2022 ‘largest year ever’ for crypto hacking, Chainalysis VP says
Chainalysis VP of Investigations Erin Plante joins Yahoo Finance Live to discuss crypto hacking, the state of the crypto industry, and the outlook for cybersecurity.
- We're going to bring in our guest here now, because, I mean, the hits to crypto seem neverending in 2022. And, of course, to add salt on the wound, crypto saw the biggest year ever for hacking as well with $3.8 billion worth of stolen cryptocurrencies. This, according to a new report from Chainalysis.
So here to break down the crypto hacking spree of the last year, and of course, the way forward for DeFi is Erin Plante, Chainalysis VP of Investigations, in this segment brought to you by Intuit TurboTax. Good to have you on the show, Erin. So you've noted that in the study by Chainalysis--
ERIN PLANTE: Thank you for having me.
- Good to see you too. Now, on top of what we saw with the scandal from FTX though, in terms of hacking, we also saw bumper numbers last year. Why did we see that? And we also saw some spikes as well for March on October. What was driving 2022's hacking spree?
ERIN PLANTE: We did. The last year, 2022, was the largest year ever for crypto hacking incidents. The largest months were March and October. March was largely driven by the large hack of the Ronin Bridge, which is the bridge that powers the Axie Infinity gaming platform, which seized over about $600 million. So it was a very large heist.
October was a significant month in many, many hacks in general. There were over 30 hacks that month and it made up the largest month ever for hacks. The scale of the hacks is definitely significant. There's been a large number of attack vectors, including kind of age-old fishing tactics and installation of malware. And we have seen a very large uptick in DeFi exploits as well, where the code of the smart contracts is manipulated itself.
And the largest hacking perpetrator is North Korea. They had a banner year in 2022, about a four-fold increase from the previous year. And they made off with approximately $1.7 billion, which is a significant increase from years past.
- So Erin, let's break some of that down. I want to start on North Korea there, because they do appear to be at least the most prolific actor in this space according to that report. What is unique about those attacks? And where is the money going. Where is it flowing to after the hack?
ERIN PLANTE: They've had a lot of success in the past years in hacking cryptocurrency platforms. And that success has brought them fairly significant rewards. And that success has also led them to put more resources on hacking. So the escalation this year is major. And they're attacking from a lot of different ways.
They're leveraging the same malware that they've leveraged for years, but they're also looking for new avenues, looking to exploit DeFi protocols. They're looking at server exploits, a lot of different ways that they can make off with crypto. And research shows that those funds are being used to evade sanctions and ultimately fund their weapons of mass destruction program. So it is quite alarming from a national security perspective.
- So, then, what makes a system an easier target than others?
ERIN PLANTE: DeFi protocols have been significantly hit this year. It's a newer technology and they don't have as much of a focus on cybersecurity. Although, that is changing. And with any new technology, there are vulnerabilities that exist.
It has a lot of new innovations. It has a lot of new use cases. And DeFi, in general, is newer in this space. So it's prone to more vulnerabilities. And we've seen that with the exploiting of the smart contracts themselves to steal money directly from the protocols.
We've also seen a significant increase in funds stolen from DeFi bridges. And the Ronin Bridge and the Harmony Bridge are two hacks that drew quite a bit of press this past year. They were both quite large in size, particularly the Ronin Bridge. And they also had very similar attack vectors.
Bridges, in nature, have a significant amount of liquidity because they are connecting proprietary technology to other blockchains. So at any time, there's a large number of assets that need to be funded across these bridges. And so there's typically a large number of tokens and assets that sit within that bridge with a large amount of liquidity so that it can handle all of the exchanges that go through the bridge.
- So, then, what does that mean for your outlook for 2023? And if you are a crypto investor, or you use some of these platforms, or you're a company that works with some of these protocols, what are the concrete steps people should be taking to protect themselves?
ERIN PLANTE: There is a much larger focus from a lot of different angles. The cybersecurity focus is definitely key. So there has been a significant increase in cybersecurity companies focusing on this space, as well as some of the newer innovations and the DeFi platforms to also look more deeply at cybersecurity because we want to stop the attacks before they occur. But there is also a need to focus on the money laundering itself.
Because if we can stop North Korea from ultimately converting their stolen crypto to cash or to other mechanisms that they can fund their missiles program, that makes it a lot less lucrative for them. So there has been quite a bit of regulation, quite a bit of policy. We've seen two sanctions this year of mixers that were an attempt to stop some of the avenues for money laundering. And there has been a significant effort by public and private sector companies to tackle the funds that are flowing through various services for the purpose of money laundering. And there's been some successful seizures of North Korea funds.
And those seizures continue to increase. And it's largely due to a heavy focus by private sector companies, as well as public sector companies.
- We'll certainly be keeping that on our radar. Erin Plante there, thank you so much, Chainalysis VP of Investigations, in this segment brought to you by Intuit TurboTax, thank you for joining me in this morning.