- More crypto hackers are opting for white hat bounties rather than trying to cash out stolen funds
- TRM Labs says that increased blockchain surveillance and regulations have made cashing out stolen funds riskier
- Hackers are preferring to negotiate white hat bounties
The number of crypto hackers preferring hacking bounties over their stolen loot is increasing, according to blockchain intel firm TRM Labs. A new report has found that hackers stole around $400 million from crypto projects in 40 attacks in the first three months of 2023, a 70% decline from the same period last year, with more opting for a ‘white hack’ bounty rather than walking off with the funds themselves. The increased oversight on exchanges and offramps and the increased abilities of blockchain forensics firms to trace stolen funds are likely behind this trend, which will hopefully increase in line with regulations.
Average Hack Size Down by Two Thirds
According to TRM, the average hack size in the first quarter of this year dropped to $10.5 million from $30 million during Q1 of 2022, of which half was returned by the perpetrators. Such examples include the TenderFi hacker, who returned half of the $1.6 million he stole, collecting an $850,000 bounty; the Euler hacker, who agreed to return the entire $200 million he took; and the Safemoon hacker, who kept just $1.9 million worth of the $9 million worth of tokens he stole.
TRM Labs cites a number of reasons why the number of hacks is dropping and hackers are opting to return some, or all, of their loot. They argue that the prosecution of Mango Markets manipulator Avraham Eisenberg, who carried out a staggering $116 million price manipulation attack against the DeFi platform last year, has put many off from trying the same thing, despite Eisenberg claiming that his actions do not constitute criminal activity.
Moreover, however, is the fact that the options for easily cashing out stolen funds are narrowing year on year. Centralized exchanges are hotter than ever on preventing stolen coins from entering their platforms, and almost all employ some kind of blockchain tracing software. Those that don’t employ such software can rely on a network of exchanges that do to inform them when suspected hacking gains are being sent their way.
Cashing Out Becoming Harder
TRM argues that hackers are also finding that options of cashing out crypto without first having to provide their identity are becoming smaller and smaller, meaning that they have to find more inventive ways of getting the crypto discreetly turned into cash.
Finally, the seizure of mixing services Tornado Cash and Chipmixer, the latter of which was also suspected to be a CIA honeypot, has led hackers to think twice about using such services.
All the factors explain why the rate of crypto hacking is slowly going in the right direction, and long may it continue.