Top 8 Crypto Hacks in 2023
2023 has been a year of significant growth and adoption for the cryptocurrency industry, but it has also been a year of major hacks and exploits. In the first 10 months of the year, nearly $2 billion worth of cryptocurrency has been stolen from crypto exchanges, DeFi protocols, and other crypto projects. In 2022 crypto hacks represented a record of $3.8 billion and sadly 2023 is taking the same path. We can argue that 2023 will, in fact, be worse as the overall crypto market is lower in 2023 compared to 2022, the number of assets stolen in 2023 is actually higher even though the USD value is lower.
The top 10 crypto hacks of 2023 so far have resulted in the theft of over $1 billion worth of cryptocurrency. The most common exploit used by hackers is the flash loan attack, which allows hackers to take out large loans and then use them to manipulate the price of assets in order to make a profit. Other common exploits include cross-chain bridge exploits, hot wallet compromises, and supply chain attacks.
In this article, we will take a closer look at the top 8 crypto hacks of 2023 so far, with a focus on the exploit used by the hacker. But first, before jumping into our top 8, we would like to remind you that the safest way to protect your assets is to use a hardware wallet such as a D’CENT Biometric Wallet. It allows you to embark for self-custody meaning no-one but you have access to your private keys and recovery phrase, in other words, no-one but you can transfer your tokens.
8. CoinsPaid
- Exploit: Social engineering
- Losses: $37 million
CoinsPaid, a Ukrainian crypto payments provider, was hacked on June 20, 2023. The hackers used social engineering to trick CoinsPaid employees into installing malware, which gave them access to the company’s internal systems. The attackers then stole $37 million in cryptocurrency.
Social engineering is a type of cyberattack that relies on human error or manipulation to gain access to sensitive information or systems. In this case, the hackers were able to trick CoinsPaid employees into installing malware by sending them phishing emails or messages that appeared to be legitimate.
CoinsPaid responded to the hack by compensating customers from its own reserves and reimbursing all losses. The company also implemented new security measures to prevent future attacks, such as mandatory security training for employees and improved multi-factor authentication procedures.
7. Stake.com
- Exploit: API exploit
- Losses: $41.3 million
Stake.com, a crypto gambling platform, was hacked on September 4, 2023. The hackers used an API exploit to steal $41.3 million in cryptocurrency.
An API exploit is a type of cyberattack that takes advantage of vulnerabilities in an application programming interface (API). APIs allow different software applications to communicate with each other. In this case, the hackers were able to exploit a vulnerability in Stake.com’s API to steal cryptocurrency from user accounts.
Stake.com responded to the hack by compensating affected customers and implementing new security measures. The company also launched an investigation into the hack and is working with law enforcement to apprehend the hackers.
6. Curve Finance
- Exploit: Flash loan attack
- Losses: $61.7 million
Curve Finance, a decentralized exchange, was hacked on July 30, 2023. The hackers used a flash loan attack to steal $61.7 million in cryptocurrency.
A flash loan attack is a type of cyberattack that exploits the fact that cryptocurrency transactions can be reversed if they are not confirmed by the network. In this case, the hackers were able to take out a flash loan and use it to manipulate the prices of certain assets on Curve Finance. This allowed them to steal cryptocurrency from users who were trying to trade those assets.
Curve Finance responded to the hack by compensating affected users and implementing new security measures. The company also launched an investigation into the hack and works closely with the authorities. Through investigations almost 80% of the funds were recovered.
5. CoinEx
- Exploit: Hot wallet compromise
- Losses: $70 million
CoinEx, a cryptocurrency exchange, was hacked on April 8, 2023. The hackers compromised CoinEx’s hot wallets and stole $70 million in cryptocurrency.
A hot wallet is a cryptocurrency wallet that is connected to the internet. This makes hot wallets more vulnerable to attack than cold wallets, which are not connected to the internet. Learn more about our cold wallet D’CENT Biometric Wallet
It is said that the CoinEx attack was organized by Lazarus Group, a North-Korea related group also behind other attacks of this Top 8.
4. Atomic Wallet
- Exploit: Supply chain attack
- Losses: $100 million
Atomic Wallet, a cryptocurrency wallet, was hacked on June 3, 2023. The hackers used a supply chain attack to compromise Atomic Wallet’s software development kit (SDK) and inject malicious code into the company’s apps. This allowed the attackers to steal $100 million in cryptocurrency from Atomic Wallet users.
A supply chain attack is a type of cyberattack that targets a company’s suppliers or vendors in order to gain access to the company’s systems or data. In this case, the hackers were able to compromise Atomic Wallet’s SDK by injecting malicious code into the code of one of the company’s suppliers.
3. Multichain
- Exploit: Cross-chain bridge exploit
- Losses: $126 million
Multichain, a cross-chain bridge protocol, was hacked on July 7, 2023. The hackers exploited a vulnerability in Multichain’s smart contract code to steal $126 million in cryptocurrency.
A cross-chain bridge is a protocol that allows users to transfer cryptocurrency between different blockchains. Smart contracts are self-executing contracts that are stored on the blockchain.
2. Euler Finance
- Exploit: Flash loan attack
- Losses: $197 million
Euler Finance, a decentralized lending protocol, was hacked on March 13, 2023. The hackers used a flash loan attack to steal $197 million in cryptocurrency.
Euler Finance is a protocol that allows users to borrow and lend cryptocurrency. Flash loans are a type of loan that can be taken out and repaid within the same block. This allows users to exploit vulnerabilities in smart contracts to steal cryptocurrency.
Euler Finance was able to track back the hacker in a few hours. Eventually all funds were returned to the company which was therefore able to refund every customers
1. Mixin Network
- Exploit: Cloud service provider hack
- Losses: $200 million
Mixin Network, a decentralized cross-chain transfer protocol, was hacked on September 23, 2023. The hackers exploited a vulnerability in Mixin Network’s cloud service provider to steal $200 million in cryptocurrency.
A cloud service provider (CSP) is a company that provides computing, storage, and networking resources over the internet. In this case, the hackers were able to exploit a vulnerability in Mixin Network’s CSP to steal cryptocurrency from users.
Mixin Network is still investigating the hack and working to compensate affected users. The company has also implemented new security measures to prevent future attacks.
The crypto industry has been plagued by hacks and exploits in recent years. The more the industry will grow the more hackers will be interested to try crypto services’ security. In order to keep your asset safe, there are some basic rules. First, always remember that not your keys, not your coins, therefore:
- Use self-custody solution, best is to use a hardware wallet as D’CENT Biometric Wallet
- Never share your private keys, no customer support would ever ask this no matter the problem, having your private keys would not help to fix anything, it is a scam
- Take care when connecting your wallet to web3 providers and to smartcontracts. Via our D’CENT App you can double check the permissions allowed the contracts interacting with your wallet and change the permissions if required