Current Trends and Future Predictions for Crypto Crime— 2024 Hackhub Analysis

Merkle Science analysts reveal alarming trends in private key compromise, DeFi hacks, smart contract exploits, and more. What can these trends tell us about the future of crypto crime and risk mitigation? 

The ever-evolving landscape of crypto crime offers invaluable lessons for financial crime investigators. By analyzing recent trends and money laundering tactics, we can uncover critical insights to shape our strategies moving forward. Our 2024 Hackhub Report highlights alarming trends in private key compromises, decentralized finance (DeFi) hacks, smart contract exploits, and more. Understanding these evolving trends helps financial crime investigators better investigate and mitigate future crime. 

This blog analyzes some of the key takeaways from the 2024 Hackhub Report to give you key insights into the latest criminal trends and delves into the future of crypto crime, exploring how innovation in the crypto space will influence the next frontier in financial crime. 

For a deeper dive into our data and case studies, download our full report or request a consultation with our team.  

Key Takeaways from the 2024 HackHub Report

While 2023 saw 10% more attacks than the year prior, attackers netted 15% less funds on average.

2023 was a year that epitomized both the persistent security challenges facing the blockchain ecosystem, and its ecosystem players' resilience against these challenges. While the total value stolen in 2023 dropped by 15% compared to 2022, the number of attacks increased by approximately 10%. 

Why it matters:

1. Increased Volume of Cases: With a 10% increase in attacks, investigators must be prepared for a higher volume of cases. This means enhanced workload management and the need for more efficient investigation techniques to keep up with the growing number of incidents.This could indicate that while individual heists may be becoming increasingly less lucrative, the overall threat landscape is expanding. Investigators should be prepared for a higher volume of smaller, yet still impactful, breaches.
2. Shift in Attack Patterns: The decrease in the value stolen per attack suggests that while high-value targets are becoming harder to exploit, attackers are diversifying their efforts. The significant vulnerabilities within the DeFi space, evidenced by the increased number of attacks in the DeFi sector, call for targeted efforts to strengthen defenses in this area. As DeFi does not provide a direct fiat off-ramp for criminals, these illicit funds will inevitably make their way back to CeFi exchanges, oftentimes obfuscated by long and complex routes of chain hopping and/or mixing. 
3. Persistent Sophisticated Threats: The continued involvement of sophisticated criminal syndicates like the Lazarus Group underscores the ongoing threat of highly skilled adversaries. This necessitates continuous education and training for investigators to stay ahead of evolving tactics and techniques used by such groups.

Private key compromises in DeFi and hot wallet attacks in CeFi accounted for more than half of stolen funds in 2023

Private key compromises and hot wallet attacks surged in 2023, becoming the largest attack vectors responsible for over 78% of total losses, amounting to $2.5 billion. 

Why it matters:

1. Emerging Vulnerabilities in DeFi: The DeFi ecosystem, being relatively nascent, lacks the mature security protocols that CeFi exchanges have developed over time. This makes DeFi platforms more susceptible to attacks. DeFi projects need to focus on these emerging vulnerabilities to prevent substantial financial losses and protect the integrity of the DeFi space. Common attack techniques used successfully in CeFi are now being transferred to DeFi, indicating a need for cross-sector learning and adaptation. Investigators with experience in CeFi can leverage their knowledge to bolster DeFi security, but this requires targeted education and awareness programs.
2. Lack of Hardened Security Measures: New organizations and projects in both DeFi and CeFi often do not have the same level of security sophistication as those that are more established in the space. This gap provides an opportunity for criminals to exploit weaker defences. It is crucial for compliance and security professionals to promote and implement robust security best practices to keep user funds safe. In DeFi in particular, where anyone can quickly copy and paste an existing project’s smart contract and have a fully functional decentralized exchange (DEX) in a matter of minutes, understanding how permissions for that smart contract are set up and the security measures in place for the admin address that created the smart contract are pivotal.
3. Necessity of Training and Education: As attackers adapt and shift their focus to DeFi, there is an urgent need for comprehensive training and education for both investigators, DeFi project builders, and participants. Understanding these new attack vectors, red flags in DeFi projects, and how to defend against them is essential for staying ahead of cybercriminals.
   
   
   

Despite monetary losses due to smart contract vulnerabilities dropping 93%, they still made up nearly half the number of all hacks in 2023

Losses due to smart contract vulnerabilities dropped by a staggering 93% from 2022, totalling $171 million. However, these vulnerabilities still accounted for nearly half of all hacks in 2023, underscoring the ongoing risk they continue to pose. 

Why it matters:

1. Ongoing Risk and Prevalence: The fact that smart contract vulnerabilities still account for 46% of all hacks underscores that these weaknesses remain a critical threat. DeFi projects must remain vigilant and continue to prioritize the identification and analysis of new smart contract exploits to protect their users. Investigators and compliance professionals must understand how funds move from these compromised smart contracts as it is common for these funds to be made up of low market cap coins that must then be swapped for higher cap coins like Ethereum that can more easily be off-ramped by CeFi exchanges. This process can further obfuscate the flow of funds.
2. Impact of Enhanced Security Practices: The substantial decrease in losses from smart contract vulnerabilities suggests that enhanced security measures, such as better auditing practices and robust development protocols, are effective. Compliance professionals should advocate for and implement these best practices across all projects to sustain and further this positive trend.
3. Importance of Continuous Auditing: Despite the decrease in total losses, the high number of incidents indicates that many smart contracts are still vulnerable. Continuous auditing and regular security reviews are essential to detect and address vulnerabilities before they can be exploited by malicious actors. It is essential for investigators and compliance professionals to warn users of the risks and red flags associated with new, unaudited smart contracts. This is especially true when market conditions rise and new pump-and-dump meme coins and fake projects flood DeFi, with many of these projects promoted over popular social media channels. 

Attackers continue to focus on vulnerabilities in DeFi projects rather than CeFi as DeFi projects suffer the most losses in 2023

Decentralized Finance (DeFi) projects continue to be the primary focus of attacks, with smart contracts and protocols on Ethereum and Binance Smart Chain suffering the most exploits. As DeFi grows, so does its attractiveness to attackers, necessitating rigorous security measures and continuous monitoring.

Why it matters:

1. Growing Attractiveness of DeFi: The growth of the DeFi ecosystem brings new opportunities for exploitation, making it imperative for compliance professionals to implement rigorous security measures and continuous monitoring to safeguard their projects. With DeFi projects accounting for over 95% of total attacks in both 2022 and 2023, it is clear that this sector remains a high-risk area. Investigators will likely continue to trace funds across the DeFi ecosystem where the majority of vulnerabilities and exploits are occurring. Understanding how criminals are moving funds across DeFi will be pivotal to identifying when these illicit funds are moved to CeFi exchanges for off-ramping.
2. Evolving Attack Patterns and Importance of Cross-Chain Security: While Ethereum was the most attacked blockchain in 2023, a  major shift in the number of attacks from Ethereum to other EVM chains like Binance Smart Chain (BSC) highlights the evolving nature of attack patterns. This necessitates a broader focus on multiple chains and continuous adaptation to emerging threats. The spread of Total Value Locked (TVL) across various EVM and EVM-compatible chains emphasizes the need for cross-chain security solutions. Investigators and compliance teams must ensure that security and investigative practices are consistent and effective across all chains.
3. Need for Advanced Security Tools: The persistent focus on DeFi vulnerabilities across several blockchains highlights the necessity for advanced security tools and practices. Compliance professionals must leverage cutting-edge technologies for smart contract auditing, threat detection, and risk assessment to stay ahead of attackers.

Looking Ahead at the Future of Crypto Crime—How innovation will affect victims, criminals, and investigators

As the cryptocurrency landscape continues to evolve and expand, so too does the complexity and sophistication of crypto crime. From the DeFi sector bringing in novel attack vectors to investigators continuing to advance their crypto expertise, the battle against crypto crime is entering a new phase. Based on the current trends revealed in our Hackhub Report, we predict the following:

While the crypto ecosystem continues to grow and evolve, the methods behind crypto crime will continue to become increasingly sophisticated. But recent high-profile arrests highlight how crypto-savvy investigators can turn the tide.

The recent arrest of Anton Peraire-Bueno and James Pepaire-Bueno, two brothers accused of exploiting the Ethereum blockchain—in the first ever attack of its kind—to steal $25 million in cryptocurrency, underscores both the growing sophistication of crypto crimes and the advanced capabilities of modern investigative agencies. 

The Peraire-Bueno brothers, leveraging their advanced education in mathematics and computer science, devised a novel scheme to manipulate the very protocols that ensure the integrity of blockchain transactions. Their meticulously planned operation involved months of preparation, including studying the trading behaviors of their victims and setting up shell companies to conceal their identities.

In just 12 seconds, the brothers executed their exploit, fraudulently accessing and altering pending transactions on the Ethereum blockchain. Despite their technological prowess and efforts to cover their tracks, the sophisticated investigative work of the Department of Justice (DOJ) and the IRS Cyber Investigations Unit unraveled their scheme. Using cutting-edge technology and traditional investigative techniques, these agencies traced the stolen funds, leading to the arrests of the Peraire-Bueno brothers.

This case illustrates a critical point: as cryptocurrency markets evolve, so too will the methods used by criminals. However, it also highlights the resilience and adaptability of law enforcement agencies. The expertise demonstrated by the DOJ and IRS in this case is a testament to their commitment to maintaining the integrity of financial systems and supporting victims of crypto crimes. 

By staying ahead of emerging threats, these agencies are not only bringing perpetrators to justice but also restoring confidence in the cryptocurrency ecosystem. Continued education, learning advanced investigative techniques, and keeping up with innovation in the space are crucial for investigators to effectively tackle novel crimes like this one. This commitment to ongoing development ensures that law enforcement remains prepared to counter the ever-evolving tactics of cybercriminals.

Wider adoption of innovations in private key management—such as MPC key generation and smart accounts—will make it harder for criminals to compromise private keys, but these techniques will also open novel attack vectors yet to be seen.

With private key compromises and hot wallet attacks on the rise, it's imperative to implement and enforce strong key management practices. We’re past the days of simply saving your single private key in a safety deposit box at your bank. The wider adoption of more secure private key management technologies is set to bolster the security of cryptocurrency holdings significantly. 

Innovations like Multi-Party Computation (MPC) key generation and smart accounts are at the forefront of this movement, offering enhanced protection against traditional key compromise methods. MPC key generation, for instance, involves multiple parties collaboratively generating and managing cryptographic keys without ever exposing the entire key to any single party. This method drastically reduces the risk of a single point of failure, making it exponentially more challenging for cybercriminals to steal private keys.

Similarly, smart accounts, which leverage programmable smart contracts to manage access and permissions, add another layer of security and functionality. These accounts can incorporate features such as multi-signature requirements, automated recovery processes, and user-defined spending limits, all of which contribute to a more secure and user-friendly experience. As a result, the adoption of these innovations is expected to create a more resilient ecosystem, where individual users and institutions can safeguard their assets more effectively.

However, with these advancements come new challenges. As with any technological innovation, the introduction of MPC key generation and smart accounts will likely bring about unforeseen attack vectors. Cybercriminals are adept at adapting to new security measures, and the complexity of these technologies may present opportunities for novel exploits. For instance, vulnerabilities in the implementation of MPC protocols or flaws in smart contract code could be targeted, potentially leading to sophisticated attacks that were previously unimaginable.

The ongoing development and integration of these technologies will require a proactive approach from both the crypto industry and regulatory bodies. Continuous research, rigorous testing, and collaboration between security experts will be essential to identify and mitigate emerging threats. Additionally, educating users about the proper use and potential risks associated with these advanced key management techniques will be crucial in fostering a secure and trustworthy cryptocurrency environment.

DeFi will continue to be a hotbed for criminal exploitation, with funds moving to CeFi exchanges to off ramp to fiat.

DeFi has revolutionized the financial landscape by providing decentralized alternatives to traditional financial services. However, its rapid growth and relatively unregulated nature have also made it a prime target for criminal exploitation. DeFi platforms, with their open-source protocols and automated smart contracts, offer cybercriminals a plethora of opportunities to exploit vulnerabilities and abscond with vast amounts of digital assets.

Once illicitly obtained funds are secured within the DeFi ecosystem, criminals often seek ways to convert these digital assets into fiat currency—a process known as off-ramping. Centralized Finance (CeFi) exchanges, with their robust infrastructure and deep liquidity, are the prime focal point for these activities. Criminals utilize a variety of techniques to move their funds from DeFi to CeFi platforms, including chain-hopping (moving funds across different blockchain networks), mixing services (which obfuscate transaction trails), and using decentralized exchanges (DEXs) to swap tokens.

Despite the efforts of CeFi exchanges to enforce stringent Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols, oftentimes the funds entering the exchange can be so far removed from the initial criminal act that it may be difficult for their automated systems to detect the link. Or the DeFi hack wasn’t high-profile enough to catch the attention of the necessary parties to tag the appropriate addresses before the funds could be off-ramped. 

The ongoing battle against DeFi exploitation and the subsequent off-ramping to CeFi exchanges requires a multifaceted approach. Strengthening the security of DeFi platforms through rigorous code audits, real-time monitoring, and the implementation of advanced security measures is paramount. Additionally, fostering collaboration between DeFi and CeFi entities, along with regulatory bodies, can help create a more unified front against criminal activities. Enhanced information sharing and coordinated responses to suspicious activities can significantly improve the detection and prevention of illicit transactions.

Level up your ability to investigate and mitigate cryptocrime.

With the right strategies and a proactive approach, financial crime investigators can make significant strides in creating a safer and more secure blockchain ecosystem. By leveraging the latest insights and staying ahead of emerging trends, the crypto community can turn the tide against attackers and build a resilient future.

Advancements in blockchain analytics provide powerful tools for detecting and preventing crypto-enabled crime. By analyzing transaction patterns and identifying suspicious activities, investigators can gain valuable insights into criminal behavior and disrupt illicit networks more effectively. To equip yourself and your team with the necessary tools and knowledge, download our full report on crypto crime mitigation or request a free consultation with our experts. Together, we can build a safer future for the cryptocurrency industry.