In 2022, analysts recorded 303 targeted attacks on various blockchain networks. ~32% of them involved phishing attacks, rug pulls, and other scams.
Analysts at blockchain security company SlowMist recorded 303 targeted attacks on blockchain networks during the past year. In 2022, nearly a third of the attacks on crypto projects involved flaws in smart contracts. Hackers conducted 92 attacks of this type and stole ~$1.1 billion.
The actions of cryptojackers accounted for about 32% of all attacks. Hackers successfully executed 96 attacks using different scam schemes, including phishing attacks and rug pulls. Another 6% involved private key hacks. Analysts mark the reasons behind the remaining 31% of hacks as “others.” They involve new methods, including front-end malicious attacks, DNS attacks, BGP hijacking, manmade configuration errors, and others.
Analysts highlighted the most common types of attacks:
- Private key leakage: 20 reported incidents totaling ~$762 million, with the largest ones being the Ronin Network attack and the Harmony Horizon hack.
- Flash loan attack: 33 reported incidents causing ~$348 million in losses.
- Rug pull: 51 reported incidents and ~$188 million in losses.
- NFT scams: 56 reported incidents, 22 of which were the result of phishing attacks.
SlowMist experts also outlined several specific phishing techniques actively used by cryptojackers in 2022:
- Use of a browser bookmark manager to steal a Discord account and use it to spread phishing messages.
- “Zero dollar purchase” NFT phishing involves gaining access to the victim’s NFTs through fake orders to sell scam tokens without spending any money.
- Use of malware such as RedLine Stealer. Attackers can access any information on the user’s computer. The user downloads the malware on their own, wanting to take part in testing a new project, for example.
- Blank Check allows attackers to gain access to the user’s private key to sign any transaction. This usually happens once the crypto wallet is connected to the fraudulent site.
- Zero transfer scam involves making transactions to the victim’s wallet from addresses that are virtually identical. Thus, scammers intend to confuse the victim and make them copy the wrong address when transferring their funds.
In 2022, cryptojackers continued to improve their techniques. CertiK analysts revealed a new type of phishing attack called Ice Phishing.