With the cryptocurrency market not currently in a mania phase like the one that characterized much of 2021, there’s less money on the table for hackers to attack — but hacks across Web3 and cryptocurrencies continue every week.
Hackers and scammers have devised more sophisticated and seamless ways of getting access to and siphoning millions of dollars out of users and platform wallets.
Based on a report by Chainalysis, by August 2022, the crypto industry had lost a staggering $1.47 billion to hackers. In contrast, the industry has seen $997m in losses in the year leading up to August 2023.
Let’s look at the crypto hack record in 2023 so far.
2022 | 2023 | |
Q1 | $1.3 billion | $320m |
Q2 | $745m | $313m |
Q3 | $504m | $348m (so far) |
Q4 | $950m | – |
2023 Q1: Crypto Hacks and Scams
According to blockchain security company CertiK, hackers stole approximately $320 million from the cryptocurrency sector in the first quarter of 2023.
The comparatively low number of losses (compared to $1.3bn for Q1 2022) may, in CertiK’s opinion, be attributed to off-chain activities that affected the cryptocurrency market as a whole, such as issues at Silvergate Bank and the depegging of USD Coin (USDC) at the height of the Silicon Valley Bank crisis.
Still, more than $222m was lost to 52 flash loan and oracle manipulation attacks, while $31m was lost to 90 exit scams.
CertiK noted that BNB Chain had 139 crypto hacks, the most for the quarter in terms of incidents. Ethereum (ETH) blockchain-related hacks led to losses of $221 million, the highest in Q1 2023.
60% of Q1 losses came from the Euler Finance attack of March 13, where a flash loan attack compromised the protocol and led to losses of nearly $195 million.
If the sum stolen in the breach appears substantial, a sizable portion was eventually returned after discussions with the perpetrators. Euler Finance revealed on April 4 that it could retrieve roughly 90% of the lost assets.
2023 Q2: Crypto Hacks and Scams
The on-chain data published for Q2 by CertiK showed that over $313 million in digital assets were lost to crypto hacks and exploits.
The security company noted a 58% decrease in the amount lost compared to the second quarter of 2022 when hacks and vulnerabilities cost the crypto sector $745 million.
According to the statistics, there were 212 security incidents, of which 98 were exit scams that led to a $70 million loss.
In addition, CertiK noted that, of all the blockchains it examined, BNB Chain recorded the most events, with 119 incidents resulting in losses of $70,711,385. Second place went to Ethereum, where 55 instances brought in $65,999,953 for hackers.
The biggest crypto heist was the Atomic Wallet hack that resulted in the loss of over $ 100 million. In this case, the North Korean organization Lazarus Group allegedly attacked the non-custodial decentralized platform, which stole tokens worth $ 100 million on June 3.
This attack, executed by targeting users’ private keys to gain access to their wallets, accounted for close to 50% of all losses in the quarter. Atomic Wallet offered a 10% bounty to Lazurus Group to return the funds. Still, the perpetrators had already begun laundering the money, and there were no signs of the money being recovered.
Another attack that is on the rise is address poisoning — with even the DEA not immune from the scam.
2023 Q3: Crypto Hacks and Scams
While the quarter is still ongoing, the months of July and August have so far accumulated significant losses for crypto investors. July has been the worst month of the year, according to CertiK, given that investors lost $303 million to crypto attacks.
Of this, exit scams accounted for $8.6 million, whereas flash loans and oracle manipulations cost the sector another $8.7 million. The remaining $285 million was lost to other numerous exploits within the month.
Combining all the incidents in July we’ve confirmed ~$303M lost to exploits, hacks and scams. The most lost in a single month in 2023.
Exit scams were ~$8.6M
Flash loans were ~$8.7M
Exploits were ~$285M
See more details below 👇 pic.twitter.com/GtdsxsSohc
— CertiK Alert (@CertiKAlert) July 31, 2023
The most noteworthy exploit occurred on July 6 when Multichain realized its lockup assets had been moved to an unknown address. In total, the platform lost over $135 million from its Ethereum, Dogechain, and Moonriver Fantom Bridge.
Conversely, August was less tragic, with only $45 million lost in crypto crimes. A few of the notable incidents include the Zunami Protocol attack, which cost $2.2 million in losses, the Exactly Protocol exploit, which cost $7.3 million, and the PEPE withdrawal event, which cost $13.2 million in losses.
Accountability for Crypto Crimes and Losses
After the occurrence of a crypto crime and massive loss of investors’ assets, the crypto community reverts to asking who is to blame for the loss. Is it the attacker or the platform handling users’ assets, or is it the user for trusting and investing their funds in the digital assets?
Most times, the answer to these questions is not usually straightforward. Vulnerabilities tend to occur, and it is never intentional for a platform handling users’ assets to lose their funds to such loopholes.
It is, however, important to recall that part of the decentralized nature of Web3 and the crypto industry is that users ought to take full responsibility and control of their funds and assets.
The Bottom Line
One common factor among all these crypto crime incidents is that these funds are typically stored in hot wallets connected to the internet. This makes them exposed to hackers and susceptible to attacks and theft.
On the flip side, there are cold wallets which, aside from lacking connection to the internet and providing increased security, also enable an investor to take control of their assets because they hold their crypto keys in physical devices.
This form of storing crypto assets has long been recommended as a safer and more secure option that is less prone to crypto hacks.