Blockchain security

Rise of cryptocurrency attacks: Inside dark web investigations

Drew Robb
December 6, 2023 by
Drew Robb

Cryptocurrencies have had their ups and downs of late. Some have earned millions, and others have lost much of their investment. The value of cryptocurrency is a rollercoaster ride for the ages.

One thing that isn’t going up and down, though, is crypto crime. A report by Chainalysis states that the total cryptocurrency value received illicitly has soared from less than $5 billion in 2017 to more than $20 billion in 2022 — an all-time high despite the market challenges the currency has experienced.

Learn Blockchain Security

Learn Blockchain Security

Build your blockchain security skills with five courses covering blockchain structure, blockchain attacks, smart contract security and more.

These blockchain-based platforms have increasingly been under attack from hackers. Data from Comparitech reveals that the number of crypt heists leaped from 52 in 2020 to more than 200 in 2023.

Overall, about 600 successful attacks on cryptocurrency have raked in almost $10 billion. Some of the largest cryptocurrency attacks include: 

  • The Ronin Network hack in March 2022 resulted in $620 million in stolen assets by North Korea’s Lazarus Group. 

  • The Binance hack in October 2022 resulted in $570 million stolen, of which $110 million was never recovered. 

  • The Euler Finance attack in March 2023 lost nearly $200 million.

The main avenues of entry used in these breaches were via private key breaches, with smart contract exploits coming second.  

Defense against the dark crypto arts  

More cybersecurity safeguards have been added to cryptocurrencies with so much at stake. And more experts from IT and law enforcement have gotten involved. 

One notable example is Lili Infante, CEO and founder of crypto forensics and cybersecurity company CAT Labs. She previously operated as a special agent for the U.S. Department of Justice for a decade, specializing in cryptocurrency as part of dark web investigations. As well as running a DoJ crypto task force, she partnered with intelligence and law enforcement organizations worldwide. Her initial background was in economics. That led her into the field of Bitcoin and, from there, into cybercrime.

“The explosion of cryptocurrency into the mainstream made it very easy to monetize hack scams and fraud,” said Infante on a recent Cyber Work Podcast. “A degree in economics gave me a good base of knowledge into the world economic system works, as well as quantitative and qualitative skills.

Dark web investigations

Dark web cases are unique. They have features that are quite different from traditional cases: anonymous criminals, virtual rather than physical heists, the use of technology to breach systems and cover one’s tracks, difficulty in nailing down the location of perpetrators and their servers and the fact that co-conspirators may not even know each other.

In a dark web market, Infante relates how people openly discuss selling drugs and committing crimes against children. She describes it as being like an for drugs and illicit goods and services. There are even reviews and ratings of vendors and participants.

Learn Blockchain Security

Learn Blockchain Security

Build your blockchain security skills with five courses covering blockchain structure, blockchain attacks, smart contract security and more.

“These are giant enterprises that can be worth billions of dollars,” said Infante. “All of this brings an extra layer of complexity to forensics and criminal investigation.”

In a traditional drug case, for example, you catch a low-level drug dealer, arrest them and get them to flip against their source of supply. You work along the chain until you get to the big fish in a cartel. In the case of the dark web, none of them know each other. The step-by-step process of flipping someone against someone else isn’t possible. Law enforcement efforts, therefore, must target the big guy right away.

The good news is that law enforcement no longer must laboriously plant an operative inside a criminal organization to get results. They can do undercover work and use the dark web's anonymity to find the correct targets. But time and patience are essential parts of the job description. 

“I’ve had dark web cases running for four years, during which time you have to identify the administrators of the market, those selling illicit goods and services and those dealing with the crypto and finance components,” said Infante. “The vendor case is very different from an administrator or money launderer case.”


Dark web market takedowns  

If law enforcement takes a market down, the perpetrators can rapidly reestablish another. That’s why it is vital to identify and prosecute the administrators. Most of these people are young and technically gifted computer scientists. Many don’t have anything to do with buying or selling on the dark web. They’re just doing the infrastructure and raking in the rewards. They can make millions of dollars from commission funds or commission fees from each transaction on the market. 

“We usually attack all of the vectors of the investigation all at once,” said Infante. “We always go after at least one vendor on the market and try to identify and prosecute them. We need to prove that the crime is occurring in the United States in whatever jurisdiction you're prosecuting the case out of.”

She added that if you just after the administrator, you usually can’t get enough evidence of the venue for criminal activities to prosecute successfully.

Learn Blockchain Security

Learn Blockchain Security

Build your blockchain security skills with five courses covering blockchain structure, blockchain attacks, smart contract security and more.

Cryptocurrency attack approach 

Infante reveals that many traditional vulnerabilities are also exploited in the crypto world. Web 2.0 attack vectors against content delivery networks are used against crypto protocols and companies. Social engineering is a huge factor, as is improper key management in stealing crypto.

Blockchain crypto-specific avenues of encroachment include price oracle attacks, governance attacks and zero-day exploits. In addition, crypto is being used by malicious state actors to fund their operations. Crypto makes it easy to transfer value across borders and has an immutable quality that makes it attractive. Once the transfer happens, there is little you can do about it.

CAT Labs, she added, builds digital asset recovery and cybersecurity tools that help to fight crypto-enabled crimes. These tools allow the government to address these crimes. They remove some of the technical bottlenecks they face when dealing with these crimes.

“I know what the bottlenecks are with these cases, so building tools to address those areas was the best path forward for me,” said Infante. “We’re looking into the next frontier of cryptography, one area of which is fully homomorphic encryption.”

For more, watch the full Cyber Work Podcast, The current state of crypto crime. 

Drew Robb
Drew Robb

Drew Robb has been writing about IT, engineering and cybersecurity for more than 25 years. He's been published in numerous outlets and resides in Florida.