According to the global payment provider Visa, 2022 became a record-breaking year for cryptocurrency thefts, with over $3 billion stolen in on-chain thefts. Cryptocurrency bridge services were a favored target for threat actors.
Visa published the biannual threats report on March 20. On 24 pages, the document contains data on all sorts of violations that occurred in the digital payments system globally last year — from plastic card fraud schemes to malware. A separate section is dedicated to cryptocurrency and digital platforms.
It pays special attention to token bridges and their vulnerability. Commonly the fraudsters exploit a bridge service’s smart contracts to either forge new transactions or allow for the approval of unauthorized transactions. The total amount of funds, stolen via token bridges, totals $2 billion from January through early October 2022.
The report also mentions a crypto-focused phishing campaign, whose actors were impersonating a crypto exchange company in emails to harvest the victim’s account login data. Once the real exchange prompts the threat actor for the two-factor authentication (2FA), he would use the spoofed site to prompt the victim to enter their 2FA information. And then would use the real 2FA from the spoofed site to complete the login process.
In February, it was reported that, along with its competitor Mastercard, Visa would delay the launch of new partnerships with crypto firms due to high-profile bankruptcies in the industry. However, Cuy Sheffield, head of product at Visa, dubbed the report inaccurate and reassured that Visa would “continue to partner with crypto companies to improve fiat on and off ramps” and “build new products that can facilitate stablecoin payments.”