North Korean state-backed hackers and insecure decentralized finance (DeFi) protocols helped to make 2022 a record year for cryptocurrency heists, according to Chainalysis.
The blockchain analysis company teased the figures ahead of an upcoming annual crypto crime report.
A total of $3.8bn was stolen from cryptocurrency firms last year, 82% of which resulted from targeting of weaknesses in DeFi protocols. This was up from 73% the previous year.
North Korean hackers stole $1.7bn, the vast majority of which ($1.1bn) came from DeFi, and particularly the attack on Ronin Network in March, which was calculated at the time to have cost the firm $618m.
Chainalysis said cross-chain bridge protocols of the sort targeted in that attack accounted for the majority (64%) of DeFi protocol attacks.
“Cross-chain bridges are protocols that let users port their cryptocurrency from one blockchain to another, usually by locking the user’s assets into a smart contract on the original chain and then minting equivalent assets on the second chain,” it explained.
“Bridges are an attractive target for hackers because the smart contracts in effect become huge, centralized repositories of funds backing the assets that have been bridged to the new chain – a more desirable honeypot could scarcely be imagined. If a bridge gets big enough, any error in its underlying smart contract code or other potential weak spot is almost sure to eventually be found and exploited by bad actors.”
The smart contract code in DeFi is publicly viewable by default, which helps with transparency but also allows threat actors to scan for vulnerabilities, Chainalysis warned.
Code auditing conducted by third-party providers and a greater focus by developers on security rather than growth at all costs would help to mitigate risk, the report argued.
Chainalysis also claimed that North Korean hackers send large sums of stolen crypto to “mixers,” which blend the digital currencies of multiple users together to obfuscate their origins.
These de facto money laundering tools have caught the eye of regulators. However, when one mixer popular with North Korea (Tornado Cash) was sanctioned by the US in August 2022, threat actors simply moved to another; Sinbad.