April Sees $161M in Crypto Losses: 4 Alarming Trends You Need to Know
$161M were lost to Crypto Crimes in April! Although this month saw its usual lot of shenanigans: private key exploits ($48M), flash loan attacks ($19.9M) and smart contract exploits ($16.5M$), four alarming facts demand our immediate attention!
The Rise of Supply Chain Attacks
Supply chain attacks are a well-known cybersecurity threat in the real world, but in the world of web3, they are still a relatively new phenomenon.
In cybersecurity, what qualifies as a supply chain attack is a cyberattack that targets organizations and attempts to inflict damage by exploiting the “weaker link(s)” and their vulnerabilities in the supply chain network. The “Supply Chain Network” is every intermediary and organization used to operate a business. As a result, supply chain attacks have become one of the most dangerous security threats for businesses and organizations.
Applied to the blockchain, a supply chain attack is when some 9,223 crypto wallets from Phantom, Slope, Solflare, and TrustWallet on the blockchain Solana were drained for almost US$6 million of crypto in August 2022 due to their private keys being compromised. Slope was the weaker link.
As we predicted before, supply chain attacks are fast becoming a staple of web3 as web3 actors continue to converge and become more interwoven. April 2023 provided further evidence of this trend, with two supply chain attacks of different kinds taking place.
The 3CX SupplyChain Attack
The first attack hit a handful of crypto companies by exploiting a communication app vulnerability and delivering a backdoor.
Security companies Crowdstrike and Kaspersky discovered the malicious activity on the 3CX softphone app 3CXDesktopApp.
3CX confirmed the supply chain attack and reported that:
“This appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state-sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware.”
Kaspersky believes that the North Korea-linked threat actor Labyrinth Chollima was involved in the attack.
The AT&T Supply Chain Attack
The second one is more peculiar.
In April, there was a report of a cybersecurity attack on AT&T email accounts by hackers who were after cryptocurrencies.
They used a vulnerability in AT&T’s API to gain control of victims’ email addresses. With this access, the hackers could create mail keys and reset passwords for various cryptocurrency services, including Coinbase, Gemini, and Binance. This allowed them to access victims’ cryptocurrency accounts and transfer funds to their own wallets. As a result of this attack, approximately $20 million worth of cryptocurrencies was stolen.
Permit Exploit, the new Approval Exploit?
Approval exploits are well-known in the web3 space. A person may find themselves giving approval to a fraudster through a phishing website, which then grants permission to access the victim’s tokens, collect data, and perform actions on their behalf.
This scam is commonly known as “Ice phishing.” However, another, less well-known ice phishing technique has been making waves recently: the “permit exploit.”
According to Scam Sniffer, at least $11.78 million was lost to this type of scam in recent weeks.
On April 30th, a single web3 user lost $2.28 million worth of USDC in one swoop to an ERC20 permit phishing attack.
Introduced through EIP-2612, the “permit” function is designed to improve the user experience by reducing the number of steps required to approve token transfers and reducing the gas costs associated with approval transactions. It also provides an additional layer of security by ensuring that the signature can only be used once and cannot be replayed.
In summary, “permit” is a method that “replaces’’ approval transactions and provides a more efficient and secure user experience, in theory. Similar to approval exploits, scammers can trick people into signing a “permit” message that would allow them to transfer tokens without the person’s knowledge or consent.
Multiple DeFi platforms, such as Uniswap or 1inch, are extensively using the permit function, turning it into a staple of crypto transactions.
One possible explanation for the rise of this type of ice phishing is the increased awareness around the dangers of “granting approval” in the crypto community.
As permissions are perceived as much less of a threat than approvals and are rarely spoken of in connection with crypto scams, it becomes a perfect trap to lay for unsuspecting people.
Increase in Fraudulent Projects
It was the most intense month of 2023 in terms of the number of fraudulent projects, with 37 DeFi/Crypto scams totaling more than $14 million.
In February, we reported on an alarming trend: the growing focus of crypto criminals on web3 retail investors. Since the beginning of the year, the frequency and intensity of these incidents has significantly increased, manifesting in an array of fraudulent projects, multi-front hacks, and phishing scams.
The latest wave of scammy projects associated with the meme coins hype also promises to turn May 2023 into an even bigger scam bloodbath.
The latest ruling by the CFTC on April 27th, which imposed a record-breaking $3.4 billion fine on a single crypto Ponzi scammer, could act as a deterrent to at least some fraudsters in the future and save hypothetical people from being siphoned out.
Well…one can hope!
The Shift in Discord Hacks
Although it may seem insignificant or undeserving of attention, there has been a shift in the targets of hackers when it comes to Discord.
While Discord hacks once almost solely targeted those linked to NFT projects, in April, almost half of the Discord hacks targeted DeFi & Crypto project Discords.
This information should not be taken lightly.
Last year, a single hacker group made off with no less than $22 million through such hacks. If hackers have now shifted their focus to these projects, those involved in DeFi and Crypto should be concerned.
So, what explains this shift?
One possibility is that the NFT market meltdown had two main effects that made NFT holders less attractive targets. First, the NFT space has turned into quite the ghost town, which significantly reduces the victim pool when targeting a Discord. Secondly, the meltdown had a huge impact on the value of NFTs. Whereas it was once extremely lucrative for a hacker to get their hands on NFTs, their dwindling value makes it much less worthwhile to invest time and resources, as well as taking considerable risks.
While NFTs are still not picking up, DeFi and Crypto projects that are benefiting from cycling trends like meme coins, trad-fi meltdown, Ethereum Shanghai, and the rise of LSDs, etc., are attracting the brunt of web3 circulating funds and optimism.
It is thus no wonder that Discords associated with these types of projects are now the new rising targets for hackers.
April proves yet again that the crypto crime landscape is ever-changing, and that hackers and scammers alike are always quick to adapt and formulate new schemes when it comes to siphoning out pockets of web3 users.
About us
Nefture is a Blockchain Security Company that secure crypto transactions!
With Wallet Alerts, you can get your Wallet security audit for free in just 24 hours. Plus, enjoy the added peace of mind that comes with immediate alerts on new wallet approvals, as well as a weekly security report!
Check if your wallet is compromised now ⚡https://www.nefture.com/
