption systems than a bank. They may also lack anti-fraud strategies, physical security measures and know-your-customer (KYC) processes.
1. Cybercriminals stole a record $3.8 billion in cryptocurrency in 2022, according to a report from blockchain analytics firm Chainalysis. This was a 15% increase from the previous year ($3.3 billion).
2. According to CNBC, the value of Bitcoin has fallen by more than 60% in 2022, and 60% of Americans surveyed now consider investing in digital currencies to be "high risk," up from 45% the previous year.
3. According to a study by Comparitech, 198 cryptocurrency thefts were reported in 2022. That’s a 45% increase compared to 2021 (136).
4. North Korean hackers are responsible for most cryptocurrency thefts, with criminals linked to the country stealing an estimated $1.7 billion in cryptocurrency in 2022.
5. There were 57 cryptocurrency thefts in the first quarter of 2023. At this rate, a record 228 accidents could occur this year.
6. October 2022 was “the worst month in history for cryptocurrency hacking,” with 32 attacks and more than $775 million in losses.
7. In November 2022, the cryptocurrency exchange FTX went bankrupt, triggering a wave of crypto crimes. Its users fell victim to chargeback scams, $415 million worth of cryptocurrency was stolen in a series of cyberattacks, and a further $3.1 billion disappeared from the market.
8. Three of the five largest cryptocurrency thefts of all time occurred on trading platforms. The largest of these was the cyberattack on Binance, which resulted in the theft of $570 million.
9. DeFi protocols are the most common targets for cryptocurrency hackers in 2021 and 2022. In 2022, such attacks accounted for 82.1% of all attacks, up from 73.3% the previous year.
10. The top ten cryptocurrency scams of 2022 are all fake investment opportunities. The most successful of these is Hyperverse, with apparent sales of nearly $1.3 billion.
#nonbank
Compared to other forms of cybercrime, cryptocurrency theft can bring huge financial gains to hackers. Here are five of the biggest cryptocurrency heists of all time (from lowest to highest):
❌ Mt. Gox ($470 million stolen)
In February 2014, Mt. Gox, one of the world's largest Bitcoin exchanges, suffered a cyberattack, resulting in the exchange losing 100,000 Bitcoins and customers losing 750,000 Bitcoins. The stolen Bitcoins were worth $470 million at the time, but today they are worth about $4.7 billion.
Mt. Gox went into liquidation shortly after the hack, and liquidators recovered approximately 200,000 stolen Bitcoins. This is the first large-scale hack of an exchange and the largest Bitcoin theft.
❌ Coincheck ($534 million stolen)
In January 2018, criminal hackers stole 500 million NEM tokens, worth as much as US dollars, from Bitcoin wallet and trading platform Coincheck. The Japan-based company said its security systems were robust but declined to say how the attack occurred.
Reports later emerged speculating that attackers had used malware to capture the private keys to Coincheck hot wallets. The thieves then created their own website to sell NEM tokens in exchange for Bitcoin and other cryptocurrencies at a 15% discount. As a result, the NEM exchange rate fell sharply, and Coincheck was forced to suspend operations and compensate customers for their lost funds.
❌ Binance ($570 million stolen)
In October 2022, criminal hackers stole 2 billion BNB tokens worth $570 million from the Binance cross-chain bridge. It is a technology that allows users to transfer cryptocurrencies and other digital assets between different blockchain networks. However, the scammers managed to break the agreement and steal the funds for themselves. After discovering the vulnerability, Binance froze some of its tokens, but assets worth about $110 million can no longer be recovered.
❌ Poly Network ($610 million)
In August 2021, a criminal hacker exploited a vulnerability in Poly Network to steal $610 million in various cryptocurrencies. Unable to refund affected customers, the Poly Network community, which provides blockchain interoperability protocols, took to Twitter to call on anonymous criminals to return the stolen funds. Surprisingly, this works. The con man admitted he was not interested in money and that he carried out the attack for "ideological reasons". He later divided the tokens into portions and returned almost all of them. As a token of its gratitude, Poly Network dropped charges against the attacker, guaranteed his anonymity, offered him a $500,000 bounty, and invited him to serve as the organization's chief security advisor.
❌ Ronin Network ($620 million stolen)
In March 2022, Ronin Network announced that it had fallen victim to a social engineering scam in which a senior engineer downloaded a PDF file containing spyware. This allowed the attackers to take control of the network's four private verification keys, allowing them to steal over 173,000 Ethereum (worth $595 million at the time) and $25.5 million from bank accounts. Ronin Network, the blockchain platform developed by Sky Mavis for the online game Axie Infinity, said its DAO verification node was compromised and funds were withdrawn in two transactions.
The U.S. Treasury Department later blamed North Korea's Lazarus Group for the attack. Meanwhile, the Ronin Network relaunched three months later and began compensating those affected.
While the largest cryptocurrency thefts of all time targeted large organizations, some of the greatest security risks related to cryptocurrencies affect individuals and small businesses. No one using cryptocurrency is safe from scams. Many platforms have strengthened their security protocols in recent years, but one of the most important steps is implementing a KYC (Know Your Customer) and AML (Anti-money laundering) processes.
KYC (Know Your Customer) is a regulatory requirement for financial institutions such as banks and brokerage firms to verify customer identities. It is an important part of AML (Anti-Money Laundering) – a set of measures and procedures designed to detect and/or prevent the use of the Service for money laundering activities, and efforts aimed at preventing abuse of the financial system and fraud.
Cryptocurrency exchanges and platforms can reduce the risk of cybercrime by implementing KYC and AML procedures to ensure users’ true identities, keep the assets safe and protect them from fraudsters and/or fraudulent activity.
Nonbank is a community-driven digital wallet with a user-friendly interface and useful features, that also provides reliable security measures such as AML watchtower.
Nonbank’s AML watchtower uses a combination of advanced algorithms and machine learning technology to monitor transactions and identify suspicious activity. Nonbank takes anti-money laundering very seriously and has strict policies and procedures in place to ensure that all transactions comply with anti-money laundering regulations.
By using the AML watchtower feature, Nonbank can protect its customers by preventing criminals from using the platform to launder money. This helps ensure that Nonbank remains a safe platform for all users.
