Theft, Money Laundering, and NFT Market Manipulation: what crypto scammers do in 2022

Извините, этот текст доступен только на “Английский” и “Украинский”. For the sake of viewer convenience, the content is shown below in one of the available alternative languages. You may click one of the links to switch the site language to another available language.


Any new technology that can offer benefits to the world has the potential to be abused by bad actors for their own personal gain.



While cryptocurrency-based crime remains an important problem to solve, especially given that the raw value of illicit transactions is still growing, illicit activity has become a less prominent part of the overall cryptocurrency ecosystem over the last three years.


However, DeFi specifically appears to be going through the same growing pains that cryptocurrency as a whole was previously, with illicit activity rising over the last two years.


We see this primarily in two areas: Theft of funds through hacking, and abuse of DeFi protocols for money laundering.


DeFi protocols are the hacking target 


In fact, over the course of 2021, DeFi protocols became the go-to target for hackers looking to steal cryptocurrency.



DeFi protocols have accounted for an ever-growing share of all funds stolen from cryptocurrency platforms since the beginning of 2020, and lost the vast majority of stolen funds in 2021. As of May 1, DeFi protocols account for 97% of the $1.68 billion worth of cryptocurrency stolen in 2022.



Even worse, much of the cryptocurrency stolen from DeFi protocols has gone to hacking groups associated with the North Korean government, especially in 2022.


Already in 2022, North Korean hackers have had their biggest year yet for cryptocurrency theft at over $840 million, based entirely on hacks of DeFi protocols (it’s possible that North Korean hackers are responsible for other hacks, both of DeFi protocols and centralized services, that have yet to be attributed to them definitively).


The data goes to show that shoring up DeFi protocols’ defenses against hackers isn’t just a matter of building trust with users so that DeFi can continue to grow. It’s also a matter of international security given that cryptocurrency stolen by North Korean hacking groups is used to support the country’s development of weapons of mass destruction.


The U.S. government is taking action, and most recently sanctioned a mixer for the first time given its role in laundering funds for DPRK-linked attackers.



Money laundering is another serious issue, as DeFi protocols represent a bigger and bigger share of all funds sent from illicit addresses over the last two years.


So far in 2022, DeFi protocols have become the biggest recipient of illicit funds, taking in 69% of all funds sent from addresses associated with criminal activity, compared to 19% in 2021.



DeFi-based money laundering is another area where North Korean hackers are leading the way.


We saw an example of this in 2021, when the infamous Lazarus Group used several DeFi protocols to launder funds after stealing more than $91 million worth of cryptocurrency from a centralized exchange.



NFT wash trading: how it works


While most wash traders ended up losing money due to gas fees, the most successful ones turned large profits by artificially inflating their NFTs’ values and offloading them to unsuspecting users.


Rather than inflating the value of any particular NFT, the goal of this scheme seems to be collecting reward tokens given out by the NFT marketplace used by the wash traders.


So, what is wash trading? Wash trading is a form of market manipulation in which a seller is on both sides of a trade — in other words, selling an asset to themselves — in order to create a misleading perception of that asset’s value or liquidity.


Wash trading is relatively easy to do with NFTs, as some NFT trading platforms allow users to trade by simply connecting their wallet to the platform, with no need to identify themselves. One user could easily control multiple wallets and trade NFTs between them, and no one could know unless they took the time to analyze the wallets’ transaction histories.


Now, on to our example. Below, we see two wallets, which we’ve labeled Wash Trader 1 and Wash Trader 2, that have generated over 650,000 wETH in transaction volume each while selling the same three NFTs back and forth to one another.



All of this activity has taken place on the same NFT marketplace. At no point has either wallet sold any of the NFTs to an outside party, so for the time being, it doesn’t appear their goal is to rip off another NFT collector by selling them an artificially inflated asset.


However, this particular marketplace offers incentive rewards in the form of its own native token to users whenever they buy, sell, or trade NFTs on the platform. The two wash trader wallets have generated huge amounts of the marketplace’s rewards token through wash trading. Not only that, but the wallets have upped their earnings even more by staking their rewards tokens.



All in all, between direct earnings from platform usage and staking, the two wash trading wallets have made over 106 million rewards tokens, currently worth over $185.5 million. Gas fees on the wash trades total just $114.6 million in gas fees, giving the wash trader(s) a profit of nearly $71 million. The wallets started with initial funding of 705.6 ETH, worth $2.4 million at the time of the first transfer, making this wash trading scheme a huge success.


This type of wash trading scheme isn’t victimless. For one, the NFT marketplace is being tricked into paying out rewards for phony activity. NFT collectors throughout the market are also potentially being tricked into thinking that this NFT marketplace has more transaction activity than it really does, and the same goes for the NFT collection the wash traders are using for their transactions.


Source: The Chainalysis State of Web3

Related Posts


Роль человеческих ошибок в кибербезопасности и чего ожидать в 2023 году?

В течение следующего года многое из того, что мы видим, будет продолжением уже знакомых многим тенденций. Это означает:   ПРОГРАММЫ-ВЫМОГАТЕЛИ ЭВОЛЮЦИОНИРУЮТ:   До тех пор пока враждебные страны поощряют злоумышленников, а те продолжают атаковать организации-жертвы, продолжающие выплачивать выкупы, не стоит ожидать, что программы-вымогатели скоро исчезнут. Скорее всего, злоумышленники будут использовать все больше инноваций, чтобы опережать […]


Угрозы для государств, рост атак нулевого дня: Microsoft Digital Defense Report 2022

Недавно Microsoft опубликовала отчет о цифровой защите за 2022 год, в котором представлен текущий ландшафт угроз, анализ первой решистско-украинской гибридной войны, текущее состояние киберпреступности и предоставлены рекомендации по успешной защите от будущих угроз.   Государственные хакерские группировки становятся все более весомой угрозой, поскольку они все чаще атакуют объекты критической инфраструктуры и быстро используют уязвимости нулевого […]


QA Тестирование и тестирование безопасности: почему лучше делать это вместе

Качественное программное обеспечение, приложение или продукт являются результатом высоко ориентированной на процесс функции качества (QA) в жизненном цикле разработки программного обеспечения (SDLC — Software Development Life Cycle). Однако иногда это рассматривается как дополнение, поставляемое в конце, чтобы проверить все аспекты продукта или программы перед тем, как предоставить ее для общего пользования или конечного потребителя.   […]

Добавить комментарий

Ваш адрес email не будет опубликован.