DeFi Has Become Crypto Crime’s Main Arena, Crystal Blockchain Says
More than $14.5 billion in crypto has been lost to hacks and scams since 2011, and DeFi is attackers’ new favorite target, analytics firm Crystal Blockchain says.
In the past 11 years there have been 167 hacks of decentralized finance (DeFi) protocols and 123 security breaches on centralized exchanges, according to Crystal’s new report. While breaching centralized platforms accounted for over $3.2 billion in crypto stolen, more than $4 billion were funneled out of exploited DeFi projects. The remaining billions were lost to scammers.
Since 2021, hackers’ attention shifted notably toward decentralized protocols. This year, decentralized projects have been hacked 20 times more often than centralized ones, the report says, and funds stolen from the top 10 DeFi attacks exceeded $2.5 billion.
The main reason for the acceleration of attacks on DeFi projects is the sector’s growth, Nick Smart, Crystal’s director of blockchain intelligence and data told CoinDesk. While projects are rushing to market with insufficient testing, centralized exchanges are improving their security, he said, bowing to user demand and heightened attention from regulators.
“There is a saying that nothing is unhackable, all you need is enough time, talent and creativity and you’ll get there,” he said. “And some illegal hacking groups, like nation-state backed ones such as North Koreas’ Lazarus, are very effective and very focused on exploiting such opportunities.”
“The most popular method of crypto-theft until 2021 was the infiltration of crypto-exchange security systems – currently the tendency has moved to DeFi hacks,” the report says. “CEX hacks are currently causing the least amount of financial damage.” The largest ever hack of a centralized exchange, or CEX, is the 2018 Coincheck breach in which $535 million of NEM tokens were stolen.
The largest DeFi attack was March’s Ronin Network hack, when over $650 million worth of crypto were funneled from the popular Axie Infinity NFT game and laundered through the Tornado Cash mixer. The service received around 350,000 ETH in the first half of 2022, which is more than half of all ETH that ever went through Tornado Cash, according to Crystal.
Read more: Ronin Attack Shows Cross-Chain Crypto Is a ‘Bridge’ Too Far
In addition to hacks, the crypto market has seen some 74 fraudulent schemes blow up since 2011, leading to more than $7.3 billion going to scammers, according to the report.
Another surging kind of crypto crime are the so-called rug pulls, in which a project’s founders either run away with users’ money or dump the token they created on the community. Rug pulls became the most popular kind of fraud in 2022, Crystal said. Out of 36 cases of fraud, 34 were associated with rug pulls, mostly on Binance Smart Chain (BSC), a blockchain network run by the major global centralized exchange, Binance. 23 rug pulls out of 34 happened on BSC, Crystal said.
But in dollar terms, the most money has been stolen on the Ethereum blockchain – probably because it’s the most popular DeFi platform overall. It’s followed by Solana, Binance Smart Chain, Fantom and Polygon Blockchain, Crystal said.
On Ethereum, $31 million worth of crypto had been stolen through scams and rug pulls, along with $26 million on Binance Smart Chain, $10 million on Solana and $2 million on Fantom Blockchain.