Since the starting of 2011, over $7.6 Bln worth of cryptocurrencies have been already stolen, consistent with a new report from Amsterdam-based blockchain analytics firm Crystal Blockchain. The entire figure breaks down into two sadly predictable buckets – hacks and scams.
The report revealed that $2.8 Bln was stolen through security breaches, the foremost popular breach being via a cryptocurrency exchange’s security systems. In total, the firm documented 113 security breaches; the most important of those was the Coincheck breach in 2018, which saw hackers make off with over $535 Mln worth of NEM coins.
The U.S., Japan, the U.K., China, and South Korea experienced the foremost exchange security breaches. The United States cryptocurrencies services were targeted 13 times, topping the list.
Another $4.8 Bln was stolen through scams, with Crystal Blockchain identifying 23 prominent fraud schemes.
“We deemed $7.6 Bln as the total amount for all the years combined in one sum. Basically a cumulative sum for the last 10 years,” said Kyrylo Chykhradze, a product director of Crystal Blockchain.
In terms of the worth stolen, China led the pack far away. The report attributed its ranking mainly to the 2019 PlusToken Ponzi scheme [$2.9 Bln] alongside the 2020 WoToken scam [$1 Bln] that was connected to the PlusToken.
The majority of cryptocurrency exchanges that were hacked had insufficient security and low-level verification for withdrawals, like just an email or telephone number.
In the case of Coincheck, for instance, the firm kept most of its assets within a wallet linked to other external networks. It also lacked multi-signature security entirely, which might have required multiple key holders to log off before funds were shifted.
Chykhradze added that most reason for vulnerabilities within the tech is that the industry continues to evolve at a really fast pace, and more and more entities are appearing on the market with inadequate and “neglected” internal security policies.
“Their security policies are neglected because these new services cannot [financially] afford to pay the max amount attention to such security issues, whereas well-established entities are within a much better position to make sure and prioritize security,” he added. “This leads to newer services becoming cherry-picking opportunities for bad actors who can spot those vulnerabilities.”