<img src="https://secure.52enterprisingdetails.com/787683.png" style="display:none;">
Skip to content

12 Days of Hackmas

12 Days of Hackmas

A staggering total of $1.8 billion worth of cryptocurrency was stolen using various hacking methods in 2023. Whilst this doesn’t match the $3.8 billion of crypto stolen in 2022, the biggest year for hacking yet, it shows that hacks are still an imminent threat in the crypto landscape. So, what hacking methods have caused the most damage? This update discusses the 12 biggest hacks in 2023 to shine a light on what to watch out for in the crypto space for 2024, where a heavily anticipated bull run will spark increased crypto activity.

 

2023’s largest crypto hacks, scams and exploits

 

12: Huobi HTX

Amount: $26.4 million

Date: 22 November

In late November, Huobi HTX suffered a security breach costing them $26.4 million worth of crypto. The exchange has said they’re fully committed to compensating users for their funds and the exchange will still run as usual although there is still no explanation given for the hack.

 

11: CoinsPaid

Amount: $37.3 million

Date: 22 July

In July, CoinsPaid suffered an exploit costing them $37.3 million. Max Krupyshev, CEO of CoinsPaid said they had compensated clients using its own funds following the attack. After targeting the firm for months using fishing and social engineering scams, a hacker had tricked an employee at CoinsPaid into downloading malicious software during a fake interview which allowed the hackers access to CoinsPaid infrastructure. Krupyshev confirmed that no private keys were compromised during the attack, the hackers had only gained access to the company’s services in which they were able to make requests to send funds.

 

10: Stake.com

Amount: $41.3 million

Date: 4 September

Following a string of transactions on Ethereum, hackers where able to steal approximately $16 million from different wallets and a $25.6 million on BSC and Polygon. Although it remains unconfirmed, the attacker had likely compromised the private keys of hot wallets to transfer the crypto.

 

9: KyberSwap Elastic

Amount: $47 million

Date: 22 November

KyberSwap Elastic suffered an exploit costing them $47 million. The attack occurred through an unexpected behavior in the KyberSwap Elastic pool related to the Reinvestment Curve feature. The fault in the calculation of the number of tokens needed for the exchange, led to an overshooting of the next price beyond the expected boundary. This then impacted the protocol’s ability to update the pool’s liquidity using its liquidity cross-tick function.

 

8: CoinEx

Amount: $70 million

Date: 12 September

It was originally thought that CoinEx had only suffered a hack worth $27 million of cryptocurrencies in Ethereum, Tron and Polygon. However, further analysis of the hack revealed damage worth $70 million due to a hacker compromising the private keys on its hot wallets.

 

7: Curve Finance

Amount: $61.7 million

Date: 30 July

Curve Finance suffered a reentrancy hack in July costing them over $60 million. A flaw in the Vyper smart contract programming language was identified as the root cause, resulting in a breakdown of the reentry guard and allowing a security breach.

 

6: Heco bridge

Amount: $86.6 million

Date: 22 November

The attack on Heco Bridge was in connection with that on Hupbi HTX on the same day. Investor, Justin Sun confirmed the attack on X and said they’d confirm the reason for the attack once they had investigated. Cyver, a blockchain security firm said the attack was due to a private key leak which gave access to Heco Bridge where users can transfer tokens between Heco Chain and Ethereum.

 

5: Atomic wallet

Amount: $100 million

Date: 3 June 

Atomic Wallet suffered an exploit in June costing them $100 million. However, they did not confirm the reason behind the exploit but instead gave four possible causes: a virus on user devices, an infrastructure breach, a man-in-the-middle attack or malware code injection.

 

4: Poloniex

Amount: $100 million

Date: 10 November 

Crypto exchange Poloniex suffered a hack in November with attackers siphoning $100 million. The exchange was attacked using an APT (Advanced Persistent Threat) which is a targeted attack over time that collects information that can be used to carry out a hack. During this time, attackers were able to steal information and gain access using their private keys. Usually, this is a technique used by sophisticated hackers such as Lazarus, the North Korean hacking group.

 

3: Multichain

Amount: $126 million

Date: 7 July

Multichain’s $126 million hack makes the third largest hack to have happened so far in 2023. Shortly after the breach had happened, Multichain acknowledged a possible hack and put out a statement to its users to temporarily stop using the service. The assets were pulled out of several token bridges and hackers completely stripped Multichain’s Fantom bridge in wBTC, USDC, USDT and some altcoins. Whilst Multichain didn’t confirm the cause of the hack, Certik’s, a blockchain security firm, investigation found it was most likely to be a compromised private key.

 

2: Euler Finance

Amount: $197 million

Date: 13 March

The second largest hack in 2023 happened back in March on lending protocol Euler Finance. A big flash loan attack struck the protocol and cost them $197 million worth of cryptocurrencies. The hack was so big that the effects were felt across an additional 11 protocols.

A hacker executed a flash loan attack which was repeated across many different pools, using three separate Ethereum addresses. The first hack siphoned $8.9 million worth of Dai from the Dai deposit pool. The first address was called “Euler Exploit Contract 1”, and borrowed 30 million DAI from Aave using a smart contract. The second address, which Etherscan has not labelled, received the loan and deposited 20 million DAI into Euler. In response, Euler minted around 19.6 million eDAI and sent it back to the borrower. The third address was then used to perform liquidation. This attack involved 20 transactions in the same block.

In the process, the second address minted 195.7 million eDAI, and Euler minted 200 million dDAI, but due to a conversion, the second address received slightly less and paid back $10 million of the loan by depositing 10 million DAI, and Euler burned 10 million dDAI, reducing the debt. 

However, whilst the hack caused panic across numerous protocols, the money was returned by the attacker in the following 23 days after the hack.

 

1: Mixin Network

Amount: $200 million

Date: 23 September

Last but certainly not least, the largest hack of 2023 was in late September on the Mixin Network. Hackers took advantage of a single point of failure on its cloud services which allowed them to access a hot wallet.  Hackers then drained the wallet of $200 million which mainly consisted of Bitcoin.  

The Mixin hacker has been offered $20 million to return the funds however he has not yet done so.

 

What can you do to protect yourself against risks?

Keeping large amounts of cryptocurrencies under the same private key can put you at greater risk of hacks and scams such as exploits, and rug pulls. Coinccover, the blockchain protection company, works with over 350 businesses to protect client funds and mitigate the risk of theft on the blockchain. Get in touch to find out how Coincover can keep your assets protected so you can enjoy the bullish forecast set for 2024.

Related posts

Cryptocurrency has revolutionised how we view money and financial transactions. However, with...

New partnerships will help Canadian crypto exchanges exceed regulatory demands and protect customer...

As featured in Finextra. 2024 is proving to be another volatile year for crypto. Since reaching a ...