Crypto hacks are one of the most pressing challenges stopping the widespread adaptation of crypto and blockchain technology in the traditional finance space.
According to a Chainalysis report, more than $3 billion worth of cryptocurrency has been stolen so far in 2022 alone.
Firstly, in a climate like this, it’s crucial you take all the proper precautions to protect your crypto. Secondly, learning how crypto hacks work, how hackers steal crypto, where they steal from, etc., can help us better defend ourselves against potential attacks.
In this short guide, we’ll explain how these hacks go down, the most common targets for hackers to loot crypto and why the crypto space is so prone to hacks.
How Do Hackers Steal Crypto?
When people talk about crypto hacks, usually, they are referring to DeFi hacks – incidents where hackers exploit the vulnerabilities of a protocol or the underlying blockchain to steal funds. But that is only one way to steal crypto. We can roughly categorize all hacks into three categories –
Exploiting Code Vulnerabilities
This is the most common of all hacks. Since most blockchain and DeFi platforms are open source, anyone with decent coding expertise coupled with malicious intent can find loopholes and flaws in the code to trick the system and steal funds.
It’s highly lucrative and scalable for hackers to go this route because instead of hacking a single account or wallet, you’re hacking an entire platform or blockchain to drain millions of dollars at once.
DeFi platforms like liquidity pools, cross-chain bridges and yield farming protocols, which usually have a massive collection of funds, are the primary targets of these hacks.
This is relatively less common but still exists. It’s when someone steals your email, password or private keys, or all of them to steal your funds through phishing attacks, malicious software or hacking into the database of a centralized platform.
Inside Jobs and Compromises
This is when someone, like a developer or custodian, gets compromised and uses their authority to steal funds.
Some might confuse them for crypto scams, but a scam is when a person or multiple people devise a plan to pull off a fraud.
Inside jobs and compromises are slightly different. An organization or platform may not have any intention to scam anyone. Maybe it’s legit. But someone on the inside exploits their position and access to sensitive information to steal funds.
Most Common Targets of Crypto Hacks
DeFi Crypto Hacks
As we mentioned, the most common hacks are when hackers exploit coding vulnerabilities and flaws. And that is why it makes DeFi platforms the most common and profitable target of hackers. According to another report by Chainalysis, more than $700 million has already been stolen in DeFi hacking incidents in October alone.
Interestingly, within the DeFi space, cross-chain bridge attacks have contributed $2 billion, more than half of the total stolen amount this year. Cross-chain bridges are platforms where one can deposit their cryptocurrency of one blockchain and, in return, get a wrapped token of the same value of a different blockchain.
Rubic is the latest cross-chain attack victim this year, losing over $1 million worth of crypto after hackers stole the admin’s private keys.
Crypto Exchange Hacks
Most crypto exchanges keep a small portion of their total crypto reserve in hot wallets, while most of it is kept in cold storage or managed by custodian services. This makes crypto exchanges an ideal target for hackers.
Since private keys to hot wallets are stored in software connected to the internet, it makes them a primary target for hackers.
In January 2022, Crypto.com, one of the most trusted crypto exchanges, became victim to a crypto hack when hackers managed to disable two-factor authentication and extract $35 million worth of Bitcoin and Ethereum from customer wallets. Read the full story here.
However, cold storage is also not entirely safe. Since most of the funds are stored in cold storage, hackers are constantly looking for ways to access the custodian key itself. Nonetheless, cold storage hacks are quite rare compared to hot wallet hacks.
Check out our guide on custodial vs non-custodial crypto wallets to learn more about them.
Can you Claim Losses for Stolen Crypto?
Whether you can claim losses on stolen or hacked crypto depends on the country you live in.
In the US, most forms of casualty losses are no longer deductible on Form 4684 after the Tax Cuts and Jobs Act got passed in 2017, which also applies to theft losses. However, you can still consult a tax professional, as exceptions exist.
Check out our guide on claiming lost and stolen crypto on your tax return to know more.
Unlike the US, most countries allow taxpayers to claim losses on stolen or hacked crypto. The following is a list of countries where you can deduct such losses, assuming you provide sufficient evidence to prove your claim –
- South Africa
- The Netherlands
- Sweden (Sweden exempts you from paying taxes on lost or stolen crypto, but you can’t offset them against your gains)
Countries not mentioned here either don’t allow taxpayers to claim losses on stolen crypto or haven’t yet provided enough clarity on crypto hacks and their tax consequences.
You can still check out our Crypto Tax Guides for different countries to learn more.