Hackers stole a record $3.8 billion worth of cryptocurrency globally last year, led by thieves tied to North Korea, according to a blockchain analytics firm that tracks cybercrime.
Researchers at Chainalysis called 2022 “the biggest year ever for crypto hacking” in a report published last week. Thefts rose from $3.3 billion stolen in 2021, the firm reported. Separately, a confidential United Nations report found that North Korea stole more cryptocurrency assets last year than in any other year, Reuters reported on Monday.
During the coronavirus pandemic, U.S. investors poured millions into bitcoin, ether, dogecoin and other popular tokens in hopes of generating a fortune. But some investors instead suffered losses due to hackers, with their digital wallets plundered on platforms with poor cybersecurity.
North Korean cybercriminals “shattered their own yearly record for most cryptocurrency stolen” and tallied $1.7 billion in thefts in 2022, the Chainalysis report said.
Given that North Korea’s total exports in 2020 totaled $142 million, “it isn’t a stretch to say that cryptocurrency hacking is a sizable chunk of the nation’s economy,” the researchers added.
As more investors lost money in crypto, U.S. lawmakers have reignited their calls to regulate the crypto industry. Scrutiny of the sector grew even more intense in November when FTX Trading, the third largest crypto platform, suddenly collapsed and declared bankruptcy.
The number of crypto hacks “ebbed and flowed” in 2022 with big spikes in March and October, Chainalysis said. October was “the biggest single month ever for cryptocurrency hacking” with 32 attacks totaling $775.7 million lost, according to the report.
Hackers have focused their activities on decentralized finance, or DeFi, platforms, which were tied to 82% of stolen funds last year, Chainalysis said. Criminals typically strike when crypto investors are using a so-called “cross-chain bridge” to transfer funds from one blockchain to another.
The biggest hack from October took place when someone looted $586 million in crypto from a cross-chain bridge owned by Binance. The company acknowleged the hack and said its security officers “were able to minimize the loss.”
Bad actors can exploit DeFi platforms because some crypto companies haven’t prioritized security, said David Schwed, the chief operating officer at blockchain security firm Halborn.
“A big protocol should have 10 to 15 people on the security team, each with a specific area of expertise,” Schwed said in Chainalysis’ report. “The DeFi community generally isn’t demanding better security — they want to go to protocols with high yields. But those incentives lead to trouble down the road.”