A Chainalysis report has found an increase in number of exchange hacks in 2019, though less crypto was actually stolen than in previous years.

The findings

In the report, Chainalysis includes only exchange attacks (excluding wallet providers, payment processors, etc.). The firm includes hacks against technical vulnerabilities, deceptive attacks, like social engineering, and attacks that they confirmed and measured in value. It also includes hacks from private sources, so long as they didn’t skew the data.

Of the 11 hacks, the $105 million lifted from Coinbene was the most lucrative. The average value per attack ($26 million) shows a precipitous drop from the year prior ($146 million in 2018). Only a little over half broke the $10 million mark. Chainalysis observes that though a rise in attacks causes concern, the drop in stolen funds reflects advances in exchange security.

Where the funds go

Most of the stolen crypto goes through other exchanges. Chainalysis assumes it’s then converted into cash but notes that a large amount can stay idle, which gives law enforcement the chance to trace the hackers. Third-party mixers or CoinJoin wallets help attackers muddy the origin of stolen funds.

The report finds that exchanges have adapted positively. Many keep a lower percentage of funds in hot wallets, amp up withdrawal authorization and pay greater attention to suspicious activity to catch hackers sooner. Yet the report concedes that the most successful criminals, such as Lazarus Group, now use more refined attacks and better methods to launder the pilfered funds.