NEW YORK—While 2022 has been a typical roller-coaster year for cryptocurrency investors, it's shaping up to be exceptional for one group of virtual money enthusiasts: thieves.
Criminals have already stolen more than $1 billion in crypto this year, according to CBS News.
Attacks on Crypto.com in January, Wormhole in February and Ronin Network in April each resulted in multimillion-dollar losses. Cybersecurity experts told CBS the hackers often target decentralized finance, or DeFi, platforms with weak security. DeFi services are typically built on public blockchains, allowing users to exchange crypto back and forth without the need for an established financial institution like a bank or credit union.
"We should expect these types of [sophisticated] attacks to continue to increase, as more and more criminal organizations build DeFi-hacking skills in-house," Mitchell Amador, CEO at cybersecurity auditing firm Immunefi, told Yahoo Finance earlier this month. "Furthermore, as DeFi gets bigger and bigger, these kinds of attacks become more and more lucrative."
Even Thieves Pay Fees
The most recent attack involved an unknown hacker who stole $182 million from Beanstalk Farms — the fourth-largest hack on a DeFi service to date. PeckShield, a blockchain security company in China, said thieves used a "flash loan" to exploit security weaknesses in Beanstalk.
A flash loan is an unsecured loan that bypasses the need for collateral from the borrower by using smart contracts requiring repayment by the end of a transaction — usually within seconds or minutes, CBS News said.
A large portion of the $182 million that was drained went toward fees on exchange platforms, such as Uniswap and Aave, used to carry out the attack. In the end, the culprit took home 24,830 in ether and 36 million BEAN tokens, according to the report. Beanstalk officials said in a blog post that the hackers made out with roughly $76 million of users' crypto holdings.