In its new Crypto Crime Report, blockchain analytics startup Chainalysis reports a record $20.6 billion in crime-related transactions. That’s less than 1% of crypto market volume.
Crypto theft peaked in 2022. Chainalysis said that $3.8 billion, more than any other year, was stolen from numerous services and protocols, including $775.7 million in October. According to the report, scammers and ransomware hackers’ revenue fell.
DeFi protocols—especially cross-chain bridges—accounted for 82.1% of the stolen cash. “Bridges are an enticing target for hackers since the smart contracts in effect become massive, centralized warehouses of monies backing the assets that have been crossed to the new chain—a more desirable honeypot could barely be imagined,” the paper states.
According to Chainalysis, oracle manipulation is a developing trend in DeFi hacks. An attacker compromises the methods by which a decentralized protocol gets a price for traded assets, creating advantageous conditions for rapid and super-profitable deals. The research says 41 oracle manipulation attacks cost DeFi protocols $386.2 million in 2022.
Mango Markets exploiter Avraham Eisenberg was arrested and charged with commodity manipulation in U.S. court.
In 2022, Lazarus hackers stole $1.7 billion from various victims. Tornado Cash, Blender.io, and Sinbad received most of that money. Elliptic, a blockchain intel startup, suggested Blender’s team launched Sinbad.
One major element may affect illicit transactions statistics: Chainalysis reported that sanctioned companies accounted for 43% of unlawful transactions in 2022.
Chainalysis claimed sanctioned business Garantex undoubtedly receives payments from “Russian consumers using a Russian exchange,” although most compliance professionals consider these transactions unlawful.
The U.S. sanctioned Hydra, Garantex, Blender.io, and Tornado Cash in 2022. According to Chainalysis, 6.1% of Garantex’s funds were illegal (still 20 times more than centralized exchanges) and 34% of Tornado Cash’s.
Sanctions severely reduced Tornado Cash’s funding, while Garantex continued to get payments through frauds and darknet stores, Chainalysis reported.
Mixers moved $7.8 billion in crypto in 2022, down from $11.5 billion in 2021. Last year, the OFAC sanctioned mixers Tornado Cash and Blender.io for being used by North Korean hacker organization Lazarus.
Chainlaysis stated ransomware criminals move extorted money to centralized crypto exchanges, leaving crypto infrastructure vulnerable. Chainalysis reported that centralized exchanges continue to receive illegal cash despite increased law enforcement scrutiny.
“In DeFi attacks, attackers often wind up with tokens that aren’t listed on other exchanges, so they need to use decentralized exchanges (DEXes) to trade them for more liquid crypto assets,” according to the research.
Bitzlato, whose founder and staff were jailed in January, and other cybercriminals use darknet sites, mixers, and centralized exchanges with poor KYC (Know Your Customer) security.
The report examines Deadbolt, a 2022 ransomware variant. Deadbolt operators targeted small businesses and individuals and earned almost $2.3 million from 4,923 victims, who averaged $476 per, in 2022.
This gang sent ransom-payers decryption keys: After a victim sent bitcoin to Deadbolt’s address, another transaction would automatically send back a little amount of bitcoin (about $1) with the decryption key in the OP-RETURN field.
The Dutch Royal Police, which investigated the gang, obtained decryption keys for a dozen victims without their money using this mechanism: After receiving the key, the police returned payout transactions to the hackers via the replace-by-fee mechanism.
Replace-by-fee lets miners add a more profitable transaction to the Bitcoin blockchain by replacing an already began transaction with a new one with a higher fee. The original transaction becomes invalid because the bitcoin is already spent.