Black Hat hackers are actively exploiting the cryptocurrency industry and its vulnerabilities. In the second quarter of 2022, the total loss of crypto projects due to hacks and fraud amounted to $670,698,280.
According to a report by bounty platform Immunefi, this amount is 1.5 times higher than that of the same period last year. The decentralized finance sector was the most affected. 49 out of 50 projects investigated belonged to this sector. The top 10 companies that suffered the greatest losses include:
Harmony Horizon $100,000,000
Mirror Protocol $90,000,000
Fei Protocol $80,340,000
Fantom Scream $35,000,000
Optimism * $35,000,000
Deus Finance $13,400,000
Elephant Money $11,200,000
Criminals usually exploit vulnerabilities in protocols and corporate systems to get crypto assets. After finding the vulnerability, the hackers use cryptojacking malware to steal passwords and other data that would allow them to transfer money.
Sometimes it is possible to steal assets just by using the internal vulnerability in the company's protocol. This happened in 2017 with Parity's Ethereum wallet. The hack resulted in the company losing about 153,000 ETH ($30,000,000).
Whenever criminals target individual cryptocurrency users, they usually turn to social engineering and phishing. According to the Phishing Activity Trends report, the number of phishing attacks has been steadily increasing. In Q1 2022, the number of attacks exceeded 1 million. In general, there are between 68,000 and 94,000 attacks happening monthly. The most widespread techniques include:
Identity impersonation fraud via social media.
Dark web threats, such as credit card fraud.
Business Email Compromise (BEC) attacks.
Hybrid Phishing Attacks.