- Written by
Cybercriminals excel when it comes to adapt to changing environments on the web. They exploit existing vulnerabilities, gain unauthorized access, compromise sensitive information, or defraud individuals. “Sextortion scam emails and an alarming growth of deceptive Android loan apps,” are on the rise, according to the H1 2023 Threat Report released by the software company specialized in cyber security ESET.
The current version of the Internet used, known simply as the web, is in fact web2. It focuses on reading and writing content aiming at connecting people. Web3 is its next iteration, focusing on creating content that users can share knowledge on open and decentralized platforms.
Although cybercriminals in general always seem to be one step ahead, global regulators managed to break this trend when it came to losses related to web3 criminality during the past six months.
“The main reasons contributing to this phenomenon include the gradual improvement of global regulatory systems, increased law enforcement efforts, improved security awareness among projects, the sanctioning of Tornado Cash, and enhancements in anti-money laundering (AML) technology and procedures,” the blockchain security company Beosin said in its Global Web3 Security Statistics & AML Analysis for the first half of the year.
Total losses from hacks, phishing scams, and rug pulls in web3 dropped by 66 percent to 656 million US dollars in the first half of 2023. Data from ESET confirms this positive trend of steadily declining cyber threats to the web3 universe, despite the strong performance of crypto currencies during the period. The largest crypto currency, Bitcoin, for instance rose 83 percent, far more than other assets such as the Nasdaq index, gold and euro.
A large proportion of the losses resulted from successful hacks
Losses due to hacks represented roughly three quarters of the total losses, phishing scams a sixth and rug pulls a tenth, the Beosin report shows. A rug pull occurs when developers entice investors into what appears to be a lucrative project, only to vanish with the funds, leaving the investors with nothing.
The greatest hack during the period affected Euler Finance. The lending and borrowing platform for cryptocurrencies had around 200 million dollars in assets unlawfully extracted from its protocol in March. Three weeks later, all recoverable funds were returned to the company – one of the largest recoveries of stolen assets in the history of DeFi.
However, there was no happy ending for those affected by the second largest hack against Atomic Wallet in June. Users lost their wallets with losses estimated at nearly 70 million dollars. These stolen funds, mainly found on the Ethereum blockchain, were laundered by the hackers through the Sinbad mixer. This coin mixer is reportedly the one that the North Korean state-sponsored hacking group Lazarus Group uses.
DeFi projects & Ethereum blockchain most affected by cybercrime
Security incidents mostly affected DeFi projects (through contract vulnerabilities), far ahead of attacks affecting wallets, crypto exchanges, crypto brokerages, ATM machines, non fungible tokens (NFT) … They accounted for more than 60 percent of all incidents, far ahead of wallet incidents representing 16 percent.
As for the blockchains targeted by crypto fraudsters, Ethereum’s held the unenviable first position with losses reaching 356 million dollars in total. BNB Chain was subject to more than half of all attacks, but total losses amounted to 29 million dollars.
Stay informed, read companies’ security alerts!
To keep you crypto wallets safe, it is highly recommended to pay attention to companies’ security alerts on a regular basis, to systematically learn about anti-phishing and anti-theft practises, and to consider installing anti-phishing plugins and other similar fraud prevention tools.