Written by: Robert Wallace, Blas Kojusner, Joseph Dobson
Where money goes, crime follows. The rapid growth of Web3 has presented new opportunities for threat actors, especially in decentralized finance (DeFi), where the heists are larger and more numerous than anything seen in the traditional finance sector. Mandiant has a long history of investigating bank heists. In 2016, Mandiant investigated the world\'s largest bank heist that occurred at the Bank of Bangladesh and resulted in the theft of $81 million by North Korea\'s APT38. While the group\'s operations were quite innovative and made for an entertaining 10-episode podcast by the BBC, it pales in comparison to Web3 heists. In 2022, the largest DeFi heist occurred on Sky Mavis\' Ronin Blockchain, which resulted in the theft of over $600 million by North Korean threat actors. While North Korea is arguably the world\'s leading cyber criminal enterprise, they are not the only player. Since 2020, there have been hundreds of Web3 heists reported, which has resulted in over $12 billion in stolen digital assets
Source: Chainalysis 2024 Crypto Crime Report
While social engineering, crypto drainers, rug pulls (scams), and
Notes
★★
Envoyé
Oui
Condensat
$10 $100 $12 $20 $200 $30 $300 $350 $55 $600 $70 $81 /10**dtoken /10**etoken /prod/wallets/btc/db/password /prod/wallets/eth/db/password /prod/wallets/signing /prod/wallets/wallets 000 0: raw 0: assert 0x34605f1d6463a48b818157f7b26d040f8dd329273702a0618e9e74fe350e6e0d 10**etoken 10**token 200 2014 2016 2020 2022 2023 2024 2:launch 2bsee07mzxs/tmbsbm7bir/diudmuroys/xog5a 3cx 3d 700 :true : : old ; console label com @nonreentrant aave able abound about abused account acquire acquired actor actors address advanced affecting after again against agent agents alerting algorand all allow allowed allowing allows also although always amount amount: amounts amounts: amount amount self another any anything anytime apple applied approve approximately apps april apt38 arbitrage arbitrarily are arguably arithmetic; article assets associated attack attacker attackers attacks autonomous autoserverupdate available aws back backdoor bad balance balance: balanceof balances bangladesh bank based basic bbc because become been before behavior behaviors behind being benefit billion bitcoin blas blockchain bool borrow borrowed borrowing borrows btc burn but buying by: bypasses bytecode bytes bytes32 c&c call calls came can case cash cause causing chain chainalysis challenge challenges change changed changes changing chat cheaply cheating check claims class= closed cloud cloudtrail code coding coins coins @return col collapse collateral collateral: collateralized collects com/dtds/propertylist command common communicates community comparison compile compiled complete complex comprehensive compromise compromised compromises computation conclusion conducting conference confirm consider console contacted contained contract contracts control controlled conversation convert could cover covertcatch create creating credential credentials crime criminal criminals critical crypto cryptocurrency current curve customers cyber daemons dai damaging dao daos date day debt debt: debts decentralized decimals decision decompiled decrypted def defi defied delay delivered denver depends deploy deployed deposit deposited deposits description designed despite destroy detect detected detection develop developer developers developing did different digital discount disguised disruption divert dmm dobson documentation dollars domain donate donateamount donatetoreserves donation donator done downloading downstream dprk drain drained drainers draining dropped dtd dtoken due during dwell earlier earliest early ec2 edai efforts emergencystop employ empty enable enabling engineer engineered engineering enough ensure ensured entered enterprise entertaining environment episode equal equity especially essential establish established estimated eth ether ethereum etoken euler eulerprotocol evaluate even events eventually evolving exactly examining example exchange exchanges execute executed execution expand expectations expected exploit exploited exploiting exploits external extra facing fake fast faulty favor february fee fell fewer figure file finally finance financial finding findings finished firm first five flash flaw flaws followed following follows foothold force foundation frauds frequently from frontend full function functions fund fundamentally funds fungible future gain games generated give given giving goes good google governance gox grant granted greater grid group growth guaranteed guard hack hacked hackers had has have having health heavily heist heists heist” help helps here high highly history holders hostile hosting hot hour how however http://www https://autoserverupdate hundreds identified ierc20 image imbalance immutable impactful implementing improved incentivizing incident incidents include included indicating infection influential information infrastructure initial initialbalance initially initiated initiates initiating innovation innovative instance insurer
Tags
Malware
Hack
Vulnerability
Threat
Cloud
Stories
APT 38
Move
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.
Mandiant
Source: Chainalysis 2024 Crypto Crime Report
While social engineering, crypto drainers, rug pulls (scams), and 