Criminal Activities Cause Losses of $30 Billion in the Crypto Sector

Digital financial products are increasingly coming under the crosshairs of cyberattacks.

However, evidence-based results are not yet available regarding the actual magnitude of these criminal activities. Researchers from the Complexity Science Hub and the University of Montreal have now, for the first time, shown that the global damage amounts to at least $30 billion and is on the rise. A preprint of the study was recently published on ArXiv.

Decentralized Finance (DeFi) represents a new financial paradigm that offers financial services, such as lending, through decentralized computer programs running on so-called blockchains. It’s well-known that numerous criminal attacks occur in this space.

However, “since there is no central point of contact for criminal activities, we could not make evidence-based statements about the total damage until now,” explains Bernhard Haslhofer, head of the Cryptofinance research group at the Complexity Science Hub.

AT LEAST 1,155 CRIMINAL INCIDENTS

Therefore, the researchers have now compiled documented criminal incidents in the crypto sector from various databases for the first time. In doing so, they identified a total of 1,155 criminal events from 2017 to 2022. “But this doesn’t mean there couldn’t be more cases. Accordingly, all our results are minimum values,” emphasizes Haslhofer. The resulting total damage: $30 billion, roughly equivalent to Luxembourg’s state revenue in 2022.

„These 1,155 cases might not be the whole picture, but they constitute one of the most extensive set of events analyzed to date. This represents the first step towards assessing the size and scope of the DeFi crime landscape,“ says Catherine Carpentier-Desjardins of the University of Montreal.

INCREASING CRIMINAL ACTIVITY

While only 16 criminal activities were documented in 2017, there were 308 reported crimes in 2021 and 435 in 2022. “This entire ecosystem is still in its infancy. It’s highly complex, and currently, we have little understanding of how it works. Therefore, security in this area remains a problem,” explains Haslhofer.

LARGEST LOSS: $3,6 BILLION

In half of the attacks, the damage exceeded $356,000, with the smallest “hack” amounting to just $158, while the largest was $3.6 billion. This significant loss was associated with Africrypt, a centralized financial platform (CeFi) from South Africa.

UNPRECEDENTED LOSSES IN CeFi

CeFi serves as the link between traditional finance and decentralized financial systems (DeFi). These are cryptocurrency trading exchanges where trading occurs with both fiat and cryptocurrencies through a centralized management system.

„Whether Africrypt was hacked or the administrators left with the money does not matter much: what matters is that someone could leave with clients’ investments because the money was centrally managed, even if the investment was in cryptocurrency,“ explains Masarah-Cynthia Paquet-Clouston from the University of Montreal. These types of events are frequent in the CeFi sector, and the resulting damages are unprecedented, according to the researchers.

CeFi: $20 BILLION LOSSES

While the researchers observed significantly more successful attacks in the DeFi sector, with 1,050 incidents, the damages in the CeFi sector are much higher. “With only 105 documented crimes, the damages amounted to $20 billion, which is two-thirds of the total damage,” explains Haslhofer. In comparison, regulatory authorities closely monitor platforms in the traditional financial sector, making such incidents less likely there.

MOST COMMON CAUSE: TECHNICAL WEAKNESSES

In addition to the extent, the researchers examined the types of attacks and the technical levels at which they occurred.

In 52.4% of cases, DeFi services were the target of attacks. The entry point here was almost always a technical vulnerability at the protocol level. “Hence, it is essential for stakeholders to give top priority to safeguarding their contracts and protocol designs in order to reduce external vulnerabilities,” says CSH researcher Stefan Kitzler.

In 40.7% of cases, attackers used DeFi to target users. “When this happens, over 70% of the crimes involve manipulated cryptocurrencies that have a kind of backdoor through which criminals can withdraw funds,” explains Kitzler.

SECURITY GAPS AND MARKET MANIPULATION

Knowing where an attack is most likely to occur is essential to be able to take effective countermeasures, according to the researchers. „There’s no doubt that security in the DeFi sector is improving. Nevertheless, this sector remains a prime target for motivated offenders due to numerous opportunities,” says Paquet-Clouston.

This is also due to the potential for market manipulation, and stolen funds are irretrievably lost. Therefore, even with robust security measures, the DeFi sector will remain a target, the researchers are certain. „It is crucial to understand the asymmetrical position between offenders and defenders: while defenders must secure every potential vulnerability, attackers need only find one,“ emphasizes Paquet-Clouston.

WHERE DOES THE MONEY GO?

This study shows where attacks are most likely to occur and the extent of the damage. However, tracking the money trail in the DeFi sector is currently extremely difficult. That’s why the “DeFi Trace” project is currently underway at the Complexity Science Hub, led by Bernhard Haslhofer. “Over the course of two years, we aim to develop methods to automatically trace illegal payment flows in the DeFi sector, thereby containing criminal activities,” says Haslhofer.

Project partners include the Ministry of Finance, the Ministry of Justice, the Ministry of Interior, AIT, the University of Innsbruck, FMA, OeNB, and the Central Office for Cybercrime Bavaria (ZCB). This project is funded by the Austrian Research Promotion Agency (FFG).

ABOUT THE STUDY

The study “Mapping the DeFi Crime Landscape: An Evidence-based Picture” was recently published on the preprint server ArXiv.