Cryptocurrency Theft 2023: Social Engineering and Cybersecurity

In 2023, cryptocurrency theft is on the rise, with a significant portion of cases attributed to social engineering tactics. These tactics often involve tricking victims into divulging sensitive information or transferring funds to the wrong address.

Phishing emails and messages are a common way to initiate these attacks, with scammers using convincing narratives to gain the victim's trust. In one notable case, a scammer posed as a cryptocurrency exchange representative, convincing the victim to transfer their funds to a fake wallet.

Social engineering attacks can be devastating, with victims losing significant amounts of money. According to reports, the average loss per victim in 2023 was over $10,000.

Crypto hacks continued to plague the industry in 2023, with a total of $1.7 billion stolen from exchanges and other platforms. This is a significant decrease from 2022's record-breaking $3.8 billion.

Decentralized finance (DeFi) protocols were the main target of hackers, accounting for more than 80% of all cryptocurrency stolen for the year. These protocols are used to replace traditional financial institutions with software that allows users to transact directly with each other via the blockchain.

One notable hack in 2023 was the Mixin Network, a peer-to-peer, cross-chain network that facilitates cryptocurrency transfers. Thieves made off with about $200 million worth of bitcoin (BTC), ether (ETH), and tether (USDT) in September 2023.

North Korea was a key driver of the surge in thefts, with hackers linked to the country stealing an estimated $1.7 billion worth of cryptocurrency through various hacks in 2022. This figure is up from $429 million in the prior year.

Here are some notable hacks in 2023:

Notable hacks in 2023 included a record-breaking $477 million stolen from FTX, a cryptocurrency exchange that declared bankruptcy in November 2022. This was not an isolated incident, as hackers also targeted other platforms, such as Euler Finance, where they stole $197 million in a flash loan attack.

Here are some notable hacks from 2023:

These hacks highlight the importance of security measures in the cryptocurrency space, as even well-established platforms can be vulnerable to attacks.

BonqDAO suffered a hack that resulted in losses of around $120 million. This is a significant amount, but there have been even bigger hacks in the past.

Poloniex was hacked, resulting in losses of approximately $132 million. This is a staggering amount, and it's a reminder that even well-established exchanges are not immune to hacking.

Atomic Wallet Users lost around $100 million in a hack, which is a devastating blow to the community. It's essential to keep your wallets and accounts secure to avoid such losses.

HTX Exchange Heco Bridge was also hacked, resulting in losses of around $100 million. This highlights the importance of robust security measures in the cryptocurrency space.

Curve was hacked, resulting in losses of approximately $70 million. This is a significant amount, and it serves as a reminder to be cautious when using DeFi protocols.

CoinEx was hacked, resulting in losses of around $54 million. This is a notable hack, and it's essential to learn from the mistakes of others to avoid similar incidents.

KyberSwap was hacked, resulting in losses of approximately $56 million. This is a significant amount, and it's a reminder to always prioritize security in the cryptocurrency space.

Stake.com was hacked, resulting in losses of around $41 million. This is a notable hack, and it's essential to keep your accounts and wallets secure to avoid similar losses.

Orbit Chain was hacked, resulting in losses of approximately $81.5 million. This is a significant amount, and it highlights the importance of robust security measures in the cryptocurrency space.

Here's a list of some notable hacks:

Social engineering is a significant factor in crypto heists, often starting with a form of social engineering where hackers troll social media platforms to find potential victims.

Hackers use AI and ML to create well-crafted emails, text, and deepfake voicemails that impersonate someone within the target's inner circle, making social engineering extremely effective in cryptocurrency.

Most crypto players use anonymous names and operate within the dark web or underground digital communities, making it easy for hackers to compromise them if they can impersonate someone the victim knows or trusts.

The Lam Serrano case is a prime example of social engineering in crypto heists, where hackers targeted someone considered a high-level player in the Bitcoin world through social media posts.

Hackers used well-crafted communications, posing as Google and Gemini support engineers, to gain access to a cloud drive containing the victim's secret keys to their digital wallets.

Crypto social circles are smaller than regular social media groups, but ego plays a huge role, with players flaunting their wealth and less successful traders being more open to becoming victims of fraud.

Hackers troll crypto social circles, looking for victims who follow the major players, and then approach them with the ideal crypto investment guaranteed to make them the top trader in their social world.

A crypto heist is essentially a cybersecurity attack that targets blockchain infrastructures, looking for vulnerabilities to exploit.

Hackers will attempt to hack into ledgers and mobile devices housing crypto wallets, trying to hijack the mining process.

Like business email compromise and corporate officer impersonations, hackers use social engineering and email phishing to coerce victims into disclosing their secret keys to crypto wallets.

A crypto heist is essentially a cybersecurity attack on blockchain infrastructures. Hackers target vulnerabilities within these systems, as well as mobile devices housing crypto wallets.

They'll attempt to hack into ledgers, looking for weaknesses to exploit. Hackers also try to hijack the mining process.

Social engineering and email phishing are common tactics used to trick victims into revealing their secret keys. This can be done through impersonation or coercion.

Greed plays a huge part in crypto, with people buying and selling Bitcoin and other cryptocurrencies seeing themselves as different from average traders. They focus on the element of danger, risk, and rewards of buying and leveraging an asset beyond most people's comprehension.

Ego also plays a huge part within the crypto realm, with people trading in crypto only satisfied if they become billionaires. Being a millionaire in the crypto world is simply a day's work.

Many fall for crypto scams because they desire to become billionaires with just a few clicks, hackers follow these players through their social media postings, showing off their fancy sports cars, a yacht full of beautiful people, or videoing themselves purchasing Rolex watches for their crew.

Hackers prey on their victims' egos, offering triple returns on Bitcoin, which the victims quickly transfer to the scammer. They look for ways to increase their digital wallets while maintaining their growing lust to be a global player.

People who are alone can also be lured into crypto scams, offered a chance to become "insiders" into the secret world of crypto. Ultimately, victims globally lose their investment capital without hope of recovering even a single dime.

Investors who understand cognitive biases regarding how and when they should invest play a strong role in crypto trading. Crypto trading is filled with flaws, potholes, and false information.

Confirmation bias occurs when people seek advice from others to confirm their pre-existing beliefs about whether to buy Bitcoin, hackers leveraging email phishing pose as "experts" in crypto, and fall for these social engineering tactics.

In 2023, cryptocurrency thefts continued to rise, with illicit cryptocurrency volumes reaching all-time highs. To prevent such thefts, it's essential to implement robust security measures.

One of the most effective ways to protect your crypto assets is to use strong and unique passwords, combined with two-factor authentication (2FA). This will make it much harder for hackers to access your digital wallet and keys. Consider using hardware wallets, which are more challenging to crack than software-only versions.

To stay safe online, be cautious of public Wi-Fi and use a VPN to hide your identity. This will help protect your digital wallets from hackers. Regularly update your software and devices to ensure you have the latest security patches.

Here are some critical controls that organizations and service providers need to implement to protect against crypto thefts:

Social Proof and Peer Pressure can be a significant risk in the crypto world. Crypto social circles are smaller than regular Facebook groups, X, or Instagram, making it easier for hackers to target individuals.

Ego plays a huge role in these tight-knit groups, with people flaunting their wealth and trying to become an "Alpha" trader. This can lead to a desire to take more risks and become a victim of fraud.

Less successful traders in these groups are more likely to fall prey to scams, as they try to keep up with the major players. Hackers troll these groups, looking for vulnerable individuals to target with fake investment opportunities.

These scammers often approach their targets with promises of guaranteed returns, making them feel like they'll be the top trader in their social world.

Protecting your crypto assets from hackers requires a solid understanding of cybersecurity measures. Strong and unique passwords are critical in protecting digital files containing information and access to crypto keys and details.

Using two-factor authentication (2FA) is essential in keeping hackers from accessing the digital wallet and keys. This includes biometrics on the device and online, making it much harder for unauthorized access.

Hardware wallets are a great option for storing your currencies, as they are far more challenging to crack than software-only versions. In fact, hardware wallets are purposely designed to store crypto assets securely.

Regularly patching and updating devices' operational systems, applications, and cybersecurity endpoint security tools is crucial in protecting software-based digital wallets. This is a critical control that all individuals need to enable.

Phishing awareness is also vital, as hackers often use phishing and social engineering to lure victims into Bitcoin heists and compromise wallets. Investing an hour in a learning course on understanding phishing can help you quickly identify a lure.

Here are some essential cybersecurity measures to protect against crypto heists:

Implementing these measures can help prevent crypto heists and protect your assets. By being proactive and taking control of your cybersecurity, you can safeguard your investments and avoid falling victim to hackers.