According to blockchain analysis company Chainalysis, 2019 saw more cryptocurrency hacks than any other year to date. [Read: Here’s how law enforcement catches cryptocurrency criminals] However, none of the 11 hacks that took place last year came close to matching previous heists in terms of scale (think Mt. Gox‘s $473 million collapse in 2014 or Coincheck’s $534 million hack in 2018). As a result, the total amount stolen from exchanges dropped significantly to $283 million worth of cryptocurrency. For context, Chainalysis counted hacks involving exploitation of technical vulnerabilities and attacks carried out through social engineering or other methods of deception. They only counted attacks that enabled bad actors to access funds belonging to exchanges, and not wallet providers, payment processors, investment platforms, or any other services. Their methodology also ignored exit scams or cases where users exploited an exchange error. Finally, Chainalysis only included attacks where the stolen amount was measured publicly and confirmed by several sources.
Comparing the size of cryptocurrency hacks
The average and median amount stolen by hackers dropped significantly in 2019, after having risen consecutively for each of the previous three years. Just 54 percent of the hacks observed last year took in over $10 million, compared with all the hacks reported in 2018. Although the increase in the number of individual hacks should be concerning, the data shows that exchanges have improved in terms of limiting the damage hackers can do, Chainalysis says.
Yeah, but where does the stolen cryptocurrency go?
By analyzing the blockchain, Chainalysis concludes that the majority of stolen money ends up being sent to other exchanges, from where they’re likely converted into fiat. Despite this, a significant part of the stolen money remains unspent, sometimes even for years, meaning law enforcement could still catch up with cyberthieves. Additionally, the firm found that small but significant — and, in 2019, increasing — chunk of the stolen money is passed through third-party mixers or CoinJoin wallets to hide their illicit origins. Cryptocurrency exchanges may be taking security more seriously, and while this may help some of you sleep better at night, don’t forget that criminals are likely to adapt and thus rely on increasingly sophisticated methods to gain access to customers‘ funds.