- Crypto thieves will deploy more convincing AI scams in 2024, firms warn
Crypto investors will have to keep their eyes peeled for sophisticated phishing scams and a plethora of smart contract vulnerabilities next year, according to blockchain security firms.
AI-powered phishing scams, BRC-20 exploits, and new smart contract vulnerabilities are among the biggest threats that crypto projects and investors will likely face in 2024, according to blockchain security firms.
While the $1.7 billion in scam and hack-related losses in 2023 stands as an undeniable improvement to the $4 billion lost in 2022 — Jesse Leclere, a blockchain analyst from CertiK, warned that scams are only becoming more advanced and users should remain hyper-vigilant for well-executed exploits.
“Phishing, evolving in its sophistication, will likely target not only individual users but also corporate systems […] using social engineering tactics tailored to the crypto context,” said Leclere, pointing to the Dec. 14 Ledger Connect exploit as a prime example of an advanced attack.
One of the key elements that will see phishing scams become more nefarious is the use of generative AI, he added, allowing hackers to automate operations and create convincing fake calls, videos, and messages through which to ensnare potential victims.
As predicted, Generative AI scams are now here. These will be dramatically better in 12-24 months and hard for anyone to distinguish between reality and the AI fiction https://t.co/u7uaIEUodt
— Charles Hoskinson (@IOHK_Charles) December 15, 2023
Jenny Peng, a research analyst from 0xScope warns that AI could form a key component in generating ever-more realistic “deep fakes” to fool crypto users.
Peng added that hackers are likely to also give the burgeoning BRC-20 ecosystem “extra attention” next year due to a relative lack of developments in security.
See Also: Scammers Stole $3M Crypto On Christmas Day Using MS Drainer
“BRC-20 UniSat wallet launched in early 2023 and was promptly hit with a double-spend exploit. This incident shows that the BRC-20 ecosystem, where everything is new, will need to evolve its infrastructure quickly to be as battle-tested as Ethereum’s security-wise,” she added.
Already one of the most long-standing pain points for the industry, cross-chain bridges will continue to be a concern in 2024, said Leclere.
#PeckShieldAlert @MultichainOrg has been drained of ~$126M worth of cryptos, ranking it at #6 on our cross-chain bridge exploit leaderboard.
Additionally, #PolyNetwork, which was exploited for ~$25M, stands at #8.As of today, ~$1.92B associated with cross-chain bridges has… pic.twitter.com/UvJF8BwQfs
— PeckShieldAlert (@PeckShieldAlert) July 7, 2023
“As the industry increasingly adopts cross-chain solutions for greater interoperability, these protocols will become attractive targets for attackers, exploiting vulnerabilities arising from complex interactions between different protocols and chains,” he added.
Many of the crypto sector’s largest hacks to date have resulted from bridge exploits — with the infamous $650 million Ronin bridge hack still standing as the worst on record.
Without some serious security upgrades in the future, Leclere believes this will remain an issue for the industry heading into 2024.
Meanwhile, Phil Larratt, director of investigations at Chainalysis, offered a similar caution, warning that bad actors will grow increasingly adept at getting away with their ill-gotten gains.
“In 2024, we can anticipate that illicit actors are going to become more sophisticated in the tactics and techniques they use, especially as more long-standing traditional organized criminals and financial crime actors continue to adopt crypto,” he said.
With increasing know-how from security firms and law enforcement, Larratt warned that the next wave of scammers would most likely utilize privacy coins, bridges, mixers, and other obfuscation tools to a greater extent.
“In response to this likely trend, we will need more intensive law enforcement investigations, increased training and knowledge sharing by law enforcement organizations, even more advanced fraud protection programs, and continued partnerships between the public and private sectors,” he said.
