Crypto Hacks Decline as Hackers Return Stolen Funds

Crypto Hacks Decline as Hackers Return Stolen Funds

3 min read

A recent report by blockchain intelligence firm TRM Labs has revealed that hackers managed to steal approximately $400 million from cryptocurrency projects in 40 attacks during the first quarter of 2023. This figure represents a significant crypto hacks decline of 70% compared to the same period in 2022. Interestingly, the average size of each hack has also decreased, dropping from $30 million in 2022 to $10.5 million in 2023.

A noteworthy trend emerging in the crypto hacking landscape is the growing propensity of hackers to return the funds they pilfer, often in exchange for a “white hat” reward from the exploited projects. TRM Labs estimates that hack victims were able to recover almost half of the stolen funds so far in 2023.

For instance, a hacker who exploited the TenderFi protocol chose to return 50% of the $1.6 million acquired through the attack, with TenderFi rewarding them with $850,000 as part of the agreement. Similarly, the hacker behind the Euler lending protocol exploit agreed to return the entire $200 million worth of cryptocurrency that was absconded. In another case, the hacker who drained the Safemoon protocol returned $7.1 million of the stolen crypto, keeping the remaining $9 million for themselves.

Why Did the Crypto Hacks Decline?

Potential reasons for the crypto hacks decline are not immediately apparent, but according to TRM Labs, two recent events may have temporarily dissuaded potential attackers. In December 2022, US authorities arrested Avraham Eisenberg, the perpetrator of a $116 million price manipulation attack against the DeFi platform Mango Markets in October of that year. Despite Eisenberg returning a portion of the funds under the assumption that legal action would not be pursued, he was charged by the SEC (Security & Exchange Commission) for violating anti-fraud and market manipulation provisions of securities laws.

Additionally, Mango Markets filed a lawsuit against Eisenberg, seeking $47 million in damages plus interest. This prosecution of Avraham may have served as a signal to other potential attackers that an agreement with the victim does not guarantee immunity from legal consequences.

Furthermore, in August 2022, the US Treasury imposed sanctions on the cryptocurrency mixer Tornado Cash, citing its use in laundering over $7 billion worth of virtual currency since its establishment in 2019. Hackers had extensively utilized Tornado Cash to obscure the origins of funds, including in the $600 million hack of Axie Infinity by the North Korea-aligned Lazarus Group in March 2022 and the $100 million attack on Harmony bridge in June 2022. The imposition of sanctions by the US government on crypto-related targets likely raised the potential costs associated with executing such attacks and made laundering the proceeds more challenging.

The crypto industry has also witnessed the continued implementation of anti-money laundering standards by VASPs (virtual asset service providers), as well as increased efforts by law enforcement and regulators to pursue malicious actors. Additionally, the development of increasingly sophisticated blockchain intelligence tools has enhanced the industry’s ability to track and mitigate hacking incidents.

A Temporary Respite?

Unfortunately, this deceleration may just be a temporary respite rather than a long-lasting pattern. The character of cyber-attacks on cryptocurrencies, the magnitude of the deceleration, and insights acquired from previous cycles offer a stronger hint at what might be in motion.

A handful of significant breaches account for most funds pilfered from crypto platforms and users, leading to highly erratic fluctuations in the total amount stolen on a monthly basis. As indicated by an examination of hacks and exploits conducted by TRM Labs, the ten most substantial breaches in 2022 were responsible for roughly 75% of the total funds stolen that year.

Furthermore, individual quarters provide inadequate foresight regarding the extent of losses incurred from breaches over the entire year. The volume of funds stolen and the number of incidents in the first quarter of 2023 closely resembled those of the third quarter in 2022, which was followed by an unprecedented surge in breaches that made 2022 a record-breaking year.

Cyberattacks and exploits in the realm of cryptocurrency can lead to significant financial losses for investors, traders, DeFi projects, and exchanges, while also tarnishing the industry’s reputation and trust.

Although a resurgence in crypto breaches is likely, widespread implementation of industry security measures and enhanced user education can help avert a revisit to or surpassing of the record-setting USD 3.7 billion stolen in 2022.


Stay informed with our Bi-Weekly Pulse for the latest crypto and blockchain news.

Get access to the week’s most interesting reads, stats and find out about the most recent trends in the cryptocurrency market.