2018 was a tough year for everyone involved in the cryptocurrency space as the market retraced from an overall cap of around $800 billion in January to $130 billion at the end of December. In addition, close to $1 billion worth of cryptocurrencies were also lost over the year to malicious entities as hackers continued to step up their game.
Hackers Target Exchanges
Cryptocurrency intelligence firm CipherTrace released a number of reports over the year, and their Q3 Cryptocurrency Anti-Money Laundering report outlines that approximately $927 million worth of thefts had already hit the community by the third quarter of the year. This figure represents 3.5 times the expected amount of cryptocurrencies stolen over the previous year as around $266 million was lost in 2017. By comparison, $152 million was lost to hackers in 2016, and it’s now estimated that the final total amounts to well over $1 billion for 2018.
There were in fact more thefts during the first half of 2018 than over the whole of 2017, and close to $731 million worth of cryptocurrencies were stolen from exchanges alone. The most high profile theft of the year involved the Japanese Coincheck exchange, which was targeted by hackers and lost $530 million worth of tokens. Some other notable breaches include Italy’s BitGrail which lost $195 million, Japan’s Zaif which lost around $60 million, and South Korea’s Coinrail which lost over $40 million, as well as Bithumb which lost over $30 million.
In addition, the decentralized exchange protocol Bancor experienced a hack in July that led to $23.5 million damages as hackers got away with $12.5 million in ETH, as well as $11 million worth of BNT and NPXS. Hackers were also able to exploit vulnerabilities in Geth and steal more than $20 million worth of ETH by targeting insecurely configured clients. Geth is a popular client for running Ethereum nodes; however, thieves were able to remotely access the Ethereum blockchain and node functionalities, including the ability to send transactions from any account which had been unlocked before. Victims of the attackers had opened their JSON RPC port 8545 to the outside world, and once unlocked, the port stays open for the entire session, thus allowing hackers to breach their wallets.
While the report also outlins the Bitcoin Gold 51% attack that saw thieves get away with over $18 million worth of digital currency, the CoinHoarder phishing thefts, currently estimated at $50 million, were excluded from the report. However, CipherTrace will include the figures in their 2018 annual report once they can be confirmed.
The US Under Attack
The United States was the most targeted country, with approximately 56% of all attacks taking place against platforms or users in the States. Other key takeaways include that 97% of direct criminal Bitcoin payments are sent to unregulated exchanges, and that 380,000 Bitcoin ($2.5 billion worth) are being laundered by these exchanges. The team at CipherTrace also found that 36 times more tainted Bitcoins are received by cryptocurrency exchanges based in countries where Anti Money Laundering (AML) is either weak or not enforced. They also state that new cryptocurrency crime threats continue to emerge, including highly targeted mass cyber extortion, SIM swapping, and advanced cyber attacks on exchange personnel.
However, they also outline that opportunities to launder cryptocurrencies will be greatly reduced throughout 2019 and 2020 if cryptocurrency AML regulations are successfully enacted and enforced globally. Dave Jevans, CEO of CipherTrace, elaborated in a press release:
“Different geographies are competing on regulations and trying to become ‘trusted’ digital currency hubs in order to grow their economies. We will see the opportunities to launder cryptocurrencies greatly reduced in the coming 18 months as cryptocurrency AML regulations are rolled out globally.”
As a result,
criminals will need to quickly launder their stolen tokens before the stronger AML
controls are deployed over 2019 and governments around the world begin to come
up with unified measures to curb the thefts.
The report highlights the importance of correct storage and the benefits of using cryptocurrency hardware wallets. It also mentions Binance announcing a user safety fund called “Secure Asset Fund For Users” (SAFU) earlier in the year. The team announced that from July 2018, 10% of all trading fees received would be allocated to SAFU to guarantee users protection against extreme irregularities. In addition, 2018 has seen the rise of regulatory compliant stablecoins such as Gemini’s Dollar (GUSD) or Circle’s USDC, that provide traders with increased protection from malicious actors and any possible financial irregularities.