Significant Crypto Breaches in 2023
Discover the most significant crypto hacks of 2023 in our in-depth review, examining the actions of notorious hacking groups and their impact on the cryptocurrency industry.
The year 2023 witnessed over $1 billion in losses due to cryptocurrency hacks, with the largest hacks occurring in the second half of the year.
The recent bull market marked the end of a prolonged crypto winter that began in 2022, triggered by the crash of Terra LUNA and the collapse of FTX. However, this resurgence also rekindled hackers’ interest in the market, resulting in more malicious threats targeting major decentralized finance (DeFi) protocols and crypto exchanges.
Each hack, from the multi-million dollar heist at Mixin to the sophisticated phishing scams targeting individual investors, served as a stark reminder of the ongoing battle between cybersecurity and cybercriminals in the digital age. So, let’s delve into the biggest crypto hacks of 2023.
Mixin breach ($200m): the largest crypto hack of 2023
In September 2023, Mixin, a popular platform, experienced the largest crypto hack of the year, resulting in a loss of $200 million. The incident occurred due to a data breach of Mixin’s cloud service provider. The platform was unable to identify the attacker or recover the stolen funds. However, Mixin committed to compensating users for half of their lost holdings.
Euler Finance hack ($197m)
Euler Finance, a prominent platform, suffered a significant hack in March 2023, losing nearly $200 million. The breach was initially detected by PeckShield, a blockchain security firm, which observed unusual transaction activity on the platform. These transactions were later confirmed as the means through which $197 million in cryptocurrency was stolen.
In a rare turn of events, the stolen funds were unexpectedly returned to Euler Finance a few weeks after the hack. One of the return transactions even included an apology note, as witnessed on Etherscan.
Poloniex hack (over $120m)
Poloniex, a popular crypto exchange, fell victim to a security breach in November, resulting in a reported loss of $33 million, which was later revised to over $120 million. The unauthorized outflow of funds from its hot wallet affected multiple networks, including Ethereum (ETH) and Bitcoin (BTC). Justin Sun, the majority shareholder of Poloniex, reassured the community about the exchange’s financial stability and pledged full reimbursement for the lost assets.
To resolve the situation, Sun initially offered a $10 million bounty to the cryptocurrency hackers if they returned a significant portion of the funds within a week. He also provided wallet addresses for potential reimbursement. However, the hackers did not respond. Poloniex continues its internal investigation and remains committed to compensating affected users.
HTX hack ($110m)
Another exchange associated with Justin Sun, HTX (formerly known as Huobi), experienced a major breach in 2023. After resuming operations following a previous attack, HTX suffered a net outflow of $250 million. In November, the platform lost around $110 million, according to Sun. The incident led to a temporary suspension of withdrawals and deposits. Despite the substantial outflow, HTX reassured users that their funds were safe.
MultiChain rug pull ($130m)
MultiChain, a cross-chain protocol, reported suspicious withdrawals totaling $130 million in July. This raised concerns of a possible hack or rug pull. The Chinese authorities arrested MultiChain’s CEO, Zhaojun, fueling speculation of insider involvement. Zhaojun’s devices, including phones and hardware wallets, were confiscated. In light of these events, MultiChain ceased operations, leaving many questions about the true nature of the incident.
Atomic Wallet hack ($100m)
In June, Atomic Wallet, a widely-used software crypto wallet, was hacked, resulting in a loss of $100 million. The breach affected over 5,000 user accounts, with some users experiencing partial thefts and others having their wallets completely emptied.
Initially, suspicion fell on the Lazarus hacking group. In August 2023, Russian investors filed a class-action lawsuit against Atomic Wallet, claiming that the trace led to a Ukrainian group of hackers. However, no evidence has been presented to support this statement. The company’s response to the hack and the legal repercussions are still ongoing.
CoinEx hack ($70m)
CoinEx, a crypto exchange, suffered a major security breach in September, leading to the theft of $70 million. The hackers gained access to numerous private keys for user hot wallets and transferred significant amounts of various cryptocurrencies, including nearly 5,000 ETH and 231 BTC.
Despite the substantial loss, CoinEx’s cold wallets remained unaffected. The North Korean Lazarus group is suspected to be behind this attack.
KyberSwap hack ($47m)
In November 2023, KyberSwap, a multi-chain decentralized exchange aggregator, fell victim to a smart contract reentrancy attack, resulting in the theft of $47 million across various networks, including Ethereum, Polygon (MATIC), Arbitrum (ARB), and Optimism (OP).
The breach caused KyberSwap’s total value locked (TVL) to plummet by 90%, from $84.9 million to just $8.28 million, highlighting the severe impact of smart contract vulnerabilities.
The hacker behind the attack made unprecedented demands for total control over KyberSwap’s protocol, governance mechanism, and company assets. These demands, attached to a transaction on Etherscan, underscored a new level of audacity in crypto hacking. The hacker sought to revamp KyberSwap’s operational structure, including raising employee salaries and executing executive buyouts. This incident exposed the technical vulnerabilities of DeFi platforms and emphasized the evolving challenges in securing DeFi ecosystems against increasingly sophisticated attacks.
Stake hack ($41m)
September 2023 witnessed the highest number of hacks in the year. Stake, a popular crypto gambling platform, suffered a breach, resulting in a theft of $41 million. The hack specifically targeted users’ crypto hot wallets, with stolen assets including Ethereum and Dai, among others. All funds were initially transferred to a single wallet believed to belong to the hacker and then dispersed to various other wallets. This tactic made it more difficult to track the stolen assets. The FBI’s investigation confirmed the involvement of the North Korean Lazarus hacking group in this theft, although the stolen funds remain unrecovered at the time of writing.
North Korea’s Lazarus group: a state-affiliated threat in crypto hacks
In 2023, the Lazarus Group, a hacker organization linked to North Korea, emerged as a prominent player in the crypto hacking landscape. They were responsible for over $300 million in crypto hacking incidents, accounting for approximately 17.6% of the total losses incurred in the industry during the year. This significant contribution to the total losses highlights the group’s substantial impact on the crypto space.
The Lazarus Group has a history of involvement in some of the largest cyberattacks, dating back to their activities against Sony Pictures in 2014. Over the years, they have shifted their focus to crypto protocols, amassing billions of dollars from these attacks. From 2021 to 2023, they stole approximately $1.9 billion from various crypto projects, demonstrating their persistence and evolving tactics.
In 2023, the Lazarus Group executed at least five attacks, including the notable $70 million theft from the Hong Kong-based crypto exchange CoinEx. They adapted their strategy to target centralized finance platforms and non-custodial crypto wallets, showcasing their ability to navigate the changing landscape of the crypto industry.
Despite a global decline in the overall amount of money stolen in digital asset hacks, the threat posed by groups like Lazarus remains significant. Law enforcement agencies have actively combated these activities by tracing stolen funds and disrupting crypto mixers, which obscure the origins of illicit funds. The U.S. Treasury Department has addressed these challenges by imposing sanctions on popular mixing services like Tornado Cash and proposing stricter regulations for decentralized platforms.
Crypto hacks in 2024: what lies ahead?
The surge in crypto hacks during the latter half of 2023 raises concerns for the industry as it enters 2024. The upcoming year holds significant events, such as the launch of the Bitcoin spot ETF in January and the Bitcoin halving event in April.
As the industry prepares for an eventful 2024, hackers are also gearing up for new opportunities. Building resilience across the industry will be crucial in combating these large-scale threats; otherwise, cryptocurrencies may face a costly new year.
Frequently Asked Questions
1. Can blockchain be hacked?
While blockchain technology is generally secure due to its decentralized and encrypted nature, it is not entirely immune to hacking, especially through vulnerabilities in smart contracts or centralized points like exchanges.
2. Is Bitcoin hackable?
Bitcoin’s core blockchain protocol is highly secure, but Bitcoin exchanges and wallets can be vulnerable to hacking.
3. What is the world’s largest crypto exchange hack?
The world’s largest crypto exchange hack occurred at Coincheck in 2018 when the company lost $534 million worth of NEM tokens.
4. What is the biggest hack in Bitcoin history?
The most significant Bitcoin hack was the Mt. Gox incident in 2014, where approximately 850,000 bitcoins were stolen, causing a significant impact on the Bitcoin community and market.
5. What are the latest crypto hacks?
Recent notable crypto hacks include attacks on Ledger, HTX, KyberSwap, and Poloniex, resulting in losses of hundreds of millions.
Follow us on Google News for more updates.
