“The criminal crypto world combines old and new ways to manipulate markets,” say Chainanalysis and Avast experts.
According to a recent Chainanalysis write-up, North Korean hackers had a very successful 2021 year. As a result of launching at least seven large-scale attacks against cryptocurrency platforms, they made approximately $400 million worth of digital assets. But they are not the only ones.
New Crypto Crime Techniques
Cybercriminals have been adopting some new techniques, increasing the efficiency of their malicious efforts. Wash trading, for instance, is a practice that involves criminals executing a transaction in which the seller is on both sides of the trade, creating a misleading picture of an asset’s value and liquidity.
Other tricks include the following:
- Flash loan attacks – exchange members can borrow and then quickly repay funds without any collateral by abusing the smart contract features to pump up exchange rates.
- Rug pulls – developers of a new token quickly abandon their project and disappear with the invested funds.
- Chain hopping – moving funds from one kind of crypto to a series of others in an attempt to obfuscate their transactions.
Interestingly, abusing smart contract features is one of the risks stemming from non-fungible tokens, shortly known as NFTs. In a recent article, dedicated to NFT’s security risks, we pointed out that smart contracts create security loopholes in the existing NFT market. An attack against DeFi-based Poly Network is an example of this risk, where threat actors stole nearly $600 million.
Another crypto cybercrime trend involves ransomware groups. How successful have ransomware operators been in terms of revenue? Avast researchers point out that “at least 140 ransomware strains received payments from victims at any point in 2021, compared to 119 in 2020, and 79 in 2019.” The largest collection of strains belongs to Iran and Russia-based gangs.
Some of the most successful ransomware operations are affiliated with Russia, which reportedly made more than $400 million worth of crypto. Since 2020, 56% of the funds sent from ransomware addresses have arrived at one of six cryptocurrency businesses, including three large international exchanges, one high-risk exchange based in Russia, and two mixing services.
More information is available in the lengthy and very comprehensive Chainanalysis report.