2022 can easily be considered the worst year when it comes to securing cryptocurrencies, as projects suffered a series of devastating hacks and exploits. According to the latest Chainalysis report shared with CryptoPotato, $3.8 billion was stolen from cryptocurrency businesses, with decentralized finance (DeFi) being the primary target.

March and October saw huge spikes, with $732.4 million and $775.7 million, respectively. The latter went on to become the biggest single month ever for crypto hacking with 32 separate attacks.

Targeting DeFi

DeFi protocols alone recorded a loss of $3.1 billion, thereby accounting for 82.1% of all cryptocurrency stolen by hackers. The figure is up from 73.3% in 2021.

Meanwhile, 64% of the losses originated from cross-chain bridge protocols specifically. In recent years, bridges have been significantly targeted for hackers since the smart contracts in operation become huge, centralized repositories of funds backing the assets that have been bridged to the new chain.

“If a bridge gets big enough, any error in its underlying smart contract code or other potential weak spot is almost sure to eventually be found and exploited by bad actors.”

North Korea-linked hackers, including cybercriminal syndicate Lazarus Group, reportedly broke their own records by stealing an estimated $1.7 billion worth of cryptocurrency across several hacks last year, out of which $1.1 billion were siphoned from DeFi protocols.

Chainalysis also pointed out that crypto hacking is a “sizeable chunk” of the country’s economy since its total exports in 2020 totaled $142 million worth of goods. It is no surprise that North Korea’s nuclear and ballistic missile programs rely heavily on revenue from stolen funds in crypto.

It was also found that the hackers linked to the East Asian country typically send much of the ill-gotten funds to other DeFi protocols because such hacks often result in cybercriminals raking in large quantities of illiquid tokens that aren’t listed at centralized exchanges. Hence, the hackers resort to other DeFi protocols, usually decentralized exchanges (DEXs), in a bid to swap for more liquid assets.

New Mixers in the Picture

Another trend noted by the blockchain analysis firm was that North Korea-linked hackers also tend to send large sums of stolen funds to coin mixers. These hackers move their funds from hacks to mixers “at a much higher rate than funds stolen by other individuals or groups.”

Tornado Cash, for one, was extensively used to launder funds by North Korea-linked hackers. However, since the OFAC sanctions, they seem to have diversified their mixer usage, a trend that was more pronounced in Q4 2022.

A relatively new custodial Bitcoin mixer called Sindbad has emerged as a vehicle to launder stolen funds, with the first wallets belonging to North Korea-linked hackers observed in December 2022. From the said period to January 2023, these entities have sent a total of 1,429.6 Bitcoin worth nearly $24.2 million to the mixer.