Hacks and Scams

Crime is an ongoing problem in the cryptocurrency space and DAOs are not immune. According to blockchain data firm , over $14B was stolen in 2021 across the broader ecosystem.

Criminals Received Over $14B in Cryptocurrencies in 2021

Three of the most popular methods used by criminals include:

• Malware: Malicious software that infiltrates a user’s computer, generally gaining access to his or her private keys

• Code Exploits: Occur when coders find a vulnerability in a smart contract and leverage that to siphon funds to their own address

• Scams: Utilize social engineering to deceive users and steal funds (e.g. a Ponzi Scheme)

Let’s take a deeper look into each of these categories below:

Malware

Malware was responsible for over $3B of losses in 2021.

Malware Cost Users $3.2B in 2021

The most popular methods used by hackers include:

• Cryptojacking: The unauthorized use of someone else's computer to mine cryptocurrency. Technically, cryptojackers are stealing computing power (and therefore electricity), but this can be given a numerical value.

• Trojans: Viruses that look like legitimate programs but instead infiltrate a users computer to steal important data such as a person’s private keys

• Clippers: Clipping is the process of inserting new text into a user’s clipboard. Hackers use this to insert the address of their crypto wallets, so when a user goes to transfer funds it is redirected to the hacker (note: always triple check the address you’re sending to!)

• Info Stealers: Collect saved files, autocomplete history and seed phrases from compromised computers.

Code Exploit

Like any piece of software, smart contracts with poorly written code have significant vulnerabilities. This is common across the cryptocurrency sphere and the DeFi, NFT, Smart Contract and Web3 spaces all suffered hacks. DAOs will not be the exception to the rule.

Projects lost hundreds of millions to hacks in 2021. Notable exploits include:

Notable Hacks in 2021

Ironically the first DAO, known simply as “The DAO”, was the victim of an exploit. The project launched in 2016 and raised $150 million worth of Ether. Less than three months after launching, it was hacked, causing the project to lose $60 million.

The DAO hack caused controversy on many levels in the space. Notably, there was a debate on whether or not to reverse the transaction. Doing so would effectively return the funds, but also go against the spirit of decentralization and set a poor precedent.

Voters ultimately decided to reverse the attack, “forking” Ethereum blockchain into:

• Ethereum: The version that restores the funds lost in the attack to their original addresses. This is the chain that most people use today

• Ethereum Classic: The original chain that preserves the hack. Classic is much less popular and trades at approximately 1% of the value of ETH

Although the funds were restored, the hacker did not lose out entirely, as he or she still retains possession of Ethereum Classic coins which are now worth $8.5 million.

Scams

Outright scams were the largest source of cryptocurrency-based crime, costing users over $7.7B.

Scammers Stole $7.7B in 2021

While there are multiple types of scams in the crypto world (e.g. ponzi schemes, pump-and-dumps), a new form gaining notoriety is the “rug pull”.

Rug pulls (aka “rugs”) occur when a founder creates a project with the intent to abandon it and run off with the investor’s funds. Critics argue that the hype around the space, lack of investor protections, ability for founders to remain anonymous and self-custody of funds provide an ideal breeding ground for these types of scams.

Indeed, rugs cost investors billions and accounted for 37% of the total crypto scams in 2021 (up from 1% in 2020). They have infected nearly every vertical including DAOs, DeFi, NFTs and cryptocurrencies.

Notable projects accused of rug pulling are AnibusDAO, Thordex, Uranium Finance, Meerkat Finance, SnowdogDAO , Squid Game Token and Evolved Apes.

While DAOs definitely face a host of problems, they honestly don’t concern me too much. We are still very early and lots of smart people are working hard on finding solutions. In fact, serious problems at this stage of development are to be expected – that’s the nature of disruption.