Top 8 Crypto Hacks in 2023

Top 8 Crypto Hacks in 2023

2023 has been a year of significant growth and adoption for the cryptocurrency industry, but it has also been a year of major hacks and exploits. In the first 10 months of the year, nearly $2 billion worth of cryptocurrency has been stolen from crypto exchanges, DeFi protocols, and other crypto projects. In 2022 crypto hacks represented a record of $3.8 billion and sadly 2023 is taking the same path. We can argue that 2023 will, in fact, be worse as the overall crypto market is lower in 2023 compared to 2022, the number of assets stolen in 2023 is actually higher even though the USD value is lower.

 

The top 10 crypto hacks of 2023 so far have resulted in the theft of over $1 billion worth of cryptocurrency. The most common exploit used by hackers is the flash loan attack, which allows hackers to take out large loans and then use them to manipulate the price of assets in order to make a profit. Other common exploits include cross-chain bridge exploits, hot wallet compromises, and supply chain attacks.

 

In this article, we will take a closer look at the top 8 crypto hacks of 2023 so far, with a focus on the exploit used by the hacker. But first, before jumping into our top 8, we would like to remind you that the safest way to protect your assets is to use a hardware wallet such as a D’CENT Biometric Wallet. It allows you to embark for self-custody meaning no-one but you have access to your private keys and recovery phrase, in other words, no-one but you can transfer your tokens.

 

8. CoinsPaid

Exploit: Social engineering

Losses: $37 million

 

CoinsPaid, a Ukrainian crypto payments provider, was hacked on June 20, 2023. The hackers used social engineering to trick CoinsPaid employees into installing malware, which gave them access to the company’s internal systems. The attackers then stole $37 million in cryptocurrency.

 

Social engineering is a type of cyberattack that relies on human error or manipulation to gain access to sensitive information or systems. In this case, the hackers were able to trick CoinsPaid employees into installing malware by sending them phishing emails or messages that appeared to be legitimate.

 

CoinsPaid responded to the hack by compensating customers from its own reserves and reimbursing all losses. The company also implemented new security measures to prevent future attacks, such as mandatory security training for employees and improved multi-factor authentication procedures.

 

 

7. Stake.com

Exploit: API exploit

Losses: $41.3 million

 

Stake.com, a crypto gambling platform, was hacked on September 4, 2023. The hackers used an API exploit to steal $41.3 million in cryptocurrency.

 

An API exploit is a type of cyberattack that takes advantage of vulnerabilities in an application programming interface (API). APIs allow different software applications to communicate with each other. In this case, the hackers were able to exploit a vulnerability in Stake.com’s API to steal cryptocurrency from user accounts.

 

Stake.com responded to the hack by compensating affected customers and implementing new security measures. The company also launched an investigation into the hack and is working with law enforcement to apprehend the hackers.

 

 

6. Curve Finance

Exploit: Flash loan attack

Losses: $61.7 million

 

Curve Finance, a decentralized exchange, was hacked on July 30, 2023. The hackers used a flash loan attack to steal $61.7 million in cryptocurrency.

 

A flash loan attack is a type of cyberattack that exploits the fact that cryptocurrency transactions can be reversed if they are not confirmed by the network. In this case, the hackers were able to take out a flash loan and use it to manipulate the prices of certain assets on Curve Finance. This allowed them to steal cryptocurrency from users who were trying to trade those assets.

 

Curve Finance responded to the hack by compensating affected users and implementing new security measures. The company also launched an investigation into the hack and works closely with the authorities. Through investigations almost 80% of the funds were recovered.

 

 

5. CoinEx

Exploit: Hot wallet compromise

Losses: $70 million

 

CoinEx, a cryptocurrency exchange, was hacked on April 8, 2023. The hackers compromised CoinEx’s hot wallets and stole $70 million in cryptocurrency.

 

A hot wallet is a cryptocurrency wallet that is connected to the internet. This makes hot wallets more vulnerable to attack than cold wallets, which are not connected to the internet. Learn more about our cold wallet D’CENT Biometric Wallet

 

It is said that the CoinEx attack was organized by Lazarus Group, a North-Korea related group also behind other attacks of this Top 8.

 

 

4. Atomic Wallet

Exploit: Supply chain attack

Losses: $100 million

 

Atomic Wallet, a cryptocurrency wallet, was hacked on June 3, 2023. The hackers used a supply chain attack to compromise Atomic Wallet’s software development kit (SDK) and inject malicious code into the company’s apps. This allowed the attackers to steal $100 million in cryptocurrency from Atomic Wallet users.

 

A supply chain attack is a type of cyberattack that targets a company’s suppliers or vendors in order to gain access to the company’s systems or data. In this case, the hackers were able to compromise Atomic Wallet’s SDK by injecting malicious code into the code of one of the company’s suppliers.

 

3. Multichain

Exploit: Cross-chain bridge exploit

Losses: $126 million

 

Multichain, a cross-chain bridge protocol, was hacked on July 7, 2023. The hackers exploited a vulnerability in Multichain’s smart contract code to steal $126 million in cryptocurrency.

 

A cross-chain bridge is a protocol that allows users to transfer cryptocurrency between different blockchains. Smart contracts are self-executing contracts that are stored on the blockchain.

 

2. Euler Finance

Exploit: Flash loan attack

Losses: $197 million

 

Euler Finance, a decentralized lending protocol, was hacked on March 13, 2023. The hackers used a flash loan attack to steal $197 million in cryptocurrency.

 

Euler Finance is a protocol that allows users to borrow and lend cryptocurrency. Flash loans are a type of loan that can be taken out and repaid within the same block. This allows users to exploit vulnerabilities in smart contracts to steal cryptocurrency.

 

Euler Finance was able to track back the hacker in a few hours. Eventually all funds were returned to the company which was therefore able to refund every customers

 

1. Mixin Network

Exploit: Cloud service provider hack

Losses: $200 million

 

Mixin Network, a decentralized cross-chain transfer protocol, was hacked on September 23, 2023. The hackers exploited a vulnerability in Mixin Network’s cloud service provider to steal $200 million in cryptocurrency.

 

A cloud service provider (CSP) is a company that provides computing, storage, and networking resources over the internet. In this case, the hackers were able to exploit a vulnerability in Mixin Network’s CSP to steal cryptocurrency from users.

 

Mixin Network is still investigating the hack and working to compensate affected users. The company has also implemented new security measures to prevent future attacks.

 

Closing

The crypto industry has been plagued by hacks and exploits in recent years. The more the industry will grow the more hackers will be interested to try crypto services’ security. In order to keep your asset safe, there are some basic rules. First, always remember that not your keys, not your coins, therefore:

 

✅Use self-custody solution, best is to use a hardware wallet as D’CENT Biometric Wallet

 

Never share your private keys, no customer support would ever ask this no matter the problem, having your private keys would not help to fix anything, it is a scam

 

Take care when connecting your wallet to web3 providers and to smartcontracts. Via our D’CENT App you can double check the permissions allowed the contracts interacting with your wallet and change the permissions if required

この記事は役に立ちましたか? 
知識を広めてください。
[D’CENT ウォレット]
D’CENTは、(株)IoTrustが製造・販売するブロックチェーン向けウォレットサービスです。 当社は、セキュリティチップ(SEおよびTEE)を基にする、エンベディット(組み込み)型ソリューションにおいて15年以上開発経験を持つスペシャリスト達によって制作されたウォレットです。さらに、銀行カードやUSIMカードで使われる高セキュリティテクノロジーの応用技術が含まれた、安心と信頼のウォレットです。 

D’CENTには、指紋情報を使用する「指紋認証型」、持ち運びに便利な「カート型」、同じくコンパクトサイズながらもオフライン状態でデータを安全に保存できる「ハードウェア型」まで、全部で3タイプの品揃えになっています。
免責事項:
このブログは教育目的のみを目的としています。ここに記載されている情報は、プロジェクトやブランド名を含め、情報提供を目的としており、金融、法律、税務アドバイスではありません。正確性に努めていますが、情報の誤りに対しては一切責任を負いません。 暗号資産(あんごうしさん)は本質的にリスクを伴います。徹底的に調査を行い、ご自身の目標とリスク許容度に見合った投資判断を行うために、ファイナンシャルアドバイザーへの相談を検討してください。 外部リンクが存在する場合がありますが、その内容や慣行に対しては一切責任を負いません。利用規約とプライバシーポリシーをご確認ください。

Biometric Wallet

"YOU are the Key" to Your Crypto Fortress! 
D'CENT Biometric - $119.00