The digital sphere is a real playground for hackers and all kinds of fraudsters. 2022 has already been marked by several high-profile scams. The economic situation in the world is far from perfect, and the increasing number of scams only adds fuel to the fire. Let’s look at the most notable cases to date.
Massive Attacks on NFT Owners
Everyone who has heard about NFTs knows the most famous collection called Bored Ape Yacht Club (BAYC). Every digital collector wants to own these tokens. The cartoon monkeys are sometimes sold for out-of-this-world prices of more than $1 million.
No wonder such valuable pieces of art are constantly under attack. Here are a few notable cases in 2022:
- March — Discord and Instagram hacks. The lightning-fast actions of hackers caused users to lose hundreds of NFTs from the Mutant Ape Yacht Club collection, which had a total value of up to $2.8 million.
- May — the theft of Seth Green’s NFTs. The famous Hollywood actor, director, and producer, who gave the world Robot Chicken, lost four valuable digital paintings, including Bored Ape #8398. The collection is worth $300,000. This led to a halt in the production of the comedy project. Bored Ape #8398 was supposed to be the main character.
- June — a new attack on the Discord server. The already known server hacking scheme is still in effect. This time BAYC, Mutant Ape Yacht Club, Bored Ape, and other tokens were stolen. The damage exceeded $360,000.
Of course, there have been other cases, but the ones mentioned above got more attention than the others. Fans of BAYC and other similar collections are more likely to be victims than others.
Arbix Finance
In 2021, a phenomenon called rug pulling began to spread. The scheme involves scammers issuing their own token linked to the exchange rate of a well-known crypto-asset that inspires user trust. Later, when the necessary amount is collected from investors, attackers cover their tracks and disappear.
Arbix Finance stands out here. The company was created on the basis of Binance Smart Chain and, most interestingly, managed to get audited by Certik, an organization specializing in cryptocurrency auditing. Not surprisingly, investors began to invest in the new token ARBX without the slightest suspicion.
In January 2022, everything fell into place. The creators of the Arbix Finance platform took advantage of access to smart contracts, withdrew more than 10 million ARBX, exchanged it for Ethereum, and then cashed and laundered it without any problems. They did it so quickly that duped investors didn’t even have time to realize what was going on. Obviously, the scheme was scrupulously elaborated for a long time.
Now finding the criminals seems almost impossible. They managed to lay low with the stolen assets. The investors lost about $10 million.
Powerful North Korean Hackers
North Korea was the first country to steal crypto on an industrial scale. According to American experts, over the past year and a half, about $3 billion has come to this isolated country.
Lazarus Group is the most famous North Korean organization specializing in digital currency theft. Between January and June 2022, they conducted eight scam operations. The latest one resulted in $100 million in losses. Lazarus Group stole nearly 86 million ETH by exploiting the Harmony platform.
Although the hackers were identified immediately due to their signature tricks, crypto organizations remain almost helpless when facing such massive and targeted attacks.
Crypto Robin Hood
A landmark situation occurred in March 2022 when an unknown hacker broke into the Cashio project. He succeeded in stealing $52.8 million using the following scheme:
- finding a code vulnerability and gaining access to the platform;
- creating fake accounts;
- generating over 2 billion local CASH tokens;
- exchanging them for USDT until the website’s accounts were drained;
- withdrawing money via multiple cryptocurrency wallets.
However, it isn’t even the amount Cashio lost that’s significant, but the hacker’s further actions. Security specialists found a hidden message saying that account owners who had less than 100,000 in their accounts would soon get their money back. The “digital Robin Hood” also promised to donate the rest of the money to charity.
The promises soon came true, and users got their assets back, not exceeding 100,000. Cashio’s management appealed to “Robin Hood” to return the rest as well since most of the money in the accounts was the users’ savings that couldn’t be reimbursed. The hacker responded and urged every wallet owner to explain the funds’ origin and their future plans. The money was returned to those who managed to convince him.
No one knows exactly how much money the secret “do-gooder” returned and whether or not the charitable organizations received the promised transactions.
Axie Infinity
2022 saw the biggest hack of DeFi services. Axie Infinity, a well-known online game, came under attack, too. The theft remained undetected for six days.
Axie Infinity is a token-based game popular in certain circles. It operates on the Ronin bridge to make quick withdrawals. On March 23, cybercriminals quietly took control of the bridge and gained access to the account of a developer who could approve transactions without the security system’s knowledge. The alarm was set by one of the players who wanted to withdraw a large sum of money from the account on March 29 but realized that its existence was just an illusion. Then Axie Infinity’s management launched a massive audit and was horrified: over $625 million had been stolen in six days.
Bonus: Epic Crypto Failure
In conclusion, let’s remember the “gaffe” that almost led to the loss of $36 million. The event concerns the Juno cryptocurrency. For a long time, the community has been speculating about the “whale” Takumi Asano, who was thought to have obtained the tokens illegally. It was almost unanimously decided to seize the funds and hand them over to the community. Even the high likelihood of a lawsuit, later on, didn’t stop the participants.
Initially, the investor’s assets were estimated at $121 million, but due to the crisis and the hype around Juno, they fell to $36 million and were still seized. But a developer, who was responsible for the final stage of the transfer, managed to make a mistake — simply burning the entire amount. Interestingly, the transaction’s parameters were checked and approved by 125 validators at once. That is, none of the participants noticed the mistake.
Luckily, Juno runs on an algorithm that allows transactions to be reversed. So, $36 million was recovered after all.