No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm
The industry is likely to see “further attempts from hackers targeting bridges in 2023,” while users are urged to be warier of their private keys.
The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.
The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:
“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”
Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.
Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”
Protect your keys
On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.
The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.
Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:
“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”
The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.
Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.
The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.