

Merkle Science analysts reveal alarming trends in private key compromise, DeFi hacks, smart contract exploits, and more. What can these trends tell us about the future of crypto crime and risk mitigation?
The ever-evolving landscape of crypto crime offers invaluable lessons for financial crime investigators. By analyzing recent trends and money laundering tactics, we can uncover critical insights to shape our strategies moving forward. Our 2024 Hackhub Report highlights alarming trends in private key compromises, decentralized finance (DeFi) hacks, smart contract exploits, and more. Understanding these evolving trends helps financial crime investigators better investigate and mitigate future crime.
This blog analyzes some of the key takeaways from the 2024 Hackhub Report to give you key insights into the latest criminal trends and delves into the future of crypto crime, exploring how innovation in the crypto space will influence the next frontier in financial crime.
For a deeper dive into our data and case studies, download our full report or request a consultation with our team.
While 2023 saw 10% more attacks than the year prior, attackers netted 15% less funds on average.
.avif)
2023 was a year that epitomized both the persistent security challenges facing the blockchain ecosystem, and its ecosystem players' resilience against these challenges. While the total value stolen in 2023 dropped by 15% compared to 2022, the number of attacks increased by approximately 10%.
Why it matters:
Private key compromises in DeFi and hot wallet attacks in CeFi accounted for more than half of stolen funds in 2023

Private key compromises and hot wallet attacks surged in 2023, becoming the largest attack vectors responsible for over 78% of total losses, amounting to $2.5 billion.
Why it matters:
Despite monetary losses due to smart contract vulnerabilities dropping 93%, they still made up nearly half the number of all hacks in 2023
Losses due to smart contract vulnerabilities dropped by a staggering 93% from 2022, totalling $171 million. However, these vulnerabilities still accounted for nearly half of all hacks in 2023, underscoring the ongoing risk they continue to pose.
Why it matters:
Attackers continue to focus on vulnerabilities in DeFi projects rather than CeFi as DeFi projects suffer the most losses in 2023

Decentralized Finance (DeFi) projects continue to be the primary focus of attacks, with smart contracts and protocols on Ethereum and Binance Smart Chain suffering the most exploits. As DeFi grows, so does its attractiveness to attackers, necessitating rigorous security measures and continuous monitoring.
Why it matters:
Looking Ahead at the Future of Crypto Crime—How innovation will affect victims, criminals, and investigators
As the cryptocurrency landscape continues to evolve and expand, so too does the complexity and sophistication of crypto crime. From the DeFi sector bringing in novel attack vectors to investigators continuing to advance their crypto expertise, the battle against crypto crime is entering a new phase. Based on the current trends revealed in our Hackhub Report, we predict the following:
While the crypto ecosystem continues to grow and evolve, the methods behind crypto crime will continue to become increasingly sophisticated. But recent high-profile arrests highlight how crypto-savvy investigators can turn the tide.
The recent arrest of Anton Peraire-Bueno and James Pepaire-Bueno, two brothers accused of exploiting the Ethereum blockchain—in the first ever attack of its kind—to steal $25 million in cryptocurrency, underscores both the growing sophistication of crypto crimes and the advanced capabilities of modern investigative agencies.
The Peraire-Bueno brothers, leveraging their advanced education in mathematics and computer science, devised a novel scheme to manipulate the very protocols that ensure the integrity of blockchain transactions. Their meticulously planned operation involved months of preparation, including studying the trading behaviors of their victims and setting up shell companies to conceal their identities.
In just 12 seconds, the brothers executed their exploit, fraudulently accessing and altering pending transactions on the Ethereum blockchain. Despite their technological prowess and efforts to cover their tracks, the sophisticated investigative work of the Department of Justice (DOJ) and the IRS Cyber Investigations Unit unraveled their scheme. Using cutting-edge technology and traditional investigative techniques, these agencies traced the stolen funds, leading to the arrests of the Peraire-Bueno brothers.
This case illustrates a critical point: as cryptocurrency markets evolve, so too will the methods used by criminals. However, it also highlights the resilience and adaptability of law enforcement agencies. The expertise demonstrated by the DOJ and IRS in this case is a testament to their commitment to maintaining the integrity of financial systems and supporting victims of crypto crimes.
By staying ahead of emerging threats, these agencies are not only bringing perpetrators to justice but also restoring confidence in the cryptocurrency ecosystem. Continued education, learning advanced investigative techniques, and keeping up with innovation in the space are crucial for investigators to effectively tackle novel crimes like this one. This commitment to ongoing development ensures that law enforcement remains prepared to counter the ever-evolving tactics of cybercriminals.
Wider adoption of innovations in private key management—such as MPC key generation and smart accounts—will make it harder for criminals to compromise private keys, but these techniques will also open novel attack vectors yet to be seen.
With private key compromises and hot wallet attacks on the rise, it's imperative to implement and enforce strong key management practices. We’re past the days of simply saving your single private key in a safety deposit box at your bank. The wider adoption of more secure private key management technologies is set to bolster the security of cryptocurrency holdings significantly.
Innovations like Multi-Party Computation (MPC) key generation and smart accounts are at the forefront of this movement, offering enhanced protection against traditional key compromise methods. MPC key generation, for instance, involves multiple parties collaboratively generating and managing cryptographic keys without ever exposing the entire key to any single party. This method drastically reduces the risk of a single point of failure, making it exponentially more challenging for cybercriminals to steal private keys.
Similarly, smart accounts, which leverage programmable smart contracts to manage access and permissions, add another layer of security and functionality. These accounts can incorporate features such as multi-signature requirements, automated recovery processes, and user-defined spending limits, all of which contribute to a more secure and user-friendly experience. As a result, the adoption of these innovations is expected to create a more resilient ecosystem, where individual users and institutions can safeguard their assets more effectively.
However, with these advancements come new challenges. As with any technological innovation, the introduction of MPC key generation and smart accounts will likely bring about unforeseen attack vectors. Cybercriminals are adept at adapting to new security measures, and the complexity of these technologies may present opportunities for novel exploits. For instance, vulnerabilities in the implementation of MPC protocols or flaws in smart contract code could be targeted, potentially leading to sophisticated attacks that were previously unimaginable.
The ongoing development and integration of these technologies will require a proactive approach from both the crypto industry and regulatory bodies. Continuous research, rigorous testing, and collaboration between security experts will be essential to identify and mitigate emerging threats. Additionally, educating users about the proper use and potential risks associated with these advanced key management techniques will be crucial in fostering a secure and trustworthy cryptocurrency environment.
DeFi will continue to be a hotbed for criminal exploitation, with funds moving to CeFi exchanges to off ramp to fiat.
DeFi has revolutionized the financial landscape by providing decentralized alternatives to traditional financial services. However, its rapid growth and relatively unregulated nature have also made it a prime target for criminal exploitation. DeFi platforms, with their open-source protocols and automated smart contracts, offer cybercriminals a plethora of opportunities to exploit vulnerabilities and abscond with vast amounts of digital assets.
Once illicitly obtained funds are secured within the DeFi ecosystem, criminals often seek ways to convert these digital assets into fiat currency—a process known as off-ramping. Centralized Finance (CeFi) exchanges, with their robust infrastructure and deep liquidity, are the prime focal point for these activities. Criminals utilize a variety of techniques to move their funds from DeFi to CeFi platforms, including chain-hopping (moving funds across different blockchain networks), mixing services (which obfuscate transaction trails), and using decentralized exchanges (DEXs) to swap tokens.
Despite the efforts of CeFi exchanges to enforce stringent Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols, oftentimes the funds entering the exchange can be so far removed from the initial criminal act that it may be difficult for their automated systems to detect the link. Or the DeFi hack wasn’t high-profile enough to catch the attention of the necessary parties to tag the appropriate addresses before the funds could be off-ramped.
The ongoing battle against DeFi exploitation and the subsequent off-ramping to CeFi exchanges requires a multifaceted approach. Strengthening the security of DeFi platforms through rigorous code audits, real-time monitoring, and the implementation of advanced security measures is paramount. Additionally, fostering collaboration between DeFi and CeFi entities, along with regulatory bodies, can help create a more unified front against criminal activities. Enhanced information sharing and coordinated responses to suspicious activities can significantly improve the detection and prevention of illicit transactions.
Level up your ability to investigate and mitigate cryptocrime.
With the right strategies and a proactive approach, financial crime investigators can make significant strides in creating a safer and more secure blockchain ecosystem. By leveraging the latest insights and staying ahead of emerging trends, the crypto community can turn the tide against attackers and build a resilient future.
Advancements in blockchain analytics provide powerful tools for detecting and preventing crypto-enabled crime. By analyzing transaction patterns and identifying suspicious activities, investigators can gain valuable insights into criminal behavior and disrupt illicit networks more effectively. To equip yourself and your team with the necessary tools and knowledge, download our full report on crypto crime mitigation or request a free consultation with our experts. Together, we can build a safer future for the cryptocurrency industry.