Losses of cryptocurrency assets due to hacks rose to $3.7 billion last year, a 58 percent increase over the $2.3 billion that cybercriminals stole from investors and exchanges in 2021, according to a report released Thursday by Immunefi, a web3 security testing platform.
The firm’s analysis found that hacks accounted for more than 95 percent of all cryptocurrency theft. Frauds and scams made up the rest of the losses. Researchers at Immunefi tracked 134 specific hacking incidents in 2022, an increase from 104 hacks in 2021.
The findings aren’t surprising to those that have followed a banner year in cryptocurrency hacks. Analysts predicted early on that this would be a record year for cryptocurrency hackers. By October, hackers had already grossed $3 billion from 125 hacks, according to researchers at Chainalysis.
One of the biggest hacks was a $625 million theft of cryptocurrency assets from Ronin Bridge, a tool that allows users to move currency between blockchains. The U.S. government later attributed the attack to North Korean hackers, underscoring growing national security concerns with the industry’s weak cybersecurity practices. Researchers at the blockchain analytics firm Elliptic also tied North Korean hackers to a $100 million hack of Harmony Bridge in June.
The massive losses have prompted scrutiny from U.S. officials about how the illicit use of cryptocurrency poses a national security threat. The Treasury Department responded in August by sanctioning mixer Tornado Cash citing use by North Koreans in part. And in September the Justice Department’s National Cryptocurrency Enforcement Team established a nationwide network of federal prosecutors focused on combatting the illicit use of digital assets.
The Immunefi report also found that decentralized finance projects continued to be the main hacking victim in 2022. The hacks are a wake-up call for cryptocurrency developers, especially of bridge projects that carry enormous amounts of capital, said Adrian Hetman, tech lead at Immunefi.
“Two years ago, I wouldn’t even think about some hacker reaching over $100 million,” said Hetman. “But in the last two years, we’ve seen multiple cases like that.”
There are signs, however, that cryptocurrency companies are starting to take cybersecurity more seriously. Firms specializing in auditing code for cryptocurrency projects reported booming business in 2022. Immunefi found that cryptocurrency bounty payments through its platform were up from around $13 million in 2021 to just over $52 million in 2022.
Despite being less lucrative than hacks, cryptocurrency scams and frauds still present a serious problem for U.S. consumers. In June, the Federal Trade Commission reported that losses from cryptocurrency fraud climbed to more than $1 billion between January 2021 through March 2022.