A lack of regulatory oversight and the pseudo-anonymous nature of crypto assets makes them a magnet for criminals. In addition to money laundering and illicit purchases, ransomware, scams, and hacks result in billions of dollars in annual losses.
For example, hackers attacked the Wormhole Bridge in 2022 by exploiting a weakness in the protocol’s validation system to generate over $300 million in wrapped Ethereum (wETH), convert it to Ethereum, and leave other protocol users less than whole.
According to the Chainalysis 2023 Crypto Crime Report, crypto-related crimes rose for a second consecutive year and hit an all-time high last year. Criminals extorted at least $457 million from ransomware and stole a record $3.8 billion by hacking protocols and exchanges.
Our article examines the most common crypto hacks and how to secure your assets.
How Crypto Gets Hacked
Crypto hacks involve attackers stealing crypto without your authorization. For example, they may steal your private keys to access your wallets and transfer your crypto assets or use an exploit to break into a protocol and steal funds from thousands of users.
The most common crypto attacks include the below:
-
Bridge Attacks – Cross-chain bridges transfer cryptocurrency between blockchains, making them essential for blockchain interoperability. When “wrapping” tokens, they “lock” the original as collateral, making them a big target for attackers. Most attacks expose private keys to raid these deposits or exploit other parts of the code to generate bogus wrapped tokens that attackers can then redeem. Trusted bridges rely on a centralized authority that may be susceptible to attack, while trustless bridges rely on smart contracts that may contain vulnerabilities in their code.
Example: In February 2022, a hacker took advantage of a vulnerability in the Wormhole bridge that let users move crypto and NFTs between blockchains. The vulnerability let them mint 120,000 wrapped ETH tokens and redeem them for ETH and altcoins.
-
Wallet Hacks – Wallets are software programs or hardware devices that enable you to access, manage, and move cryptocurrencies – and there are countless ways to hack them. For instance, a computer virus could enable an attacker to access a device with a hot wallet, and a clever phishing email or social engineering attack might convince you to transfer funds to the wrong address unknowingly. Some of the most common attacks involve stealing locally stored passphrases, harvesting private keys from keyloggers or other software, or using a man-in-the-middle attack to intercept communications between your wallet and a centralized server.
Example: In November 2022, FTX collapsed and hot wallets had their funds drained to the tune of $415 million. The exchange stored private keys in unencrypted wallets, which may have led an insider to steal them and run with the money.
-
Exchange Hacks – Many crypto users hold, buy, sell, and trade funds on centralized exchanges, making them a natural target for attackers. In addition to breaching exchanges, hackers may use exploits, phishing emails, or social engineering attacks to steal coins from your wallet and transfer them elsewhere. And, of course, unsavory exchanges themselves may disappear with your funds.
Example: In October 2022, Binance experienced a hack in the Binance Smart Chain. After finding a loophole in its cryptographic proof strategy, the attackers accessed more than $500 million worth of BNB tokens – and ultimately left with $100 million worth.
In addition to these hacks, hackers have developed several crypto scams to separate you from your assets. For instance, rug pulls occur when a developer hypes a product and then suddenly shuts it down, leaving with the funds. And plagiarized NFTs have become all too common on OpenSea and other marketplaces.
Storing Crypto in a Safer Place
Most purchase crypto through exchanges like Binance or Coinbase. When you make a deposit, these exchanges act as a custodian and hold crypto assets on your behalf. As a result, you’re trusting that the custodian keeps your assets safe and secure.
You can also hold crypto assets in your own wallet to avoid trusting a third party. For example, after purchasing a cryptocurrency on Coinbase, you can transfer it to your Coinbase Wallet. The wallet contains your private keys, so only you can transfer the assets.
There are four types of wallets:
- Hot Wallets – Hot wallets are internet-connected wallets that make it easy to transfer assets in and out, but they’re also more vulnerable to remote attackers.
- Cold Wallets – Cold wallets are offline wallets that make it harder for remote attackers to gain access but also make it harder to execute legitimate transfers.
- Software Wallets – Software wallets are mobile or desktop applications that introduce a risk of attack from viruses or bugs.
- Hardware Wallets – Hardware wallets are crypto-specific hardware devices that store crypto away from any smartphone or computer.
The best way to secure crypto assets is by storing them in a cold hardware wallet like Ledger. By holding assets on these devices, it’s impossible for attackers to remotely gain access or access it through a trojan or similar virus. Attackers would have to physically steal your hardware wallet and then crack your credentials to gain access.
But, of course, it’s not always practical to hold all your crypto assets in a cold hardware wallet. For example, you may be an active trader that needs to transfer or convert assets quickly. Or you may want to take advantage of decentralized finance (DeFi) protocols to earn income.
Choosing Reputable Services
Many crypto losses occur when a crypto exchange or protocol mismanages funds or experiences a hack. As a result, choosing a reputable partner is essential to secure your digital assets when using external services to hold or manage your assets.
DeFi protocols have become one of the most popular targets for hackers. Cross-chain bridges are the most frequent target because their smart contracts become massive, centralized repositories of funds backing the assets bridged to the new chain. So, when using cross-chain bridges or other DeFi protocols, assessing their security measures is essential.
Rather than relying on size and popularity as a proxy for security, you should evaluate each project’s level of security. For example, do they employ a third-party code auditing service to validate security? Do they have an in-house security team with enough expertise to avoid a devastating hack? Or do they have insurance if a hack does occur?
FTX’s collapse also underscored that not all losses stem from hacks – mismanaging funds is all too common in the industry. The biggest problems arise from commingling customer deposits with their trading, lending, or other activities. Then, when these activities experience losses, they do not have enough reserves to make customers whole.
Regulated exchanges with external auditors provide the most security by ensuring they follow the rules and possess the assets they claim. However, proof-of-reserve mechanisms are a more crypto-friendly way of achieving these goals. While they’re not quite as reliable as third-party audits (they don’t measure liabilities), they could continue to evolve and eventually become a valuable trust mechanism.
Common Sense & Psychology
Many crypto losses arise from simple mistakes that a little more caution and situational awareness would prevent.
Basic security measures can protect you from many crypto losses. Your crypto’s security is, by and large, on you to manage, and adhering to a few fundamental tips will prevent the bulk of crypto loss. For example:
- Use two-factor authentication when using crypto exchanges or wallets.
- Choose strong, unique passwords.
- Always keep your private keys private.
- Avoid storing the information in publicly viewable places (online or offline).
Crypto scams can result in significant losses if you’re not careful. For instance, impersonation scams cost the average victim nearly $6,000, while romance scams topped $15,000 per victim last year! You can avoid these scams by being aware of them and practicing the appropriate due diligence before transferring or investing in a new opportunity.
The Bottom Line
Consumers and investors lose billions of dollars annually to crypto crimes ranging from mismanaged exchanges to DeFi hacks. While some of these losses are difficult to avoid, you can prevent most of them with common sense and basic security precautions.
If you trade crypto assets, ZenLedger can help you organize everything for tax time. You can automatically import transactions from wallets and exchanges, compute your capital gain or loss, and generate the tax paperwork you need each year.
This material has been prepared for informational purposes only and should not be interpreted as professional advice. Please seek independent legal, financial, tax or other advice specific to your particular situation.
