Security remains one of the biggest challenges in the digital asset industry; In 2022 alone, the total value of crypto stolen through hacks amounted to $3.8 billion. While this figure is down 77% as of June 2023 compared to the same period last year, it is hard to ignore the imminent threats that hacks and scams pose to the larger digital asset ecosystem.
Notably, Decentralized Finance (DeFi) protocols account for the majority of the hacks, with 82.1% of the funds compromised last year originating from this niche. Over 50% of the hacks in DeFi can be attributed to smart contract vulnerabilities, which, although are a fundamental part of the DeFi ecosystem, also present huge security risks.
Source: Footprint Analytics
In the next sections of this article, we will delve into the state of security in the digital asset market, highlighting the top 10 hacks in crypto in 2023, along with key trends shaping the security landscape of this industry.
Top 10 Crypto Related Exploits of 2023
|Mixin Network||$200.000.000||Mixin Network suffered a hack in September 2023. The breach occurred when hackers compromised the database of Mixin’s cloud service provider, resulting in the loss of digital assets worth $200 million.|
|Euler Finance||$197.000.000||Euler Finance experienced a flash loan attack in March 2023, during which malicious actors absconded with $197 million.|
|Multichain||$126.000.000||Multichain cross-chain protocol was abnormally drained of $126 million on July 7 when the digital assets on the MPC bridge were ‘exploited’ by hackers. According to on-chain data, over $102 million was drained from Multichain’s Fantom bridge, although post-analysis revealed this hack could also have been a rug pull by the Multichain team.|
|Atomic Wallet||$100.000.000||Atomic wallet was targeted by North Korean hackers who exploited approximately 5,500 wallets and took off with over $100 million worth of digital assets in June 2023. Following the breach, a group of investors launched a class action lawsuit against Atomic wallet, led by German lawyer Max Gutbrod and Boris Feldman.|
|CoinEx||$70.000.000||CoinEx experienced a cyber attack in September, resulting in the loss of approximately $70 million. The exchange noted that the attack was discovered by its risk control system, which “detected anomalous withdrawals from several hot wallets.”|
|Curve Finance||$61.700.000||Multiple pools on Curve Finance, using Vyper, were compromised through a reentrancy vulnerability in July 2023, resulting in a loss of over $60 million. However, in a surprising turn of events, the hacker later posted a message on the Ethereum network, stating that they would return the funds to avoid ruining the compromised protocols. So far, they have returned $8.9 million worth of Alchemix ETH (alETH).|
|Alphapo||$60.000.000||Alphapo was also hacked in July with trails pointing to the infamous Lazarus Group, a cybercrime syndicate from North Korea. Initially, the losses were estimated to be around $21 million but were later revised upwards to $60 million when on-chain sleuths discovered that the hackers had also compromised Alphapo’s old addresses.|
|Stake.com||$41.300.000||Stake.com experienced a security breach in September 2023, resulting in a loss of $41.3 million. The attackers initially transferred $16 million worth of DAI, USDT, USDC, and ETH from Stake.com’s ETH address to their personal address, after which they converted the funds into ETH.|
|CoinsPaid||$37.300.000||CoinsPaid fell victim to an attack by North Korean hackers in September 2023. The hackers drained $37.3 million.|
|Bitrue||$23.000.000||Bitrue confirmed in April 2023 that one of its hot wallets had been compromised, with the attackers making off with $23 million.|
Major Trends in Crypto Security Landscape 2023
In addition to the top crypto hacks of 2023, several significant trends have emerged this year in the crypto security landscape.
1 DeFi Accounted for 62% of the Losses in H1 2023
As anticipated, DeFi remains the most targeted niche for crypto hackers. A report by Footprint Analytics revealed that out of the total $471.4 million lost in H1 2023, DeFi accounted for $292.6 million, which is approximately 62%.
Source: Footprint Analytics
2 Ethereum is the Most Targeted Chain by Hackers
According to DeFi Llama metrics, Ethereum currently leads the pack in terms of locked value, boasting a TVL of $19 billion, while the overall DeFi TVL stands slightly above $36 billion. Unsurprisingly, this leading DeFi chain is also a hotbed for hackers, given the substantial funds in circulation within the Ethereum ecosystem.
On-chain metrics reveal that over $356 million was lost on the Ethereum blockchain in H1 2023, with the BNB chain following at a distant second with $29 million.
However, at the same time, it is worth noting that the number of Ethereum builders complying with the United States Office of Foreign Assets Control (OFAC) sanctions has increased to 5 out of the top 6 Ethereum block builders, following the Tornado Cash sanctions last year.
Source: Ethereum Censorship
3 Tornado Cash Volume Dramatically Reduced
Still on the Tornado Cash sanction, which came into effect on August 8, 2022, volumes transacted through this tumbler have significantly decreased this year. For context, the U.S. Government sanctioned Tornado Cash, an Ethereum-built protocol, last year to prevent North Korean hackers from further exploiting the crypto ecosystem by stealing funds, laundering, and evading international sanctions.
Source: TRM Labs
4 North Korea Hackers Are Still Very Active
Despite the hurdles placed by the U.S. government and other authorities across the globe, North Korean hackers, particularly the Lazarus Group, have remained active throughout 2023. Out of the top 10 hacks this year, the Lazarus Group allegedly masterminded at least four, including Atomic wallet ($100 million), Alphapo ($41.3 million), Stake.com ($41 million), and CoinsPaid ($37.3 million).
The digital asset industry is still in its early stages of development, particularly concerning newer innovations in the DeFi, NFT, and Metaverse ecosystems. Like any nascent technology, security incidents are bound to occur, but this does not imply that they cannot be prevented. Most of the hacks in the crypto space can be mitigated through comprehensive security audits, transparent infrastructures, and accountability frameworks to prevent stakeholders from misusing investors’ funds.