VIENNA, Austria — The cryptocurrency sector has long been a roller-coaster ride for investors, with prices wildly fluctuating, thousands of crypto coins failing, and a major crypto exchange in FTX going under. On top of all this, the sector has also become a prime target for cyberattacks. Researchers from the Complexity Science Hub in Vienna and the University of Montreal have revealed that the global damage from these attacks has surged to at least $30 billion and is still on the rise!
One facet of the digital financial landscape facing the brunt of these attacks is Decentralized Finance (DeFi). DeFi represents a novel financial paradigm where financial services, such as lending, are provided through decentralized computer programs running on blockchains. Criminal activities in this space are well-documented. The absence of a central authority for handling criminal cases has made it challenging to ascertain the actual extent of the damage until now.
“Since there is no central point of contact for criminal cases, evidence-based statements about the total damage could not be made until now,” says Bernhard Haslhofer, head of the cryptofinance research group at the Complexity Science Hub, in a media release.
For the study, researchers undertook the task of compiling documented criminal incidents within the crypto sector from various databases. They identified a total of 1,155 criminal events that occurred between 2017 and 2022.
“But this doesn’t mean there couldn’t be more cases. Accordingly, all our results are minimum values,” notes Haslhofer.
The resulting total damage, a staggering $30 billion, is roughly equivalent to the revenue generated by Luxembourg in 2022.
“These 1,155 cases might not be the whole picture, but they constitute one of the most extensive set of events analyzed to date, which represents the first step towards assessing the size and scope of the DeFi crime landscape,” notes Catherine Carpentier-Desjardins of the University of Montreal.
The data also revealed an alarming trend of increasing criminal activity in this space. While only 16 cases were documented in 2017, this number surged to 308 in 2021 and reached 435 reported crimes in 2022.
“This entire ecosystem is still in its infancy. It’s highly complex, and currently, we have little understanding of how it works,” says Haslhofer. “Therefore, security in this area remains a problem.”
Researchers uncovered that in half of the attacks, the damage exceeded $356,000, with the smallest “hack” amounting to just $158, while the largest was a staggering $3.6 billion. This significant loss was associated with Africrypt, a centralized financial platform from South Africa. Centralized financial platforms (CeFi) act as a bridge between traditional finance and decentralized financial systems (DeFi). They are cryptocurrency trading exchanges that facilitate trading in both fiat and cryptocurrencies through a centralized management system.
“Whether Africrypt was hacked or the administrators left with the money does not matter much: what matters is that someone could leave with clients’ investments because the money was centrally managed, even if the investment was in cryptocurrency,” explains Masarah-Cynthia Paquet-Clouston from the University of Montreal.
Such events are frequent in the CeFi sector, and the resulting damages are substantial. Although researchers observed significantly more successful attacks in the DeFi sector, with 1,050 incidents, the damages in the CeFi sector were much higher.
“With only 105 documented crimes, the damages amounted to $20 billion, which is two-thirds of the total damage,” says Haslhofer.
In comparison, traditional financial sector platforms are closely monitored by regulatory authorities, reducing the likelihood of such incidents.
In addition to quantifying the extent of the damage, researchers examined the types of attacks and the technical levels at which they occurred. DeFi services were targeted in 52.4 percent of the cases, often exploiting technical vulnerabilities at the protocol level.
“Hence, it is essential for stakeholders to give top priority to safeguarding their contracts and protocol designs in order to reduce external vulnerabilities,” says Stefan Kitzler, researcher at Complexity Science Hub.
In 40.7 percent of the cases, DeFi was used to target users, involving manipulated cryptocurrencies with backdoors for criminals to withdraw funds.
Researchers concluded that understanding where these attacks are likely to occur is crucial for effective countermeasures. However, they noted that the DeFi sector’s complexity and the potential for market manipulation make it an attractive target for cybercriminals. Even with robust security measures, the sector is expected to remain vulnerable.
The study has also highlighted the challenge of tracking the money trail in the DeFi sector. To address this issue, the “DeFi Trace” project is underway at the Complexity Science Hub. The project aims to develop methods for automatically tracing illegal payment flows in the DeFi sector, ultimately curbing criminal activities.
The study is published in the journal arXiv.
You might also be interested in:
- Best Crypto Apps For Beginners: Top 5 Programs, According To Experts
- Crypto over cash? Half of Americans would take their paycheck in cryptocurrency
- Surrendering to scams? 71% think it’s pointless to report crimes of fraud
