Crypto users and projects must keep their heads on a swivel going into the next bull market, watching out for untrustworthy exchanges, unsecured decentralized finance (DeFi) protocols and ever-evolving phishing scams.
In January, hackers launched 30 attacks and made off with over $182.5 million in stolen funds, marking a year-on-year increase of 771% from January 2023 and a nearly 84% bump from December, according to data from PeckShield.
February also shaped up to be a record month for exploiters with over $380 million stolen — over double that of January. At least $290 million alone was pilfered from PlayDapp, along with $26 million from FixedFloat and $9.7 million from Axie Infinity co-founder Jeff Zirlin.
#PeckShieldAlert Hackers stole ~$360.83m across over 21 attacks in February 2024, marking a MoM increase of 97.6% compared to January 2024. Additionally, ~1.8% of the stolen funds have been returned, totaling ~$6.7 million pic.twitter.com/MCykceNun5
— PeckShieldAlert (@PeckShieldAlert) March 1, 2024
“Education is the first line of defense in keeping crypto safe,” Chainalysis cybercrime research lead Eric Jardine told Cointelegraph. “For users, awareness is always important.”
Jardine said crypto protocols typically have wide-open transparency due to their open-source development. Great for users wanting to audit the code but also opens opportunities for bad actors who can “analyze the scripts for vulnerabilities and plan exploits well in advance.”
“Research about the platforms and DeFi protocols before engaging with them,” Jardine said. “Understand their security features and strategy, and look for updates from the platform on how they are enhancing these.”
Check, then check again
In 2023, over 324,000 crypto users were hit by phishing scams, with around $295 million lost, Scam Sniffer analysis shows.
The anti-scam platform told Cointelegraph that “social media has the most scam links,” noting that malicious websites are often linked in advertisements on these platforms.
Beosin security researcher Pan Tao warned that phishing attacks advertised on X disguised as Ethereum staking and token airdrops “have been frequent and effective recently.”
On Feb. 25, phishing attackers compromised the X account of MicroStrategy and stole at least $440,000, draining wallets in a scam token airdrop.
The attacker reportedly directed users to a look-alike website, microsfrategy.com.
Scam Sniffer said users should always verify that the website URL is correct from multiple sources and understand what a contract does before they sign a transaction.
Meanwhile, Tao warned that drainer-as-a-service tools — such as those used in the fake airdrop — have become a “mature and convenient phishing tool,” and attackers are known to advertise scams on Google and X.
Having safe CEX
Beosin’s Tao said that many new crypto users will buy their first digital assets on a centralized exchange (CEX) owned and operated by one entity.
At the same time, there have been “several CEX scams,” including the theft of customer funds by FTX and the alleged fraud by JPEX on its users.
Tao suggested the criteria for choosing a secure, centralized exchange should start with ensuring it’s licensed “or at least publishes its proof of reserves periodically.”
It also must have “no withdrawal issues or high withdrawal fees” along with “timely customer support and clear responses.”
Guard those private keys
DeFi protocols should ensure their security efforts cover vulnerabilities on and off the blockchain, Jardine said.
On-chain vulnerabilities — such as in smart contracts — “drove the majority of DeFi hacking activity in 2023,” Jardine noted. “This changed through the year with compromised private keys driving a larger share of hacks in the second half of the year,” he added.
Related: ZK-proofs introduce security challenges for developers
“The key takeaway for DeFi protocols is that their security efforts should cover more than just on-chain vulnerabilities and smart contracts, especially amid the rise in off-chain vulnerabilities.”
Projects can create systems to monitor on-chain activity for potential vulnerabilities, Jardine suggested.
He noted some firms offer products that can alert and react to cyberattacks, helping secure third-party integrations and “communicate with customers who might be at risk.”
Jardine said Chainalysis has seen improved DeFi protocol security practices and highlighted losses from protocol hacks dropped about 64% year-on-year to $1.1 billion for 2023.
Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in
