{"id":18771,"date":"2020-01-22T21:39:59","date_gmt":"2020-01-22T21:39:59","guid":{"rendered":"http:\/\/ci027cfe71201026c3"},"modified":"2025-01-27T20:33:38","modified_gmt":"2025-01-27T20:33:38","slug":"2019-saw-most-exchange-attacks-ever-with-hackers-becoming-more-savvy","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/culture\/2019-saw-most-exchange-attacks-ever-with-hackers-becoming-more-savvy","title":{"rendered":"2019 Saw Most Exchange Attacks Ever, With Hackers Becoming More Savvy"},"content":{"rendered":"
<\/div>
<\/figure>\n

As cryptocurrency exchanges beef up their security to defend themselves against cyberattacks, hackers are responding in kind by amping up their techniques \u2014 and the data shows that they\u2019re finding success.<\/p>\n

Cryptocurrency exchanges faced more successful attacks in 2019 than in any other year since bitcoin began trading on public exchanges in 2011, according to data compiled for a recent report<\/a> from blockchain analytics firm Chainalysis. While the 11 attacks recorded in 2019 nearly doubled those conducted in 2018, the total damage ($282.6 million stolen in cryptocurrency in 2019 versus $875.5 million in 2018) was drastically less. <\/p>\n

The total amount of funds stolen in both 2014 and 2018 \u2014 which each superseded the amount looted in 2019 \u2014 were the result of the industry-altering Mt. Gox<\/a> hack in 2014 and the half-billion dollar Coincheck<\/a> hack (from which the spoils were mostly in NEM), respectively. <\/p>\n

Excluding these two hacks, 2019 was actually the worst year for the total amount of assets seized through hacks or similar attacks, such as phishing. However, the average number of assets stolen per hack decreased last year from 2018. This damage was partly mitigated, Chainalysis points out, by enhanced security measures and more appropriate custody practices; more exchanges, for instance, are storing fewer funds in hot wallets than they did in previous years.<\/p>\n

\u201cOnly 54% of the hacks we observed in 2019 took in more than $10 million, compared with all hacks in 2018,\u201d Chainalysis\u2019 blog post reads. \u201cWhile the increase in the number of individual hacks should be concerning, the data indicates that exchanges have gotten better at limiting the damage any one hacker can do.\u201d<\/p>\n

Cryptocurrency Exchange Hackers Improve Tactics<\/h2>\n

Still, as exchanges improve their defenses, hackers are improving their offensive strategies as well.<\/p>\n

During a $40 million hack of the cryptocurrency exchange Binance in 2019<\/a>, for instance, the attackers used a combination of malware and phishing to bypass security and override the multisignature key signing that is required for withdrawals.<\/p>\n

In this war of data, as evidenced by the hard numbers Chainalysis\u2019 research has produced, blockchain analysis is also becoming more sophisticated as attacks become more complex. And yet again, malicious actors have responded to the intensified scrutiny with greater agency to obscure funds. <\/p>\n

Specifically, they are using CoinJoin and mixers<\/a> (which were practically never used prior to 2019, in part because reliable joining markets didn\u2019t manifest until late 2018) to muddy the trail \u2014 to little avail, though, as Chainalysis can still trace funds with relative certainty. <\/p>\n

In fact, to ensure that its methods aren\u2019t exposed, \u201c[they] have to be very careful when publishing research so [they] don\u2019t give [hackers] a blueprint,\u201d Chainalysis economist Kim Grauer told Bitcoin Magazine. <\/em>\u201cTo what extent are we allowing criminals to know what we\u2019re capable of so that they can adapt their strategy accordingly?\u201d<\/p>\n

She added that \u201cthere\u2019s reason for us to believe that they know what we\u2019re capable of doing,\u201d referring to the newfound urgency of hacking syndicates to not only mix coins but move them to exchanges for liquidation. Before 2019, it was not uncommon for the infamous North Korean Lazarus Group<\/a>, for instance, to wait 500 days before moving funds. But last year it spared less time, often moving them in under two months post-hack to liquidate them on exchanges with relatively loose KYC requirements.<\/p>\n

While Chainalysis believes that Lazarus is behind more attacks, Chainalysis has only published data on its $7 million DragonEx hack \u2014 as stated before, it doesn\u2019t want to expose its hand on the other hacks that it believes Lazarus is involved in for fear of giving it a chance to circumvent surveillance. <\/p>\n

Cashing Out <\/h2>\n

While unable to speak directly about the Lazarus Group, who is believed to have been involved in numerous exchange hacks to help North Korea fund its nuclear program, Grauer said that \u201cTether is a big part of\u201d cashing out for most other syndicates. In other cases, the criminals are looking to convert altcoins to bitcoin. <\/p>\n

These on- and off-ramps are proving to be the last line of defense in the war against cybercrime. Indeed, Chainalysis and law enforcement can\u2019t control what happens after funds are stolen, but with cooperation from exchanges, it can stanch the flow of funds through these exit points. <\/p>\n

These incidents are \u201calready very much on the radar\u201d of law enforcement, Grauer said, citing active investigations into 2019 hacks. Now, Chainalysis hopes exchanges will adopt its know-your-transaction (KYT) tools to keep tabs on stolen funds and to flag high-volume transfers directly from mixers \u2014 a tell that these funds may have come from illicit seizure.<\/p>\n

With some 50 percent of funds stolen in 2019 still waiting to be liquidated, according to Chainalysis data, these KYT measures, which Binance alone is currently employing, could help officials find funds after the fact. But it will be up to law enforcement agencies to track down and book the culprits because, as Grauer reminded us, blockchain analysis is just one of the weapons in their arsenals.<\/p>\n","protected":false},"excerpt":{"rendered":"

According to Chainalysis, 2019 saw a rise in cryptocurrency exchange attacks, with hackers getting better at dodging security and obscuring loot.<\/p>\n","protected":false},"author":2566,"featured_media":3761,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[857,2535,2606,3219],"class_list":{"0":"post-18771","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-culture","8":"tag-chainalysis","9":"tag-hackers","10":"tag-hacks","11":"tag-lazarus-group"},"author_data":{"id":2566,"name":"Colin Harper","nicename":"colin-harper","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/12\/MjEwMTYzMzc3Njg5ODYzNjQ2-96x96.webp"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/2019-had-most-cryptocurrency-exchange-attacks-ever.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/18771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/2566"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=18771"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/18771\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/3761"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=18771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=18771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=18771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}