DeFi
Experts warn of sinister ‘information thieves’ as hackers steal $664 million in first half – DL News
- Hackers stole $664 million from cryptocurrency investors in the first half of the year.
- That’s more than was stolen in the first half of 2023.
- A more ominous threat to crypto looms on the horizon.
Cryptocurrency investors lost $664 million to hackers in the first half of the year, an increase of more than 50% in the figures recorded for the same period last year, according to DefiLlama data.
Most of these losses are due to phishing attacks and compromised private keys. This journalist even $45,000 Lost Due to Malware Attack in May.
Hackers are often skilled malicious actors who work for cybercrime syndicates such as The North Korean state-sponsored Lazarus Group who are suspected of having billions stolen in crypto.
Powerful hacking tools are usually not available to the army of amateur hackers on the Internet.
“The proliferation of open-source hacking tools lowers the barrier of entry for amateur hackers, increasing the volume and frequency of attacks,” said Omer Sadika, co-founder and CEO of blockchain security firm dWallet Labs. DL News.
Cybersecurity experts have begun to sound the alarm about the emergence of open source information thieves.
Information stealers are malicious programs that steal sensitive financial information from a victim’s computers, including crypto wallet passwords and private keys.
The biggest crypto hacks This year alone, the $305 million stolen from Bitcoin exchange DMM was due to compromised private keys.
Join the community to receive our latest stories and updates
Last year, Security experts were already issuing warnings that crypto companies could lose more funds to hackers if they don’t address the problem of private key leaks – a problem that could be made worse by the emergence of open-source information thieves.
Wider threat area
Hacker forums exist in the dark web, where these information stealers are sold to the highest bidder. But today, that model is changing, and these dangerous programs are becoming open source and free, increasing the number of malicious actors who have access to them.
James Toledano, COO of self-service wallet provider Savl, said DL News It is worrying that amateur hackers have access to very powerful hacking tools, such as Infostealer malware.
“It’s a pure numbers game; it only takes one attempt in a thousand to succeed,” Toledano said.
By making information stealers open source, the threat landscape for malware attacks designed to steal cryptocurrencies is set to expand, putting more investors at risk.
In addition to widening the threat environment, Toledano said open-source information thieves would make it even harder for hackers to track down.
“Unlike attacks by discrete cybercriminal groups or malicious state actors, which can sometimes be tracked and countered, open source tools provide access to a much larger pool of potential attackers and that’s the problem,” Toledano said.
Web2 Vulnerabilities
Open source information thieves are also compounding the impact of Web2-based vulnerabilities on crypto security.
Sadika’s dWallet Labs said it recently discovered a chain of vulnerabilities related to blockchain validators that could lead to billions of dollars in cryptocurrency losses.
In his reportdWallet Labs has identified INfStones, an infrastructure provider used by validators on popular blockchain networks, which was prone to malicious attacks.
Validators stake cryptographic tokens on blockchain networks to give them the power to verify transactions.
The report states that attackers could successfully discover private keys or take control of the validators themselves.
As such, dWallet Labs recommended that InfStones change the validation keys of exposed users.
“The Web3 industry tends to overlook the security aspects of Web2, which are the main target of open source software thieves,” Sadika said.
“The problem is likely to grow in scale and complexity, requiring more robust and adaptive security measures from all stakeholders in the crypto ecosystem.”
Osato Avan-Nomayo is our DeFi correspondent based in Nigeria. He covers DeFi and technology. To share tips or information on articles, please contact him at osato@dlnews.com.