In an excerpt from its upcoming ‘2020 Crypto Crime Report,’ Chainalysis addressed cases of cryptocurrency exchange hacks over the years, while tracking where the funds went after they’re stolen. The report also addresses the perpetual war between crime and law enforcement.
In 2017, four exchanges were hacked, amounting to $86 million in stolen funds for the year. Despite 2018 only seeing a 50% increase in the number of exchanges hacked, the amount stolen was ten times more, with $875.5 million stolen from 6 exchanges. 2019 saw eleven attacks on exchanges. However, malicious actors were only able to siphon $282.6 million, a development that displayed a marked improvement in exchange security. Chainalysis noted, however, that they did not include exit scams or users exploiting exchange errors in this calculation.
“Under these constraints, nearly all of the hacks we didn’t include were on smaller exchanges for relatively low amounts of cryptocurrency. Our estimates of the total amount in exchange hacks are therefore likely a lower boundary, but one we believe isn’t far off from the actual total.”
The average, as well as the median amount stolen per hack, fell substantially last year, after seeing a steady rise over the three years which preceded it. Further, just 54% of the hacks observed in 2019 were reported to have stolen more than $10 million. And, while the number of individual hacks have risen, “the data indicates that exchanges have gotten better at limiting the damage any one hacker can do.”
The report also pointed out that stolen funds are increasingly being sent to exchanges and a rising number of them are being sent through a CoinJoin service of some sort. However, it also mentioned that a substantial portion of funds sit unspent, sometimes for years at a time, something that could improve the chances of law enforcement seizing the stolen funds.
Chainalysis also showed that hackers have responded to rising exchange security and have become more sophisticated in their methods of carrying out hacks and laundering the stolen funds thereafter. The report subsequently spoke about the Lazarus Group — an infamous cybercriminal syndicate linked to the North Korean government, believed to be responsible for the 2014 Sony hack, as well as 2017’s WannaCry ransomware attacks. According to Chainalysis, the Lazarus Group has made some significant changes to their hacking and laundering strategies.
“In an exchange attack this past year, Lazarus took [relying on social engineering to attack exchanges] a step further and executed one of the most elaborate phishing schemes we’ve seen to gain access to users’ funds.”
The report added,
“Exchanges have raised the bar on anti-hacking security in the last few years, but the subsequent advancements of groups like Lazarus show that they can’t afford to rest on their laurels.”
Further, the report said that exchanges have a responsibility to make sure criminals aren’t using their platform to cash out stolen funds from other hacked exchanges, suggesting that they “treat large deposits — or high volumes of small deposits in a short amount of time — from mixers or CoinJoin wallets with increased suspicion.”