In its essence, Ethereum extended over the Bitcoin payment mean, by adding a rich programming language enabling the execution of smart contracts.
While this innovative technology attracted a great deal of crypto-enthusiasts that saw in it great potential, it also became home to cybercrime in a significant way.
As it is often the case with new technologies, hackers embraced it and stole millions of dollars in the past years.
The first major cybercrime incident
Many cryptocurrency enthusiasts recall the month of June 2016 as the month of the first major cybercrime incident on Ethereum. The network started gaining momentum when The DAO project was announced, and its ICO managed to raise a historic $150 mln.
Such an amount inevitably peaked the interest of hackers that began exploring the project’s code, and ultimately finding a “bug.” It was used to drain $74 mln of the raised pot, which represents nearly 40 percent of the total ICO funds.
While some of it was eventually recovered, the incident rang a first red alarm and called for more security and caution when dealing with Ethereum.
The rise of the Ether thieves
Since Ethereum makes it relatively easy for developers to build complex smart contracts and decentralized autonomous apps (DApps) and given the rising price of ETH, it became the platform of choice for these token sales that became more popular than ever.
“The rise of cybercrime on Ethereum has risen in tandem with the big ICO financing, with total cybercrime revenue rising from $100 mln in June to $225 million in August this year.”
Source: Chainalysis
Not only do these ICOs cripple the Blockchain on a regular basis, but there is also a significant security risk associated with such projects. Chainalysis estimates that out of the $1.6 bln invested in ICOs this year, $150 mln have ended up in the hands of cybercriminals.
In other words, 10 percent of raised funds end up in the wrong hands. This accounts for approximately 30,000 victims losing an average of $7,500 each.
Exploits, hacks, phishing and Ponzi
The common cybercrimes on Ethereum can be categorized into four categories: exploits, hacks, phishing and Ponzi schemes.
The highest grossing exploit was the DAO, but another $30 mln was stolen from the Parity wallet in June 2017.
While some cyber criminals have opted for high profile hacks and exploits, phishing is actually driving the most revenue today.
It now makes up more than 50 percent of all cybercrime revenue generated this year ahead of exploits which sometimes get the most coverage in the press due to their nature.
Cybercrime | Stolen funds | Number of victims |
Phishing | 115,000,000 | 16,900 |
Exploits | 103,000,000 | 11,000 |
Hacks | 7,400,000 | 2,100 |
Ponzi | 4,000 | 260 |
Total | 225,400,000 | 30,260 |
Statistics on cybercrime on Ethereum are made possible given the public nature of the Blockchain that allows the analysis and auditing of transactions made on the network.
More and more solutions are launched to keep tabs on Blockchain trends and extract intelligence out of it.
The Ethereum technology is improving, and developers are writing more secure contracts which are positive trends. However, protecting users from phishing is a different matter.
The Ethereum Scam Database, which has been created in 2017 by the MyEtherWallet team, regularly identifies and lists the ongoing scams, and it is worth checking before investing in an ICO.