The year 2023 has been a roller coaster ride for the cryptocurrency industry, with numerous security breaches shaking the confidence of investors and users alike. As the digital asset space continues to evolve, so do the tactics of cybercriminals, leading to substantial financial losses.
Mixin Network’s $200 Million Blow
Mixin Network, a decentralized network designed for asset transactions, faced a severe setback when hackers targeted their cloud service provider’s database, leading to a staggering loss of $200 million. The platform has since halted deposits and withdrawals, promising to address the aftermath of the breach.
Euler Finance’s Flash Loan Fiasco
Euler Finance’s DeFi protocol was exploited through a flash loan attack, resulting in a $197 million deficit. The attacker, known as “Jacob,” later returned a substantial portion of the stolen funds, but not before shaking the market and causing a significant drop in the value of Euler’s native token, EUL.
Multichain’s $126 Million Suspected Inside Job
Multichain, a cross-chain bridge protocol, was suspected of an inside job that led to the unauthorized withdrawal of over $125 million in crypto assets. The hack raised questions about the security of bridge protocols and the need for decentralized asset management.
BonqDAO’s Oracle Attack
A smart contract exploit at BonqDAO, caused by a compromised oracle, resulted in the loss of $120 million. The attacker manipulated token prices, leading to a cascade of liquidations and a sharp decline in the value of AllianceBlock tokens.
HECO Bridge and HTX’s $115 Million Debacle
Two platforms associated with Justin Sun, HECO Bridge and HTX exchange, were hacked, potentially leading to a combined loss of $115 million. The hot wallet attack affected a range of cryptocurrencies, including USDT and ETH.
Atomic Wallet’s North Korean Heist
Atomic Wallet reported a breach that affected over 5,500 crypto accounts, with losses amounting to $100 million. The incident was linked to the Lazarus Group, a notorious North Korean hacking collective.
CoinEx’s Compromised Keys
CoinEx exchange suffered a security breach when hackers exploited compromised private keys, stealing over $70 million in tokens. The exchange has committed to compensating affected users and has taken steps to secure its platform.
Curve Finance’s $60 Million Hack
Curve Finance’s liquidity pools were compromised, resulting in a loss of at least $60 million. The platform managed to recover a significant portion of the stolen funds by offering a reward to the attacker.
Kyber Network’s $54.7 Million Sophisticated Exploit
Kyber Network was hit by a highly complex attack that exploited double liquidity counting, leading to a loss of $54.7 million in digital assets. The nature of the hack demonstrated the advanced tactics used by cybercriminals in the DeFi space.
Stake.com’s Hot Wallet Breach
Stake.com‘s hot wallets were breached, resulting in a loss of around $41 million. The attack targeted multiple blockchains and raised concerns about the platform’s response time and security measures.
CoinsPaid’s Phishing Scam
CoinsPaid, a crypto payment provider, was defrauded of $37 million through a phishing scam that exploited an employee’s computer. The incident underscored the threat of social engineering in the crypto industry.
Kronos Research’s API Key Compromise
Kronos Research disclosed a $26 million security breach after unauthorized access to its API keys. The trading firm temporarily suspended operations to address the issue and ensure the security of its platform.
Bitrue Exchange’s $23 Million Theft
Bitrue Exchange experienced a security breach that led to the theft of $23 million worth of cryptocurrencies. The platform quickly addressed the vulnerability and reassured users of its commitment to security.
Angle Protocol’s Indirect Impact from Euler’s Hack
Angle Protocol indirectly suffered a $17.6 million loss due to Euler’s hack. The incident sparked discussions on improving risk management and emergency protocols within the DeFi ecosystem.
Platypus Finance’s Solvency Check Vulnerability
Platypus Finance lost $9.2 million due to vulnerabilities in its solvency checks. While some assets were recovered, the event highlighted the need for continuous security vigilance.
Safemoon’s Smart Contract Exploit
Safemoon’s SFM tokens were drained from its liquidity pool, resulting in a nearly $9 million loss. An agreement with the exploiter led to the return of most of the stolen funds.
dYdX Exchange’s Insurance Fund Drain
The dYdX Exchange was hacked, with $9 million lost from its Version 3 insurance funds. The attack targeted a market with low trading volumes, allowing the hacker to manipulate trades and deplete the insurance reserves.
LendHub’s Deprecated Token Error
LendHub faced a $6 million breach due to an oversight in removing a deprecated token during an update. The hacker exploited this discrepancy to drain funds from the platform.
Deus Finance’s Dual Network Exploit
Deus Finance lost over $6 million in DEI stablecoins after being targeted on both the BNB Smart Chain and Arbitrum network. The protocol took immediate action to halt contracts and initiate a recovery plan.
LastPass’s Cloud Storage Compromise
LastPass users suffered a $4.4 million loss after a breach involving the company’s cloud-based storage service. The attack stemmed from compromised employee credentials, affecting users across multiple blockchains.
Trust Wallet’s Social Engineering Attack
Trust Wallet was targeted in a social engineering attack that led to a $4 million loss for Webaverse. The incident involved the manipulation of a multi-signature transaction, highlighting the need for heightened security awareness.
Stars Arena’s Smart Contract Flaw
Stars Arena on Avalanche lost $3 million in AVAX tokens due to a smart contract vulnerability. A settlement with the hacker resulted in the recovery of most of the stolen funds.
Telcoin’s Unauthorized Transfer
Telcoin reported a security compromise that led to an unauthorized transfer of crypto assets valued at over $1.3 million. The company has committed to reinstating impacted user balances.
Ledger’s Phishing Attack Aftermath
Ledger faced a $500,000 theft after its Ledger Connect Kit software was compromised by a phishing attack targeting a former employee. The company has since taken corrective measures to ensure user safety.
Coins.ph’s Rapid Exchange Exploit
Coins.ph was exploited, resulting in the loss of nearly 12.2 million XRP tokens valued at $6 million. The exchange acted quickly to block the compromised address and trace the stolen assets.
Balancer’s Interface Warning
Balancer issued a warning after users were prompted to approve a malicious contract, leading to wallet drainage and a loss of about $238,000 in crypto. The protocol advised users to withdraw from affected pools and is investigating the breach.
Kucoin’s Twitter Account Hack
Kucoin’s official Twitter account was hacked, resulting in the loss of over 22,628 USDT. The exchange reassured users of compensation and took steps to prevent further unauthorized transactions. It is also believed that hackers buy X followers to artificially inflate the profiles so that they look even more authentic.
As the cryptocurrency industry continues to grow, the incidents of 2023 serve as a stark reminder of the importance of security in the digital asset space. Users and platforms alike must remain vigilant and proactive in implementing and updating security measures to protect against the ever-evolving threat landscape.