Crypto losses fell to $49 million in February, but attackers are switching to phishing and user manipulation, Nominis says.
A report by blockchain security firm Nominis shows that total losses from cryptographic attacks fell 87% in February from $385 million in January to $49.3 million.
However, while the decrease in the total value stolen indicates an improvement in the security of the protocol, Nominis claims that a closer look at the events of the month shows that attackers are shifting their focus away from exploiting the code and towards manipulating the people who use it.
Anatomy of Cryptographic Attacks February
According to a report from Nominis, the attack on Step Finance, a Solana-based decentralized finance (DeFi) platform, caused more than 60% of its total losses in February.
In this case, the attackers are said to have compromised devices belonging to the project’s executive team, which could expose private keys or allow unauthorized operations to be approved. They then allocated and transferred 261,854 SOLs worth up to $40 million from the wallets the project belonged to.
The damage was so severe that Step Finance had to shut down its main platform and its subsidiary projects, including SolanaFloor and Remora Markets.
The rest of the losses came from a scattered mix of attacks, including $3 million lost by CrossCurve, a cross-chain protocol currency, when an attacker used faulty authentication logic in a contract to process incoming messages from the Axelar network.
Elsewhere, YieldBlox, a DeFi lending platform, lost nearly $10.2 million after a bad actor changed its collateral pricing logic so it could borrow more than it was allowed to.
You may also like:
There were also several poisoning scams on individuals whose losses ranged from about $100,000 to $600,000. Others were discharged after unknowingly signing up for malicious token endorsement deals. This is a technique where a fake prompt tricks people into allowing criminals to take money from their wallets.
A broader pattern emerges
In addition to the direct attacks, there were several other significant discoveries made by investigators and law enforcement in February. For example, SlowMist published a technical breakdown of a phishing campaign that specifically targeted crypto project administrators.
In this campaign, attackers created fake versions of real token tools to trick operators into giving them access to contracts.
Meanwhile, South Korean authorities are investigating a case where a seed phrase was accidentally exposed in a publicly shared photo, which allowed attackers to recover a wallet and steal around $5 million worth of crypto.
In its enforcement, the US Department of Justice announced that it had seized more than $61 million in cryptocurrency linked to a hog-killing investment fraud scheme. Investigators were able to trace the money through blockchain analysis and obtain a legal seizure of the funds.
Based on the events of February, the loss of funds is not primarily through the use of an unknown vulnerability in the main code. Nominis research found that most of the losses are now due to compromised user accounts, misleading transaction requests and users copying the wrong wallet address. According to the company, the most vulnerable aspects of the cryptocurrency ecosystem are not the blockchains themselves, but the human behavior and operational practices surrounding them.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and get a $600 welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a FREE $500 position on any coin!
