TRM Labs’ report indicates that the average size of cryptocurrency hacks has decreased, with the average amount stolen dropping from $30 million in 2022 to $10.5 million during the same period in 2023. Furthermore, hackers have demonstrated a growing tendency to return the funds they have stolen, opting instead for a “white hat” reward from the affected projects. TRM Labs estimates that hack victims have recovered almost half of the stolen funds in 2023.
Several instances have emerged where hackers who have exploited blockchain protocols have returned the funds they had stolen. For instance, the individual who attacked the TenderFi protocol returned half of the $1.6 million that was taken, with TenderFi offering an $850,000 bounty in exchange. Similarly, the individual responsible for the Euler lending protocol exploit agreed to return all of the $200 million worth of cryptocurrency that was taken. Both of these incidents occurred in March. In April, the hacker who drained the Safemoon protocol returned $7.1 million worth of cryptocurrency, keeping the remaining $9 million of their loot.
TRM Labs posits that the growing regulatory scrutiny and notable enforcement actions against cryptocurrency hacks may be a contributing factor to the observed trend. Specifically, cryptocurrency exchanges have been enhancing their Know Your Customer (KYC) and Anti-Money Laundering (AML) policies, which have made it more difficult for cybercriminals to liquidate stolen digital assets. Additionally, the Tornado Cash protocol, which has been a popular tool for Ethereum-based money laundering activities, has been under U.S. sanctions since August 2022. As a result, regulated exchanges have automatically blacklisted all Tornado Cash-related funds.
Furthermore, the arrest of Avraham Eisenberg, who was the first individual known to be apprehended for a Decentralized Finance (DeFi) exploit, may also be acting as a deterrent. Eisenberg had exploited the Mango Markets protocol and publicly disclosed the vulnerability he had discovered. He was subsequently arrested in Puerto Rico in December.
According to Ari Redbord, the Head of Legal and Government Affairs at TRM Labs, the capability to track and trace stolen cryptocurrency funds has improved significantly. This is not only due to investigators utilizing blockchain intelligence tools, such as those provided by TRM but also to individuals using open-source tools on social media platforms like Twitter. This has created an atmosphere in which hacked funds are being monitored publicly and in real-time.
Redbord also noted that malicious hackers are experiencing greater challenges in off-ramping stolen funds, leading them to accept bug bounties instead. Additionally, there has been a rise in the number of “white hat” hackers who are actively contributing to the ecosystem. These individuals could potentially assist DeFi services in strengthening their cybersecurity measures.
There have been instances in the past where DeFi hackers have returned stolen funds. For example, in 2022, both Defrost Finance and Nomad Bridge hackers returned the stolen funds. Similar incidents occurred with Poly Network in 2021 and dForce in 2020.
As of March, the estimated total cost of hacks and scams amounted to $119 million, according to Crystal Blockchain. DeFi protocols continue to be a popular target for attackers, as their complex smart contracts are often susceptible to manipulation. According to Chainalysis, DeFi exploits accounted for 82% of all cryptocurrency stolen in 2022.
