Crypto & DeFi Hacks, Fraud & Scams

Our newest report, Crypto & DeFi Hacks, Fraud & Scams, reveals the latest hacks, frauds, and scams data for 2022 showing that $4,174bn worth of cryptocurrencies was stolen in 199 incidents. And in 2023 we have already seen $119m stolen in 18 incidents. The report also uncovers the most popular types of frauds and illicit activities within the digital assets sector since 2011.  

Here are the essential highlights: 

1. Approximately $16.7bn worth of cryptocurrencies has been stolen since 2011 

So far, $4.5+ billion has been stolen through security breaches (135 security attacks), $7.5+ billion has been stolen through scams (95 fraudulent schemes), and $4,81+ billion through DeFi hacks (231 attacks) since 2011, resulting in the theft of approximately USD $16.7 billion worth of cryptocurrency assets. 

According to our research, the predominant types of attacks up to 2021 were CEX security breaches. In 2021, the trend moved towards DEX and DeFi breaches which continued into 2022.  

The largest hack to date happened in late March 2022, when Ronin Network, an Ethereum sidechain built for the play-to-earn NFT game Axie Infinity, was hacked for over 173,600 ETH and 25.5 million USD Coin for a combined value of over USD $600 million. Most of the funds moved to the Tornado Cash mixing service.  

To date, one of the biggest security breaches happened in November of 2022, involving $600 million in ETH, BSC, ERC20 funds that were drained out of the collapsing crypto exchange FTX. 

2. US top of the charts with highest number of reported incidents 

The US takes first place for the number of reported incidents against its entities, having been targeted by bad actors 14 times.  

In terms of value, however, China is on top by a wide margin, and this is primarily due to the PlusToken Ponzi scheme (2019) which defrauded investors out of USD $2.25 billion, and the WoToken scam (2020) that was connected to the PlusToken scheme which saw investors lose more than USD $1 billion. 

3. Nearly 40% of all stolen funds were distributed via fraudulent exchanges since 2011 

Over a third, or 39%, of all stolen funds (in BTC) were distributed via fraudulent exchanges – that is, exchanges defined as having been involved in exit scams, illegal behavior, or having their funds seized by the government.  

In most fraud cases, the culprits tried to withdraw the stolen funds from exchanges with weak KYC controls – such entities may only require an email and phone number for customer interaction. 67.92% of funds were then moved to exchanges that could provide services without additional questions. 

The full report is available at the following link. 

Crystal’s investigation team provides comprehensive cryptocurrency analysis and investigates crypto fund flows. Our detailed reports offer deep insights into financial crimes for our partners including financial institutions and government agencies. 

• We help identify and track illicit activities, like ransomware payments and show attribution. 
• We link pseudonymous blockchain transactions to real-world organizations, including exchanges and mixer services, and reveal the real-world names of those entities in a user-friendly format. 
• We provide evidence for the legal pursuance of charges and law enforcement action. 

To discover how Crystal can help you trace illicit flows of funds, contact us here.