In a surprising turn of events, TRM Labs revealed in a recent report that hacker exploits in the crypto space have drastically declined by 70% during Q1 2023 compared to the same period last year. With only 40 attacks and a total of $400 million stolen, the average hack size has reduced as well, from $30 million to $10.5 million. However, what’s most intriguing is that hackers are beginning to return the money they’ve stolen, often in exchange for a “white hat” reward from the exploited projects.
According to TRM Labs, victims of hacks were able to recover almost half of the stolen funds in 2023, thanks primarily to instances like TenderFi protocol and Euler lending protocol hacks in March. The TenderFi attacker returned half of the $1.6 million they stole, receiving an $850,000 bounty in return. The thief behind the Euler lending protocol exploit agreed to refund the entire $200 million worth of crypto. In April, the Safemoon protocol hacker returned $7.1 million out of the $9 million they stole.
This unexpected change in hacker behavior can potentially be attributed to the increased regulatory attention to crypto hacks and high-profile enforcement cases. Crypto exchanges have been implementing more robust KYC/AML policies, making it difficult for hackers to cash out stolen coins. Additionally, the ETH mixing protocol Tornado Cash, once a popular money laundering tool for Ethereum, has been under US sanctions since August 2022, making it impossible for hackers to use regulated exchanges.
Moreover, Avraham Eisenberg’s case, the first person to be arrested for a DeFi exploit of Mango Markets protocol, serves as a warning to other hackers. With investigators using blockchain intelligence and open-source tools to track stolen funds in real-time, malicious hackers are having a harder time off-ramping funds and are settling for bug bounties instead.
Ari Redbord, TRM Labs’ head of legal and government affairs, suggests that so-called “white hat” hackers are becoming increasingly involved in the ecosystem. Such individuals can prove beneficial for DeFi services in strengthening their cyber controls. Examples of DeFi hackers returning stolen funds in the past include the Defrost Finance and Nomad Bridge incidents in 2022, Poly Network in 2021, and dForce in 2020.
Despite the decline in hacks and an increase in funds being returned, DeFi protocols are still an attractive target for attackers, as complex smart contracts often prove to be vulnerable to manipulation. As per Chainalysis, DeFi exploits accounted for an astounding 82% of all crypto stolen in 2022. As the world continues to embrace blockchain technology and the crypto market, stakeholders must remain vigilant and strive to create safer, more secure platforms for users.
Source: Coindesk