Law Enforcement, Regulatory Action in US Likely Led to 70% Drop in Hacks
Law enforcement and regulatory action over the past year in the United States most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022.
Hackers siphoned off $400 million worth of cryptocurrency in 40 hacks in the first three months of 2023, TRM Labs said. The amount of stolen funds in Q1 2023 is 70% lower and the average hack size down to $10.5 million from $30 million year-over-year.
In comparison, hackers stole $4 billion in 2022.
Hackers “extensively” used the cryptocurrency mixer to launder virtual currency worth $7 billion since Tornado Cash launched in 2019. Tornado Cash’s popular clientele included North Korea-linked Lazarus Group, which used the service to obfuscate the flow of funds stolen from the $600 million Axie Infinity hack and $100 million Harmony bridge attack.
“The use of sanctions by the U.S. government against crypto targets may have raised the potential costs of carrying out such attacks and made it more difficult to launder the proceeds,” TRM Labs said.
Mango Markets hacker Eisenberg negotiated with the decentralized finance platform to return a portion of the $116 million he stole if the exchange did not pursue legal action against him – a popular tactic among cryptocurrency hackers in 2022. But in December, two months after the attack, U.S. authorities arrested Eisenberg. The SEC charged him with violating anti-fraud and market manipulation provisions of securities laws, and Mango Markets sued him for $47 million in damages. “Avraham’s prosecution may have signaled to would-be attackers that even an agreement from the victim not to pursue legal action may not confer protection,” TRM Labs said.
Recovery of Stolen Funds
Victims of crypto hacks have recovered over half of the funds stolen in Q1, TRM Labs said. Several such instances involved the hacker stealing funds and negotiating with the hacked company for a “white hat bounty” and a promise that they would not be prosecuted for their crime. Companies paying the bounty included Horizon, Poly Network, Euler Finance, Sentiment, Allbridge and Fei Protocol.
There could be a number of factors behind this trend, Ari Redbord, head of legal and government affairs at TRM Labs, told Information Security Media Group. Wider implementation of AML standards makes it harder for malicious hackers to off-ramp stolen funds, and widespread tracing and tracking of stolen funds by law enforcement and Twitter sleuths using open-source tools are major reasons.
“After a hack, the world is literally watching, which makes it harder to move and off-ramp funds,” Redbord said.
The growth of “white hat” hackers could play a critical role in the ecosystem as it grows, he said. “Right now, many DeFi services lack truly hardened cyber controls, and white hat hackers could help build that. The bounties being offered are essentially their compensation,” he said.
Respite Unlikely to Last
The implementation of anti-money laundering standards by virtual asset service providers, increased efforts by law enforcement and regulators to go after bad actors, and the growing sophistication of blockchain intelligence tools may have contributed to the decline in hacks. But the trend is unlikely to last.
This slowdown, TRM Labs said, is “most likely a temporary reprieve rather than a long-term trend.”
A “few” large-scale attacks can cause a dramatic change in the total amount stolen. Just 10 hacks in 2022 accounted for 75% of the total amount stolen in the year, TRM Labs said. Individual quarter numbers also offer “poor predictions” for a yearlong trend, the firm said. The Q1 2023 numbers mirror those of Q3 2022. Hacks in Q4 2022 turned 2022 into a record year for crypto hacking.
“It is hard to say if the downward trend will last. One or two large Ronin-style attacks and we are back to 2022 numbers,” said Redbord, who also serves as an ISMG contributor.
But law enforcement agencies are leveraging the traceability and immutability of blockchain to track criminal transactions and add more friction into the laundering process, he said. “As the tools and training get better and more widespread, this is a trend likely to continue.”