Visa, one of the world’s leading payment providers, has released its biannual threat report, revealing that 2022 saw a record-breaking number of cryptocurrency thefts, with over $3 billion stolen in on-chain exploits. The report covers all types of digital payment system violations worldwide, including plastic card fraud schemes and malware, but has a separate section dedicated to cryptocurrency and digital platforms.
The report identifies token bridges as a common target for threat actors. These bridges enable the exchange of cryptocurrencies between different blockchain networks, but fraudsters often exploit smart contracts within the bridge service to either create new transactions or allow for unauthorized transactions to be approved. Between January and early October 2022, a total of $2 billion was stolen via token bridges.
Visa’s report also highlights a cryptocurrency-focused phishing campaign that targeted crypto exchanges. The attackers impersonated a crypto exchange in emails to collect the victim’s account login data. When the actual exchange prompted the threat actor for two-factor authentication (2FA), the attacker used the spoofed site to obtain the victim’s 2FA information, allowing them to complete the login process using the genuine 2FA from the spoofed site.
In February, it was reported that Visa and Mastercard would delay the launch of new partnerships with crypto firms due to high-profile bankruptcies in the industry. However, Cuy Sheffield, Visa’s head of product, refuted the claims, stating that Visa would continue to partner with crypto companies to enhance fiat on and off-ramps and create new products to facilitate stablecoin payments.
Despite the delay, the cryptocurrency market has continued to grow, with Bitcoin’s market capitalization surpassing Visa’s for the third time in history on February 20. By March 14, the gap between the two had grown to over $20 billion in favor of Bitcoin.
Cryptocurrency thefts have been a recurring problem in the industry, with exchanges and users often targeted by hackers. In 2019, the infamous hack of Japan-based exchange Coincheck resulted in the loss of over $500 million worth of cryptocurrency. Similarly, the 2021 Colonial Pipeline ransomware attack involved a demand for payment in Bitcoin.
Visa’s report highlights the importance of securing token bridges and exchanges, as well as the need for continued efforts to enhance security measures in the cryptocurrency industry.