Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Hacks of DeFi platforms have reached a new level, exceeding all expectations.
The rise in popularity of Web3 has opened up new opportunities for cybercriminals, especially in the decentralized finance (DeFi) space, where the scale of theft has surpassed traditional bank robberies.
According to Mandiant, hundreds of attacks on Web3 services have been recorded since 2020, resulting in the theft of more than $12 billion in digital assets. One of the largest cases was the attack on the Sky Mavis Ronin blockchain in 2022, when hackers from North Korea stole about $625 million.
Cyberattacks on cryptocurrency exchanges are becoming a frequent occurrence. One of the first major cases occurred in 2014, when the Mt. Gox exchange lost about $350 million in bitcoin. In May 2024, the Japanese exchange DMM Bitcoin was also attacked, which resulted in the theft of more than $300 million.
Growth of cryptocurrency crimes from 2016 to 2023
Mandiant's research shows that attacks on crypto exchanges usually start with social engineering. Hackers often use fake job offers to infect employees' devices with malware. One example includes North Korean attackers who used the LinkedIn platform to send malicious files disguised as programming tests. Such attacks allow hackers to penetrate companies' networks, steal cryptocurrency wallet data, and steal assets.
North Korean hackers do not limit themselves to social engineering. In 2023, they carried out attacks on the JumpCloud and 3CX supply chains to gain access to crypto services through customers of these companies. The attackers used malware to crack passwords, conduct internal intelligence, and obtain hot wallet keys, which allowed them to steal more than $100 million.
Theft through smart contracts is also becoming a frequent occurrence in Web3. Contracts running on blockchains are open and verifiable, making them vulnerable to attacks. Hackers can exploit bugs in the code to steal assets. In July 2023, an attack on the Curve Finance platform stole $61 million through a vulnerability in the Vyper programming language.
Another common attack method is flash loans, which are attacks where attackers manipulate cryptocurrency prices through loans that must be repaid in a single transaction. One of the largest such incidents occurred in March 2023, when the Euler Finance protocol lost about $197 million.
In addition, attacks on the governance systems of decentralized autonomous organizations (DAOs) are becoming more common. In May 2023, the Tornado Cash crypto mixer was attacked by the voting system, which allowed the attackers to seize control of the project and withdraw 10,000 TORN tokens.
With the growth of Web3 companies, it is becoming apparent that cyberattacks will become more frequent. To protect digital assets, companies must review their security strategies and use advanced solutions to monitor and prevent attacks.
Source
The rise in popularity of Web3 has opened up new opportunities for cybercriminals, especially in the decentralized finance (DeFi) space, where the scale of theft has surpassed traditional bank robberies.
According to Mandiant, hundreds of attacks on Web3 services have been recorded since 2020, resulting in the theft of more than $12 billion in digital assets. One of the largest cases was the attack on the Sky Mavis Ronin blockchain in 2022, when hackers from North Korea stole about $625 million.
Cyberattacks on cryptocurrency exchanges are becoming a frequent occurrence. One of the first major cases occurred in 2014, when the Mt. Gox exchange lost about $350 million in bitcoin. In May 2024, the Japanese exchange DMM Bitcoin was also attacked, which resulted in the theft of more than $300 million.
Growth of cryptocurrency crimes from 2016 to 2023
Mandiant's research shows that attacks on crypto exchanges usually start with social engineering. Hackers often use fake job offers to infect employees' devices with malware. One example includes North Korean attackers who used the LinkedIn platform to send malicious files disguised as programming tests. Such attacks allow hackers to penetrate companies' networks, steal cryptocurrency wallet data, and steal assets.
North Korean hackers do not limit themselves to social engineering. In 2023, they carried out attacks on the JumpCloud and 3CX supply chains to gain access to crypto services through customers of these companies. The attackers used malware to crack passwords, conduct internal intelligence, and obtain hot wallet keys, which allowed them to steal more than $100 million.
Theft through smart contracts is also becoming a frequent occurrence in Web3. Contracts running on blockchains are open and verifiable, making them vulnerable to attacks. Hackers can exploit bugs in the code to steal assets. In July 2023, an attack on the Curve Finance platform stole $61 million through a vulnerability in the Vyper programming language.
Another common attack method is flash loans, which are attacks where attackers manipulate cryptocurrency prices through loans that must be repaid in a single transaction. One of the largest such incidents occurred in March 2023, when the Euler Finance protocol lost about $197 million.
In addition, attacks on the governance systems of decentralized autonomous organizations (DAOs) are becoming more common. In May 2023, the Tornado Cash crypto mixer was attacked by the voting system, which allowed the attackers to seize control of the project and withdraw 10,000 TORN tokens.
With the growth of Web3 companies, it is becoming apparent that cyberattacks will become more frequent. To protect digital assets, companies must review their security strategies and use advanced solutions to monitor and prevent attacks.
Source
