Crypto Aware has found that over $1.7 billion-worth of cryptocurrencies were lost to hacks and scams between 2011 and 2018. $670 million-worth of which were lost over the last three months.
The most notable recent hack was against Coincheck, with a reported loss of 500 million NEM, equivalent of $530 million. This means that the Coincheck hack was worth close to a fourth of all cryptocurrency theft by value from 2011 to 2018.
“Cryptocurrency is receiving more and more validation as a means of value transfer, with top coins reaching historically high prices toward the end of last year,” says Anna Wu, Crypto Aware founder. “This attracted a lot of new, unseasoned investors who are not well versed in terms of online security and who are identified as easy targets by scammers.”
The new trend of initial coin offerings (ICOs) and the bullish momentum of Bitcoin allowed the cryptocurrency market to grow tenfold in a period of a year, from $27 billion in April 2017 to over $270 billion in April 2018. The market cap has gone as high as $823 billion in early 2018 and the spike in incidents is correlated with the huge growth of the market seen over the year.
“Cryptocurrency frauds, scams, and hacks tend to rise every time there is considerable upward momentum in pricing for cryptocurrency market, so be extra cautious when the market is bullish,” Wu added.
This volatile and unregulated market becomes even more vulnerable as many investors store their digital assets centrally on exchanges, which make them an easy target for hackers. Cold storage and decentralized exchanges are growing in popularity as safer methods.
“These figures expose two things – first, the truly devastating scale of cyber attacks on the cryptocurrency market with losses now well into the billions of dollars; and that the rate of crime and fraud is rapidly increasing. The dramatic rise of the cryptocurrency market in 2017 has made a lot of serious investors and institutions sit up and take notice, with more money coming into the market than ever before. But, sure enough, cyber criminals have sniffed the blood in the water as well.
“Every player in cryptocurrency, from the largest exchanges to the most humble ICOs should take these findings as a giant warning sign to look internally at their own security. ICOs, in particular, should not consider themselves an unlikely target. The reality is that, the second a company goes public with an intention to do an ICO, it is waving a huge flag to cyber criminals that it is both valuable and also in a very vulnerable phase of its company growth,” comments Leigh-Anne Galloway, Cyber Security Resilience Lead at ICO security company Positive.com.
“There are still some very basic practices that most ICOs could do to improve their security posture. Firstly, it is absolutely vital that the underlying code of the smart contract is purged of any vulnerabilities through development – once this goes live it cannot be changed. Secondly, organisations must ensure that the web applications their ICO use are being monitored and protected in real time – all the security of the blockchain means nothing if a hacker can misdirect funds from the web page.
“Finally, there is the human factor. This is the hardest thing to secure, but ICOs have a responsibility to do everything within their power to stop investors being tricked by phishing attacks. This means educating investors on the risks and warning signs and communicate as effectively as possible on official channels, to avoid investors being duped.”
With a total of $670 million stolen already, 2018 is on track to becoming the worst year of crypto losses in terms of assets stolen.