Advertisement

Cryptocurrency hacks shot up in 2022, amounting to almost $4 billion in losses

The massive losses have prompted scrutiny from U.S. officials about how the illicit use of cryptocurrency poses a national security threat. 
(Photo by NHAC NGUYEN/AFP via Getty Images)

Losses of cryptocurrency assets due to hacks rose to $3.7 billion last year, a 58 percent increase over the $2.3 billion that cybercriminals stole from investors and exchanges in 2021, according to a report released Thursday by Immunefi, a web3 security testing platform.

The firm’s analysis found that hacks accounted for more than 95 percent of all cryptocurrency theft. Frauds and scams made up the rest of the losses. Researchers at Immunefi tracked 134 specific hacking incidents in 2022, an increase from 104 hacks in 2021.

The findings aren’t surprising to those that have followed a banner year in cryptocurrency hacks. Analysts predicted early on that this would be a record year for cryptocurrency hackers. By October, hackers had already grossed $3 billion from 125 hacks, according to researchers at Chainalysis.

One of the biggest hacks was a $625 million theft of cryptocurrency assets from Ronin Bridge, a tool that allows users to move currency between blockchains. The U.S. government later attributed the attack to North Korean hackers, underscoring growing national security concerns with the industry’s weak cybersecurity practices. Researchers at the blockchain analytics firm Elliptic also tied North Korean hackers to a $100 million hack of Harmony Bridge in June. 

Advertisement

The massive losses have prompted scrutiny from U.S. officials about how the illicit use of cryptocurrency poses a national security threat. The Treasury Department responded in August by sanctioning mixer Tornado Cash citing use by North Koreans in part. And in September the Justice Department’s National Cryptocurrency Enforcement Team established a nationwide network of federal prosecutors focused on combatting the illicit use of digital assets.

The Immunefi report also found that decentralized finance projects continued to be the main hacking victim in 2022. The hacks are a wake-up call for cryptocurrency developers, especially of bridge projects that carry enormous amounts of capital, said Adrian Hetman, tech lead at Immunefi.

“Two years ago, I wouldn’t even think about some hacker reaching over $100 million,” said Hetman. “But in the last two years, we’ve seen multiple cases like that.”

There are signs, however, that cryptocurrency companies are starting to take cybersecurity more seriously. Firms specializing in auditing code for cryptocurrency projects reported booming business in 2022. Immunefi found that cryptocurrency bounty payments through its platform were up from around $13 million in 2021 to just over $52 million in 2022.

Despite being less lucrative than hacks, cryptocurrency scams and frauds still present a serious problem for U.S. consumers. In June, the Federal Trade Commission reported that losses from cryptocurrency fraud climbed to more than $1 billion between January 2021 through March 2022.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts