Crypto investors will have to keep their eyes on crypto thieves peeled for sophisticated phishing scams and a plethora of smart contract vulnerabilities next year, according to blockchain security firms.
Security Firm warns about crypto thieves
In 2024, blockchain security firms are warning crypto projects and investors about several Crypto thieves, including AI-powered phishing scams, BRC-20 exploits, and new vulnerabilities in smart contracts. While the $1.7 billion in scam and hack-related losses in 2023 represents an improvement from the $4 billion lost in 2022, experts caution that scams are becoming more sophisticated, requiring users to stay hyper-vigilant.
Jesse Leclere, a blockchain analyst from CertiK, highlighted the increasing sophistication of phishing attacks, which may target not only individual users but also corporate systems. He pointed out that social engineering tactics tailored to the crypto context are expected to be employed. The use of generative AI is identified as a key element that could make phishing scams more nefarious, enabling Crypto thieves to automate operations and create convincing fake calls, videos, and messages to deceive potential victims. The caution comes in the wake of incidents like the Ledger Connect exploit on Dec. 14, highlighting the evolving nature of cyber threats in the crypto space.
As predicted, Generative AI scams are now here. These will be dramatically better in 12-24 months and hard for anyone to distinguish between reality and the AI fiction https://t.co/u7uaIEUodt
— Charles Hoskinson (@IOHK_Charles) December 15, 2023
Jenny Peng, a research analyst from 0xScope, has issued a warning that AI could become a significant element in generating increasingly realistic “deep fakes” designed to deceive crypto users. She cautioned that hackers might pay extra attention to the growing BRC-20 ecosystem in the coming year due to a perceived lack of advancements in security.
Peng pointed to a specific incident involving the BRC-20 UniSat wallet, which was launched in early 2023 and promptly faced a double-spend exploit. This incident highlights the need for the BRC-20 ecosystem, which is relatively new, to rapidly evolve its infrastructure to match the battle-tested security of established platforms like Ethereum.
Cross-chain bridges, an enduring concern in the crypto industry, are expected to remain a point of focus in 2024, according to Jesse Leclere. This underscores the ongoing challenges and vulnerabilities associated with interoperability between different blockchain networks.
#PeckShieldAlert @MultichainOrg has been drained of ~$126M worth of cryptos, ranking it at #6 on our cross-chain bridge exploit leaderboard.
Additionally, #PolyNetwork, which was exploited for ~$25M, stands at #8.As of today, ~$1.92B associated with cross-chain bridges has… pic.twitter.com/UvJF8BwQfs
— PeckShieldAlert (@PeckShieldAlert) July 7, 2023
Jesse Leclere emphasized the vulnerability of cross-chain solutions to cyber attacks, especially as the industry adopts these protocols for greater interoperability. The increasing complexity resulting from interactions between different protocols and chains makes cross-chain solutions attractive targets for attackers, potentially leading to security vulnerabilities.
Notably, several of the largest hacks in the crypto sector have been the result of bridge exploits. Leclere pointed to the infamous $650 million Ronin bridge hack as the worst on record, emphasizing the need for serious security upgrades to address this ongoing issue in the industry.
Phil Larratt, the director of investigations at Chainalysis, echoed the caution, stating that illicit actors are expected to become more sophisticated in their tactics, especially as traditional organized criminals and financial crime actors increasingly adopt crypto. Larratt predicted that the next wave of Crypto thieves would likely utilize privacy coins, bridges, mixers, and other obfuscation tools more extensively.
In response to this trend, Larratt emphasized the need for more intensive law enforcement investigations, increased training and knowledge sharing, advanced fraud protection programs, and continued partnerships between the public and private sectors to counteract evolving cyber Crypto thieves in the crypto space.
Also read: Spot Bitcoin ETF inflows could dwarf all 150 crypto ETPs today