Last year was a record-breaker for crypto crime, with $3.8 billion stolen in hacks, the vast majority to DeFi protocols. North Korean hackers targeting bridge protocols led the way.
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
Crypto hackers stole a record $3.8 billion in 2022, with the vast majority of it coming from DeFi protocols.
Decentralized finance projects, and especially cross-chain bridges, were by far the biggest victims — accounting for about 82% of that, or $3.1 billion, according to Chainalysis' 2023 Crypto Crime Report.
That is part of a trend that began in 2021 but intensified last year, the report from the blockchain intelligence firm said.
The North Korean Connection
Within DeFi, North Korean government-sponsored hackers like the Lazarus Group were by far the biggest problem, the report said.
"In 2022, they shattered their own records for theft, stealing an estimated $1.7 billion worth of cryptocurrency," Chainalysis said. That was nearly four times the $429 million North Korean hackers stole in 2021. It added:
"For context, North Korea's total exports in 2020 totalled $142 million worth of goods, so it isn't a stretch to say that cryptocurrency hacking is a sizable chunk of the nation's economy. Most experts agree the North Korean government is using these stolen to fund its nuclear weapons programs."
That had the almost immediate effect of gutting its transaction volume, which in turn made it less effective, Chainalysis said.
Other mixers, notably Sinbad, have picked up the slack, Chainalysis said.
North Korean hackers prefer mixers far more than other hackers. And while both also use decentralized exchanges, private hackers also use lending contracts and centralized exchanges to turn the often-obscure tokens stolen into more liquid tokens like Ether, it added.
A Bridge Too Far
The most popular target of hackers — North Korean and otherwise — was cross-chain bridges, which accounted for almost two-thirds of the $3.1 billion stolen from DeFi protocols.
These bridges are an increasingly important part of the DeFi world, allowing users to transfer funds from one blockchain to another without the cost and hassle of trading tokens on an exchange. Instead, one type of token is locked into a smart contract as collateral, minting "wrapped" versions of the second token, which can be used on that blockchain. Those can then be returned and burned to unlock the collateral. Chainalysis said:
"Bridges are an attractive target for hackers because the smart contracts in effect become huge, centralized repositories of funds backing the assets that have been bridged to the new chain — a more desirable honeypot could scarcely be imagined. If a bridge gets big enough, any error in its underlying smart contract code or other potential weak spot is almost sure to eventually be found and exploited by bad actors."
Make DeFi Safer
With DeFi projects' code viewable by anyone and all transactions recorded on public blockchains, transparency makes DeFi "one of the fastest-growing, most compelling areas of the cryptocurrency ecosystem," Chainalysis said, adding:
"That's especially attractive now in 2023, as many of the crypto market blowups of the past year were due to a lack of transparency into the actions and risk profiles of centralized cryptocurrency businesses. But that same transparency is also what makes DeFi so vulnerable — hackers can scan DeFi code for vulnerabilities and strike at the perfect time to maximize their theft."
One obvious solution is for DeFi developers to spend more time and money on security, Chainalysis said, noting that many projects focus on growth above all else.
Any DeFi protocol should undergo third-party audits by companies like blockchain cybersecurity firm Halborn, Chainalysis said, noting that no protocol passing one of its audits has ever been hacked.
Large DeFi protocols "should have 10 to 15 people on the security team, each with a specific area of expertise," Halborn COO David Schwed told Chainalysis. "The DeFi community generally isn't demanding better security — they want to go to protocols with high yields. But those incentives lead to trouble down the road."
Regulators should set minimum security standards for DeFi projects, he said.
Other solutions Schwed suggested are simulated attack tests, monitoring transactions in the mempool before they are validated onto the blockchain, and adding circuit breakers to pause transactions and the blockchain in the event of a suspicious transaction.
"While North Korea-linked hackers are undoubtedly sophisticated and represent a significant threat to the cryptocurrency ecosystem, law enforcement and national security agencies' ability to fight back is growing… When every transaction is recorded in a public ledger, it means that law enforcement always has a trail to follow, even years after the fact, which is invaluable as investigative techniques improve over time."