Crypto Losses Drop 87% in February, But Hackers Now Target People, Not Code

Crypto losses fell to $49M in February, but attackers are shifting to scamming and defrauding users, Nominis said.

A report by the blockchain security firm Nominis shows that in February, total losses from crypto attacks fell by 87%, from $385 million in January to $49.3 million last month.

However, while the drop in the total amount stolen suggests improved protocol security, Nominis says an analysis of the month’s events shows that attackers are shifting their focus from exploiting the code to defrauding the people who use it.

Anatomy of February’s Crypto Attacks

According to a Nominis report, the attack on Step Finance, a Decentralized finance (DeFi) platform based in Solana, caused a loss of more than 60% of the total in February.

In that case, the attackers allegedly hacked the project’s senior team’s machines, which may have exposed private keys or allowed unauthorized access to work. After that, they withdrew the wallet and transferred 261,854 SOL worth up to 40 million dollars to their wallets.

The damage was so great that Step Finance was forced to close its main platform and related projects, including SolanaFloor and Remora Markets.

The remaining losses came from widespread attacks, including the 3 million dollars lost to CrossCurve, a cross-protocol bridge, when the attacker used incorrect authentication logic in the contract responsible for processing incoming messages from the Axelar network.

Elsewhere, YieldBlox, a DeFi lending platform, lost nearly $10.2 million after a bad actor manipulated the collateral’s pricing logic to allow it to lend more than it was allowed to.

You may also like:

There have also been many address killing scams targeting individuals, with their losses ranging from around $100,000 to around $600,000. Others lost power after unknowingly signing the wrong token authorization. This is a technique where a fraudulent fraudster tricks people into giving criminals permission to take money from their wallets.

A Broad Pattern Is Emerging

Aside from the direct attacks, there were several notable results made in February by investigators and law enforcement. For example, SlowMist published a technical analysis of a phishing campaign that specifically targeted the administrators of crypto projects.

In that campaign, attackers created fake versions of real token-issuing tools to trick operators into giving them access to contracts.

Meanwhile, South Korean authorities are investigating a case where a seed phrase was mistakenly displayed in a publicly shared image, which allowed attackers to rebuild the wallet and steal an estimated $5 million.

In terms of law enforcement, the US Department of Justice reported seizing more than $61 million in cryptocurrency linked to a hog farming fraud scheme. Investigators were able to trace the money through blockchain analysis and found legitimate money laundering.

Based on the events of February, the financial loss is not primarily due to exploiting an unknown vulnerability in the source code. Nominis research found that most losses now come from compromised user accounts, misleading job applications, and users copying the wrong wallet address. According to the company, the most vulnerable aspects of the cryptocurrency ecosystem are not the blockchains themselves, but rather, the behavior of the people and the working practices around them.