Major crypto hacks of 2023: how industry lost over $1b within minutes
Explore the biggest crypto hacks of 2023 in our comprehensive review, including the roles of notorious hacking groups and their impact on the crypto industry.
Cryptocurrency hacks in 2023 have seen the industry lose over $1 billion, with the largest hacks occurring in the final quarters of the year. The recent bull market has marked the end of a prolonged crypto winter that started in 2022, driven by the Terra LUNA crash and the FTX collapse. However, this has also renewed hackers’ interest in the market, with more malicious threats targeting major defi protocols and crypto exchanges.
From the multi-million dollar heist at Mixin to the sophisticated phishing scams affecting individual investors, each hack provided a stark reminder of the ongoing battle between cybersecurity and cybercriminals in the digital age. So, what were the largest crypto hacks of 2023? Let’s find out.
Mixin breach ($200m): biggest crypto hack of 2023
September 2023 saw arguably the largest recent crypto hack, as the Mixin platform suffered a staggering loss of $200 million. This incident unfolded through a data breach of Mixin’s cloud service provider. The platform could not track down the attacker or recover the stolen funds. However, Mixin committed to compensating users for half of their lost holdings.
[Update]
After statistical analysis, the affected assets in this incident were mainly ERC20-USDT, ETH, and BTC. Other assets were not affected. The specific compensation details are still under discussion. Please stay tuned for updates on the progress of this incident. In order… https://t.co/XHlNmJFbeZ— Mixin Kernel (@MixinKernel) October 5, 2023
Euler Finance hack ($197m)
In March 2023, Euler Finance experienced a significant hack, losing nearly $200 million. The breach was initially identified by PeckShield, a blockchain security firm, which noticed unusual transaction activity on the platform. These transactions were later confirmed as the method through which $197 million in cryptocurrency was stolen.
However, in a rare occurrence, the stolen funds were unexpectedly returned to Euler Finance a few weeks after the hack. An apology note was included in one of the return transactions, as observed on Etherscan.
You might also like: Euler Finance hacker returns ethereum worth $102m
Poloniex hack (over $120m)
Popular crypto exchange Poloniex faced a security breach in November, leading to a loss exceeding $33 million, later revised to over $120 million. The unauthorized outflow of funds from its hot wallet affected multiple networks, including Ethereum (ETH) and Bitcoin (BTC). Justin Sun, the majority shareholder of Poloniex, reassured the community of the exchange’s financial stability and pledged full reimbursement for the lost assets.
To resolve the situation, Sun initially offered a $10 million bounty to the cryptocurrency hackers for returning a significant portion of the funds within a week and provided wallet addresses for potential reimbursement. However, as per the latest reports, the hackers did not respond. Poloniex continues its internal investigation and remains committed to compensating affected users.
You might also like: Justin Sun gives new ultimatum to Poloniex hackers, offers $10m bounty
HTX hack ($110 m)
Yet another exchange linked to Justin Sun experienced a major breach this year. HTX, formerly known as Huobi, experienced a significant security breach, leading to a net outflow of $250 million after resuming operations.
This outflow followed the November attack in which HTX lost around $110 million, according to Sun. The incident prompted a temporary suspension of withdrawals and deposits. Despite the substantial outflow, an HTX emphasized that user funds were safe.
You might also like: HTX marks $250m outflow post November hack
MultiChain rug pull ($130m)
In July, MultiChain, a cross-chain protocol, reported suspicious withdrawals totaling $130 million, sparking concerns of a hack or rug pull. The series of transactions led to the Chinese authorities’ arrest of MultiChain’s CEO, Zhaojun, fueling speculation of insider involvement.
Zhaojun’s devices, including phones and hardware wallets, were confiscated. The incident led to MultiChain ceasing operations, as detailed in a post on social media. The closure of MultiChain followed these events, leaving many questions about the true nature of the incident.
You might also like: Multichain halts operations following CEO arrest in China, lost access to servers
Atomic Wallet hack ($100m)
In June, Atomic Wallet, a widely-used software crypto wallet, was hacked, leading to the loss of $100 million. The breach impacted over 5,000 user accounts, with some users experiencing partial thefts and others having their wallets completely emptied.
The initial suspicion pointed toward the Lazarus hacking group. The incident led to a class-action lawsuit from Russian investors against Atomic Wallet in August 2023. The latter claimed that the trace led to the Ukrainian group of hackers. However, there has been no proof of this statement since then.
The company’s response to the crypto hack and the legal repercussions are yet to be fully resolved.
You might also like: Atomic Wallet collaborates with blockchain experts to counter security threat
CoinEx hack ($70m)
Crypto exchange CoinEx suffered a major security breach in September, resulting in the theft of $70 million. Crypto hackers accessed numerous private keys for user hot wallets, transferring substantial amounts of various cryptocurrencies, including nearly 5,000 ETH and 231 BTC.
Despite the significant loss, CoinEx’s cold wallets remained unaffected. The North Korean Lazarus group is suspected to be behind this attack.
You might also like: CoinEx to resume crypto services after $70m Lazarus hack
KyberSwap hack ($47m)
The KyberSwap hack in November 2023 stands out for its complexity and the significant loss incurred. The multi-chain decentralized exchange aggregator fell victim to a smart contract reentrancy attack, leading to the theft of $47 million across various networks, including Ethereum, Polygon (MATIC), Arbitrum (ARB), and Optimism (OP).
This breach resulted in a drastic 90% drop in KyberSwap’s total value locked, falling from $84.9 million to just $8.28 million, showcasing the severe impact of smart contract vulnerabilities.
KyberSwap hacker demands | Source: Etherscan
The hacker behind this attack made unusual demands, seeking total control over KyberSwap’s protocol, which included its governance mechanism and company assets. These demands, attached to a transaction on Etherscan, were unprecedented and highlighted a new level of boldness in crypto hacking.
The hacker sought to overhaul KyberSwap’s operational structure, including employee salaries and executive buyouts. This incident reflects the technical vulnerabilities of defi platforms and underscores the evolving challenges in securing defi ecosystems against increasingly sophisticated attacks.
You might also like: KyberSwap launches treasury grant program for exploit that affected users
Stake hack ($41m)
September was undoubtedly one of the costliest months this year, with the number of hacks exceeding all other months in 2023. Popular crypto gambling platform Stake also suffered a breach that month, leading to a theft of $41 million.
This hack specifically targeted users’ crypto hot wallets, and the assets stolen included Ethereum and Dai, among others. All funds were initially transferred to a single wallet, believed to belong to the hacker, and then dispersed to various other wallets. This dispersion tactic made tracking the stolen assets more challenging. The FBI’s investigation later confirmed the involvement of the North Korean Lazarus hacking group in this theft, although the stolen funds remain unrecovered.
You might also like: Drake-backed gambling startup Stake faces legal hurdles in Australia
North Korea’s Lazarus group: state-affiliated threat in crypto hacks
In 2023, the Lazarus Group, a North Korea-linked hacker organization, has been a prominent actor in the crypto hacking landscape. They have been responsible for over $300 million in crypto hacking incidents, accounting for approximately 17.6% of the total losses incurred in the crypto industry during the year. This contribution to the total losses highlights the group’s significant impact on the crypto space.
Historically, the Lazarus Group has been involved in some of the largest cyberattacks, dating back to their activities against Sony Pictures in 2014. Over the years, they have shifted their focus to crypto protocols, acquiring billions of dollars from these attacks. From 2021 to 2023, approximately $1.9 billion has been stolen from various crypto projects, showcasing the group’s persistence and evolving tactics.
You might also like: North Korea’s Lazarus behind $300m in 2023 crypto losses
In 2023, the Lazarus Group executed at least five attacks, including a notable $70 million theft from the Hong Kong-based crypto exchange CoinEx. Their strategy moved towards targeting centralized finance platforms and noncustodial crypto wallets, demonstrating keen adaptability to the changing landscape of the crypto industry.
Despite a global decline in the overall amount of money stolen in digital asset hacks, the threat posed by groups like Lazarus remains significant. Law enforcement agencies have been actively combating these activities by tracing stolen funds and disrupting crypto mixers, which obscure illicit funds’ origins. The U.S. Treasury Department has addressed these challenges by sanctioning popular mixing services like Tornado Cash and proposing stricter regulations for decentralized platforms.
You might also like: Tornado Cash case: crypto anonymity vs regulation
Crypto hacks in 2024: prospects
The surge of crypto hacks in the latter half of 2023 reflects a concerning narrative for the industry heading into 2024. The upcoming year is poised to be a crucial time for crypto, with the expectations around the Bitcoin spot ETF launch in January and the Bitcoin halving event in April.
So, the industry is preparing for a busy 2024, and so will the hackers. Building industry-wide resilience would be the key to curbing these large-scale threats; otherwise, we might be in for a costlier new year.
You might also like: Crypto 2023 in review: the most significant events that shaped the industry