Tracking stolen crypto — How blockchain analysis helps recover funds

Over $900 million was hacked in crypto in 2023. How can blockchain analysis help in finding and retrieving stolen assets?

Amid the rapid evolution of decentralized finance (DeFi) and the broader Web3 landscape, security is of paramount importance. New threats continue to emerge, making it essential to understand attack patterns for risk assessment and reliability evaluation. In 2023 alone, over $990 million was lost or stolen, according to Cointelegraph’s Crypto Hacks database. 

This growing demand for security has led to the emergence of a diverse ecosystem of Web3 security expertise, ranging from decentralized identity solutions to smart contract auditors, ensuring the safety of this dynamic digital space.

Sign up to the Cointelegraph Research Crypto Hacks Database here

The Lazarus Group, a state-affiliated hacking group from North Korea, remains a persistent threat. Lazarus was responsible for confirmed losses totaling at least $291 million in 2023. Even as the year progressed into the third quarter, Lazarus remained active and was responsible for the attack on CoinEx, resulting in losses exceeding $55 million, leaving a chilling reminder of the cybersecurity challenges.

Fortifying crypto security with blockchain analysis

Furthermore, even companies sometimes struggle to combat potential hacks and exploits. Accordingly, solo crypto enthusiasts need skills to conduct analysis and research to protect funds. Blockchain analysis is the investigative process of examining blockchain transactions to trace illicit activities and recover stolen assets. Here’s how it works:

  1. Transaction tracing: Blockchain analysts meticulously trace blockchain transactions involving stolen cryptocurrency.
  2. Address clustering: Analysts group related addresses to identify the flow of stolen funds. This clustering helps to understand how funds move between wallets.
  3. Behavioral analysis: Analysts can identify unusual or suspicious behavior that may indicate hacking or theft by studying transaction patterns.
  4. Pattern recognition: Analysts use historical data and known attack patterns to recognize emerging threats, allowing for early detection and mitigation.
  5. Regulatory vigilance: Governments worldwide are pushing to introduce stricter Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in crypto.
  6. Collaboration: Blockchain analysis often involves collaboration with law enforcement agencies, exchanges, and other stakeholders to freeze or recover stolen assets.

When investigating a cryptocurrency hack, blockchain analysis is one of the tools at an investigator’s disposal. Open-source intelligence (OSINT) is another critical component. Investigators use OSINT to gather information about individuals or entities involved in the hack. This may include using tools like Etherscan, Nansen, Tenderly, Ethective or Breadcrumbs to understand the situation better.

By combining blockchain analysis with OSINT, investigators can construct a comprehensive view of the hack, potentially identifying the perpetrators and recovering stolen assets more effectively.

In a notable case, the perpetrator of the Curve Finance exploit, which resulted in over $61 million in crypto losses on July 30th, has returned around $8.9 million in cryptocurrency to Alchemix Finance and Curve Finance. Surprisingly, the attacker’s motive was not to evade capture but to preserve the integrity of the exploited protocols. The attack, exploiting a reentrancy bug, affected various pools, including Alchemix Finance’s alETH-ETH, JPEG’d pETH-ETH and Metronome sETH-ETH pools. While the returned funds represent roughly 15% of the total drained, this incident highlights the intricate ethical and motivational dynamics in the crypto space following security breaches.

On-chain data remains an invaluable investigative tool, unique to the world of blockchain and crypto assets. Thanks to the underlying distributed ledger technology, it provides all Web3 enthusiasts with an exceptional window into asset movements, transaction tracking, and robust analysis capabilities. Make the most of these opportunities by exploring the Cointelegraph Research Crypto Hacks database, an indispensable resource for gaining comprehensive insights into recent security incidents and emerging threats. Discover how this powerful tool can empower you to protect your crypto assets and stay ahead of potential risks.

The Cointelegraph Research team

Cointelegraph’s Research department comprises some of the best talents in the blockchain industry. Bringing together academic rigor and filtered through practical, hard-won experience, the researchers on the team are committed to providing the most accurate, insightful content available on the market.

With decades of combined experience in traditional finance, business, engineering, technology and research, the Cointelegraph Research team is perfectly positioned to put its combined talents to proper use.

The opinions expressed in this article are for general informational purposes only and are not intended to provide specific advice or recommendations for any individual or on any specific security or investment product.

bitcoin
Bitcoin (BTC) $ 94,051.20
ethereum
Ethereum (ETH) $ 3,384.01
tether
Tether (USDT) $ 0.998802
bnb
BNB (BNB) $ 687.00
xrp
XRP (XRP) $ 2.23
solana
Solana (SOL) $ 188.09
dogecoin
Dogecoin (DOGE) $ 0.320014
matic-network
Polygon (MATIC) $ 0.496647
chainlink
Chainlink (LINK) $ 23.91
shiba-inu
Shiba Inu (SHIB) $ 0.000022
nexo
NEXO (NEXO) $ 1.36
enjincoin
Enjin Coin (ENJ) $ 0.231114
cardano
Cardano (ADA) $ 0.907452