Cryptocurrency has been a disruptive force in the economic and business landscape over the past decade. Its popularity has soared thanks to its ability to make transactions anonymously and the potential for massive returns on investment, but it’s not without problems.
The crypto market has enabled cybercrime to thrive, as scammers cash in on weak security and a lack of government oversight.
Some of the world’s biggest platforms, such as Ethereum and Bitcoin, have been embroiled in crypto scams, with fraudsters using a variety of techniques to steal $3.8 billion in cryptocurrency in 2022 alone.
In this article, we look at more cryptocurrency theft statistics, explain how thefts occur, dig into the biggest heists of all time, and offer some tips for protecting users as they navigate the world of crypto.
What is cryptocurrency theft?
Cryptocurrency theft refers to the illegal access to, or use of, another individual’s cryptocurrency assets. This can happen by hacking into someone’s digital wallet, tricking them into revealing their credentials, or scamming them into a fraudulent transaction.
One of the most common crypto hacks occurs when a crook infects someone’s device with a keylogger. This is a form of malware that captures information as it’s typed, giving the hacker information about the target’s account, such as their password or private keys.
Another common technique for cryptocurrency theft is phishing. This is a form of social engineering in which a fraudster manipulates someone into downloading a malicious file or handing over sensitive information.
Phishing attacks work because the fraudster impersonates a trusted organization or person, making their request appear legitimate.
For instance, a fraudster might send an email that looks as though it’s from a crypto exchange platform asking an individual to log in to their account. However, when the user follows the attached link, they are directed to a website controlled by the crook with the goal of stealing their credentials.
Challenges to preventing cryptocurrency theft
The methods that cyber criminals use to commit cryptocurrency theft are well known. But despite a growing public awareness of online fraud, there are several risks inherent to crypto platforms that make it vulnerable to cyber crime.
Digital wallet vulnerabilities
Like the wallet you might keep in your pocket or purse, a digital wallet is a location where you keep your cryptocurrency.
However, instead of coins and notes, cryptocurrency is stored as a digital file, with bits of data representing monetary value. Ownership of that data is logged on a blockchain, but it can be hard to track the flow of these assets, in much the same way as it’s hard to know where your physical cash came from.
This means there’s little anyone can do if they discover that a criminal hacker has stolen from their digital wallet.
Decentralized crypto exchanges
One of the main benefits of cryptocurrency, according to its advocates, is that the system is decentralized.
This means it operates on a distributed network of computers with no single owner, as opposed to traditional banks, which are managed by a central authority and its intermediaries.
A decentralized system increases privacy, transparency, and censorship resistance, but it means there is no one to be held accountable when things go wrong.
This creates many problems. For instance, there is no authority to handle disputes or negotiate conflicts between users, which can make it difficult for users to resolve disputed transactions or identity theft.
Another problem is that users are responsible for their own security practices. Whereas a bank might be able to recoup your funds if you were the victim of a scam, crypto platforms have no such obligation.
Few government regulations
Because cryptocurrency platforms are not regulated by a central authority, they are subject to fewer government regulations.
Although some people view this as a positive, it also means there aren’t as many rules for securing systems from unauthorized access or protecting users in the event of a security breach.
For example, compared to a bank, cryptocurrency platforms might have less rigorous systems for password management, two-factor authentication, and data encryption.
They might also lack the same level of fraud mitigation tactics, physical security measures, and Know Your Customer (KYC) processes.
Cryptocurrency theft statistics you need to know
1. Cyber criminals stole a record $3.8 billion in cryptocurrency in 2022, according to a report from the blockchain analysis firm Chainalysis. It represents a 15% increase over the previous year ($3.3 billion).
2. As reported by CNBC, the value of Bitcoin fell by more than 60% in 2022, and 60% of surveyed Americans now consider digital currency investments “highly risky,” up from 45% the year before.
3. There were 198 reported crypto thefts in 2022, according to research from Comparitech. This represents a 45% increase compared to 2021 (136).
4. North Korean hackers are responsible for the majority of crypto thefts, with crooks linked to the country stealing an estimated $1.7 billion in cryptocurrency in 2022.
5. There were 57 cryptocurrency thefts in the first quarter of 2023. At this rate, there may be a record 228 incidents in the year.
6. October 2022 was “the biggest single biggest month ever for cryptocurrency hacking,” with 32 attacks and more than $775 million lost.
7. In November 2022, the cryptocurrency exchange FTX spiraled into bankruptcy, creating a wave of crypto crime. Its users were subjected to a scam offering a refund, $415 million of crypto was stolen in a series of cyber attacks, and another $3.1 billion was wiped from the market.
8. Three of the five biggest crypto heists of all time were on exchange platforms. The largest of these was a cyber attack at Binance, in which $570 million was stolen.
9. DeFi protocols were the most common target for crypto hackers in both 2021 and 2022. They accounted for 82.1% of all attacks in 2022, up from 73.3% the year before.
10. The ten biggest crypto scams of 2022 were all fake investment opportunities. The most successful of these was Hyperverse, which attracted almost $1.3 billion in bogus revenue.
Biggest cryptocurrency heists of all time
Compared to other forms of cybercrime, crypto heists can result in massive financial gains for hackers. Here are the five biggest cryptocurrency heists of all time:
5. Mt. Gox ($470 million stolen)
In February 2014, Mt. Gox, one of the world's largest bitcoin exchanges, suffered a cyber attack resulting in the loss of 100,000 bitcoins from the exchange and 750,000 bitcoins from customers.
The stolen bitcoins were worth $470 million at the time, but would be worth around $4.7 billion today.
Mt. Gox went into liquidation shortly after the hack, and approximately 200,000 of the stolen bitcoins were recovered by liquidators. This was the first large-scale hack on an exchange and remains the largest theft of bitcoins.
4. Coincheck ($534 million stolen)
In January 2018, criminal hackers stole 500 million NEM tokens, which were worth roughly the same amount in US dollars, from the bitcoin wallet and exchange platform Coincheck.
The Japanese-based firm said that its security system was robust and refused to disclose how the attack had occurred. Reports later emerged, speculating that the attackers used malware to capture the private keys of Coincheck hot wallets.
The thieves subsequently created their own website selling NEM tokens for bitcoin and other cryptocurrencies at a 15% discount. As a result, the NEM exchange rate fell sharply, and Coincheck was forced to suspend operations and compensate clients for their lost funds.
3. Binance ($570 million stolen)
In October 2022, criminal hackers stole two billion BNB tokens worth $570 million from Binance’s cross-chain bridge.
This is a technology that allows users to transfer cryptocurrency and other digital assets between different blockchain networks. However, the crooks were able to compromise this protocol and siphon off funds for themselves.
Once Binance discovered the compromise, it was able to freeze some of the tokens, but around $110 million worth were unrecoverable.
2. Poly Network ($610 million)
In August 2021, a criminal hacker exploited a vulnerability in the Poly Network and captured $610 million in various cryptocurrencies.
With no way to refund affected customers, the Poly Network community, which provides a protocol for blockchain interoperability, took to Twitter and urged the anonymous criminal to return the stolen funds.
Shockingly, this worked. The crook confessed that he wasn’t interested in money and had carried out the attack for “ideological reasons.” He later divided the tokens into several parts and returned almost all of them.
As a mark of its gratitude, the Poly Network dropped its claims against the attacker, guaranteeing his anonymity, offered him a $500,000 reward, and invited him to become the group’s chief security consultant.
1. Ronin Network ($620 million stolen)
In March 2022, Ronin Network disclosed that it had fallen victim to a social engineering scam in which a senior engineer had downloaded a PDF file containing spyware.
This gave the attacker control of four of the network’s private validator keys, which helped them steal more than 173,000 Ethereum, worth $595 million at the time, plus another $25.5 million from a bank account.
Ronin Network, a blockchain platform created by Sky Mavis for the online game Axie Infinity, said that its DAO validator nodes had been compromised and the funds had been drained in two transactions.
The US Treasury Department later attributed the attack to North Korea’s Lazarus group. Meanwhile, the Ronin Network relaunched three months later and began compensating those affected.
Preventing cryptocurrency theft using KYC
Although the biggest crypto heists of all time targeted major organizations, some of the biggest security risks associated with cryptocurrency affect individuals and small businesses.
No one who uses crypto is immune from scams. Many platforms have bolstered their security protocols in recent years, but one of the most important steps to take is to implement KYC (Know Your Customer) processes.
KYC is a regulatory requirement for financial institutions, such as banks and brokerage firms, to verify the identity of clients. It’s a critical part of AML (anti-money laundering) efforts, designed to prevent the misuse of financial systems and fraud.
By implementing KYC procedures, which involve ensuring users are who they claim to be, cryptocurrency exchanges and platforms can reduce the risk of cyber crime. This means you can track and monitor suspicious users and identify anyone who attempts to commit fraud.
The threat of detection will dissuade most scammers from acting, but even if they do persist, you will be able to track them down and recover your losses.
Persona works with some of the world’s leading cryptocurrency platforms, including Newton, a fast-growing crypto exchange that serves hundreds of thousands of Canadians, and nWay, a game developer, publisher, and marketplace for NFTs. If you’re interested in learning how Persona can help you fight cryptocurrency theft through fast, secure KYC, get in touch.