Stay vigilant against crypto scams and hacks. Learn from record-breaking incidents in January and February 2024. Protect your assets with awareness and secure practices.

As the crypto landscape gears up for the next bull market, vigilance becomes paramount for both users and projects, necessitating caution against dubious exchanges, insecure DeFi protocols, and the ever-evolving threat of phishing scams.

The month of January witnessed a surge in cyber attacks, with hackers executing 30 incidents resulting in the theft of over $182.5 million. This marked a staggering 771% increase compared to January 2023 and an 84% rise from December, according to PeckShield's data.

February continued this trend, setting a record for exploiters who managed to steal over $380 million, more than double the amount from January. Notable breaches included $290 million from PlayDapp, $26 million from FixedFloat, and $9.7 million from Axie Infinity co-founder Jeff Zirlin.

#PeckShieldAlert reported that hackers stole approximately $360.83 million across more than 21 attacks in February 2024, reflecting a month-on-month increase of 97.6% compared to January. Moreover, only about 1.8% of the stolen funds have been recovered, totaling around $6.7 million.

Chainalysis cybercrime research lead Eric Jardine emphasized the importance of education as the primary defense against crypto threats, citing the open-source nature of crypto protocols as both a strength and a vulnerability. He advised users to research platforms and DeFi protocols thoroughly, understanding their security features and staying updated on enhancements.

Verify and Double-Check

Phishing scams targeted over 324,000 crypto users in 2023, resulting in approximately $295 million in losses, according to Scam Sniffer analysis. The anti-scam platform highlighted social media as a hotspot for scam links, often embedded in advertisements. Beosin security researcher Pan Tao warned about phishing attacks masquerading as Ethereum staking and token airdrops, emphasizing their recent frequency and effectiveness.

Recently, on Feb. 25, attackers compromised MicroStrategy's X account, stealing at least $440,000 through a scam token airdrop. Users were directed to a look-alike website, microsfrategy.com.

Scam Sniffer recommended users always verify website URLs from multiple sources and understand contract details before making transactions.

Pan Tao cautioned against the use of drainer-as-a-service tools, mature and convenient phishing tools often advertised on Google and X.

Ensuring Secure CEX

Many new crypto users initiate their journey through centralized exchanges (CEX), making them susceptible to CEX scams. Tao noted incidents like the theft of customer funds by FTX and alleged fraud by JPEX on its users. Criteria for selecting a secure CEX should include licensing or periodic proof of reserves, no withdrawal issues or high fees, and prompt customer support.

Safeguarding Private Keys

DeFi protocols must extend their security efforts beyond on-chain vulnerabilities, covering both on and off-chain threats, advised Jardine. In 2023, on-chain vulnerabilities, particularly in smart contracts, dominated DeFi hacking. However, the landscape shifted in the second half of the year, with compromised private keys driving a larger share of hacks.

“The key takeaway for DeFi protocols is that their security efforts should cover more than just on-chain vulnerabilities and smart contracts, especially amid the rise in off-chain vulnerabilities.”

Jardine suggested implementing systems to monitor on-chain activity for potential vulnerabilities. Some firms offer products that can alert and respond to cyber attacks, enhancing security for third-party integrations and communicating with at-risk customers.

Chainalysis reported improved security practices among DeFi protocols, with losses from protocol hacks decreasing by about 64% year-on-year to $1.1 billion for 2023.