BlocksInform
The volume of crime-related transactions rose for the second consecutive year, hitting an all-time high of $20.6 billion, blockchain analytics firm Chainalysis says in its new Crypto Crime Report. Read also: gang ransomware extorted 725 BTC in a single attack, detectives at the chain find.
Thieves, hackers, exploiters
2022 became the biggest year for crypto thieves. A chain analysis shows that approximately $3.8 billion, more than any other year, was stolen from various departments and protocols, including $775.7 million in October alone. At the same time, total revenue of scammers and ransomware hackers declined, the report says.
82.1% of all the stolen funds were taken from DeFi protocols, especially cross-chain bridges – protocols allowing users to trade assets between two different blockchains. Bridges are an attractive target for pirates, as smart deals are actually getting huge, centralized cash deposits supporting the assets that have been integrated into the new chain—you can hardly think of a more desirable honeycomb," the report states.
A growing trend in challenge hacks is the use of oracle, when an attacker compromises the mechanisms that make it possible for a decentralized protocol to obtain a price for the traded assets, and creates favourable conditions for rapid and highly cost-effective exchanges, chainalysis says. The report says that in 2022, challenge protocols lost $386.2 million in 41 oracle-handling attacks.
One example of this is a Mango Markets exploit, for which the alleged attacker, Avraham Eisenberg, was arrested and now is facing commodity manipulation charges in U.S. court.
The report found that in 2022, challenge protocols lost $386.2 million in 41 oracle manipulation attacks. Most of this money was sent to decentralized exchanges and multiple blenders: cash tornado, and, after closing the blender, to sinbad. Sinbad may have been started by the same team who ran blender, intel business elliptical blockchain earlier.
Sinbad may have been started by the same team who ran Blender, intel company Elliptic blockchain earlier.
Also read: Blender sanctioned mixer re-released like Sinbad, Elliptical says.
A large part of these illicit money flows are funds received by the sanctioned guarantor entity, which is likely just "Russian users using a Russian exchange," chain analysis said.
In 2022, the U.S. sanctioned Russian darknet marketplace , exchange Garantex, crypto mixers Tornado Cash. In 2022, the United States sanctioned darknet Russian market, swap guarantex, crypto cash tornado blenders.
Not all the money these sanctioned services processed were of criminal origins: only 6.1% of the funds garantex received came from illicit sources (still 20 times more than centralized exchanges in average), and for the hurricane money, the number is thirty-four percent, It's a chain analysis.
The sanctions have seriously hampered the flow of funds to tornado species. The U.S. Office of Foreign Assets Control (OFAC) sanctioned mixers Tornado Cash last year because both services had been actively used by the North Korean hacker group Lazarus.
The penalties have severely reduced the flow of funds to Tornado Cash.
Garantex remained as active as it used to be, and saw even more funds from known scams and darknet stores, Chainalysis said. The centralized exchanges, despite the intensified attention of law enforcement agencies around the world over the past few years, remain the major receivers of criminal funds, Chainalysis said.
Read more: Ransomware Variants Money-laundering trends
The crypto infrastructure remains open to ransomware pirates, as they usually send extorted money to centralized crypto exchanges, Chainlaysis said.
Continue Reading: Variations of ransomware.
Are up, but overall earnings are down: Chain Analysis. Unlike the most infamous ransomware groups like Conti, attacking large organizations for big ransoms, Deadbolt operators chose to target small businesses and individuals and over 2022, received over $2.3 million from around 4,923 victims, who in average paid about $476 each.
The report focuses on a specific case of a ransomware strain, the lock, that was in operation in 2022.
This mechanism helped the Dutch Royal Police, which investigated the group, to get decryption keys for a dozen of victims without them parting with their money: The police sent payout transactions to the hackers but as soon as they received the key they reverted the payouts using the replace-by-fee mechanism.
One, another transaction would be auto-triggered, resend a meagre amount of bitcoin (about $1) with the decryption key written in the transaction data return field.
Read also: Ransomware Gang Extorted 725 BTC in One Attack, On-Chain Sleuths Find
