Mid-year Crypto Crime Update: $1.9 billion worth of cryptocurrency has been stolen in hacks of services – report

Total scam revenue for 2022 currently sits at $1.6 billion, 65% lower than where it was through the end of July in 2021, and this decline appears linked to declining prices across different currencies, according to blockchain analysis firm Chainalysis. 

Cryptocurrency transaction volumes this year for both illicit and legitimate entities are tracking behind 2021 through July. Overall, criminal activity appears to be more resilient in the face of price declines: Illicit volumes are down just 15% year over year, compared to 36% for legitimate volumes.

Where illicit activity is increasing in 2022: Hacking and stolen funds

No area of cryptocurrency-based crime is bucking the 2022 trend of declining revenue like stolen funds. 

Through July 2022, $1.9 billion worth of cryptocurrency has been stolen in hacks of services, compared to just under $1.2 billion at the same point in 2021. This trend doesn’t appear set to reverse any time soon, with a $190 million hack of cross-chain bridge Nomad and $5 million hack of several Solana wallets already occurring in the first week of August (neither is represented on the graph above as we’ve chosen July 31 as our cutoff point). 

Much of this can be attributed to the stunning rise in funds stolen from DeFi protocols, a trend that began in 2021. As we’ve covered previously, DeFi protocols are uniquely vulnerable to hacking, as their open source code can be studied ad nauseum by cybercriminals looking for exploits (though this can also be helpful for security as it allows for auditing of the code), and it’s possible that protocols’ incentives to reach the market and grow quickly lead to lapses in security best practices. Furthermore, much of the value stolen from DeFi protocols can be attributed to bad actors affiliated with North Korea, especially elite hacking units like Lazarus Group. We estimate that so far in 2022, North Korea-affiliated groups have stolen approximately $1 billion of cryptocurrency from DeFi protocols. 

Additionally, we shouldn’t expect theft to drop based on cryptocurrency market movements the way scamming does — as long as crypto assets held in DeFi protocol pools and other services have value and are vulnerable, bad actors will try to steal them. The only way to stop them is for the industry to shore up security and educate consumers on how to find safe projects to invest in. Law enforcement, meanwhile, must continue developing their ability to seize stolen cryptocurrency to the point that hacks are no longer worthwhile.