Crypto Hacks 2023: Full List of Scams and Exploits as Millions Go Missing | Credit: Shutterstock
Key Takeaways
In the realm of cryptocurrency, volatility reigns supreme, evident in the staggering losses suffered by notable platforms. Euler Finance, a DeFi pioneer, faced a crippling $197 million flash loan attack, a blow to the community.
Despite the turmoil, a ray of hope emerged when the hacker, known as “Jacob,” returned a portion of the stolen funds—a rare recovery in the DeFi world. The incident resonated across platforms like Stars Arena, which lost $3 million in AVAX tokens, highlighting the necessity for rigorous security assessments.
Additionally, Trust Wallet’s sophisticated $4 million social engineering attack underscored the urgency for heightened vigilance in an increasingly vulnerable space.
Explore the riveting tales of security breaches and elusive recoveries as you delve into the complex world of cryptocurrencies. Each hack unveils the narratives behind million-dollar losses and the rare occurrences of fund returns.
Victim | Date Of Hack | Estimated Loss |
Euler Finance | March 13, 2023 | $197 Million |
Kronos Research | November 19, 2023 | $26 Million |
Angle Protocol | March 13, 2023 | $17.6 Million |
Multichain | July 6, 2023 | $126 Million |
Platypus Finance | October 12, 2023 | $9.2 Million |
Safemoon | March 28, 2023 | $9 Million |
LendHub | January 12, 2023 | $6 Million |
Balancer | September 19, 2023 | $238K |
Coins.ph | October 23, 2023 | $445K |
Kucoin’s Twitter Scandal | April 24, 2023 | $23K USDT |
BonqDAO | February 01, 2023 | $120 Million |
Deus Finance | May 05, 2023 | $6 Million+ |
Bitrue Exchange | April 14, 2023 | $23 Million |
Trust Wallet | February 08, 2023 | $4 Million |
MyAlgo | February 27, 2023 | Customer Information |
Stars Arena | October 09, 2023 | $3 Million |
Euler Finance, a DeFi protocol, suffered a flash loan attack on March 13, 2023, resulting in a $197 million loss. Exploiting a liquidity issue within Euler’s eToken function, the attacker manipulated token conversions, causing a significant decline in various cryptocurrencies and a 45% drop in EUL token value.
Fortunately, the hacker, known as “Jacob,” returned 54,000 ETH and $10 million in DAI via encrypted messages, marking one of DeFi’s most substantial recoveries. Implementing circuit breakers and ensuring accurate protocol functions became crucial post-hack security measures.
Kronos Research, a Taipei-based crypto trading firm, revealed a $26 million security breach on November 19, 2023. Unauthorized access to its API keys led to the hack, prompting the firm to cease all trading operations for investigation. The aftermath impacted Woo Network, a trading platform highly dependent on Kronos Research as its key liquidity provider.
ZachXBT, a crypto investigator, tracked 12,800 ETH worth $25 million transferred to five new addresses linked to the incident. Kronos vows to restore services for supported exchanges and tokens, citing this as its first trading suspension since 2018 and aiming for a speedy recovery.
Angle Protocol faced a $17.6 million loss indirectly linked to Euler’s hack, impacting its Total Value Locked and prompting discussions on enhancing risk management strategies.
Funds were repaid to Euler DAO, initiating debates on redistributing recovered funds to impacted users. The incident highlighted the need for improved emergency protocols and diversified risk management strategies in the DeFi space.
The Multichain cross-chain bridge protocol encountered a suspected hack (seemed like a rug pull) on July 6. Such protocols attract hackers due to their experimental nature and centralized asset repositories.
According to Chainalysis, unrelated issues have raised suspicions of insider involvement in this exploit. Over $125 million in crypto was withdrawn, with substantial losses from the Fantom, Dogecoin, and Moon River bridges, affecting various assets including wETH, wBTC, USDC, Dogecoin, and Tether.
Platypus Finance suffered a $9.2 million loss due to solvency check vulnerabilities, resulting in attacks draining stablecoins across multiple instances.
While partial recoveries were made with the help of security firms and negotiations with Tether, some assets remained unrecoverable. The incident stressed the significance of robust security measures, regular audits, and protocol restarts to regain user trust.
Safemoon experienced a smart contract exploit, losing nearly $9 million in SFM tokens through liquidity pool drainage.
However, an agreement between the exploiter and Safemoon developers facilitated the return of $7.1 million, with the exploiter retaining 20% as a bug bounty. The incident emphasized the importance of rigorous smart contract audits and community vigilance to prevent future exploits.
LendHub faced a $6 million security breach due to a failure to eliminate a deprecated token during an update. Exploiting the market’s discrepancy, the hacker siphoned $6 million by manipulating mint and redeem functionalities.
Information on fund recovery remains uncertain, underscoring the necessity for meticulous procedures during smart contract updates to prevent vulnerabilities and exploits.
Balancer, a prominent DeFi protocol on Ethereum, faced a security breach on its platform, preceded by a warning issued on September 19, 2023. Users were prompted to approve a malicious contract via the platform’s user interface, leading to wallet drainage.
Although Balancer hasn’t confirmed the loss officially, estimates suggest a theft of around $238,000 in crypto. There’s no available information about the recovery of these funds. Balancer urged users to avoid their interface temporarily while they investigate and advised withdrawing from affected liquidity pools to prevent further exploits.
Coins.ph, a Philippine-based crypto exchange, fell victim to an exploit where a hacker swiftly exchanged XRP lots multiple times within half an hour, amounting to nearly 12.2 million XRP tokens valued at $6 million.
Coins.ph promptly blocked 445,000 XRP from the compromised address and collaborated with analytics firms to trace stolen XRP addresses, showcasing collective efforts to mitigate the breach’s impact.
KuCoin encountered a security breach through its official Twitter account, leading to a loss of assets totaling over 22,628 USDT. Hackers controlled the account for 45 minutes, conducting fraudulent promotions and tricking users into sending funds to malicious addresses.
KuCoin swiftly regained control of the compromised account and pledged to reimburse affected users. Measures were initiated to block addresses receiving stolen funds. Users were cautioned to scrutinize social media promotional content and avoid engaging with dubious links. KuCoin reinforced its security measures and assured users about the integrity of its website and other accounts.
The MetaMask developer, Tay, advised crypto users to spread their assets across different wallets to reduce the risk of losing all of their assets. The emphasis was placed on not keeping all assets in a single key or secret phrase for extended periods.
BonqDAO encountered a substantial smart contract exploit caused by an oracle breach, resulting in a $120 million loss. An exploiter tampered with an oracle in a smart contract, manipulating AllianceBlock token prices and generating significant BEUR quantities.
The hacked BEUR was exchanged on Uniswap, plummeting prices and triggering ALBT trove liquidations. Approximately $120 million was lost, comprising $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wALBT tokens. BonqDAO and AllianceBlock are collaborating to redress the impact, including issuing new ALBT tokens.
Deus Finance, a decentralized finance (DeFi) protocol, fell prey to a security breach, losing over $6 million in DEI stablecoins. The attack exploited vulnerabilities in the BNB Smart Chain and Arbitrum network, leading to losses of $1.3 million and over $5 million, respectively. Post-attack, Deus Finance halted contracts, burned DEI tokens, and initiated a recovery plan while assessing their token backing.
Bitrue Exchange experienced a $23 million breach, resulting in the theft of various cryptocurrencies. Withdrawals were suspended, and less than 5% of Bitrue’s total reserves were affected.
The exchange resumed operations after fixing the vulnerability and reassured users of heightened security measures.
Trust Wallet encountered a sophisticated social engineering attack, causing a $4 million loss for Webaverse. Criminals manipulated a multi-signature Trust Wallet transaction, transferring funds to a single-signature wallet using counterfeit KYC and agreements. Investigations are ongoing, focusing on understanding the breach despite lacking access to the wallet’s private key.
MyAlgo suffered a security breach via a Man-In-The-Middle attack, compromising passwords and private keys.
While specifics about the amount lost remain undisclosed, hundreds of compromised accounts were identified. MyAlgo advised password changes and recommended Ledger hardware wallets for enhanced security.
Stars Arena on Avalanche fell victim to an exploit, losing $3 million in AVAX tokens due to a smart contract vulnerability.
Subsequently, a resolution was reached with the hacker, recovering roughly 90% of the stolen AVAX and compensating the attacker for their lost tokens, emphasizing the importance of rigorous security assessments and vulnerability checks for platforms.
The interplay between social media and cryptocurrencies has created avenues for scams and fraudulent schemes. Vulnerabilities in smart contracts and the vast assets in crypto exchanges further heighten the risks of unauthorized access and losses.
It’s important for users to be vigilant, employ enhanced security measures like hardware wallets and enabling two-factor authentication, and cautiously assess DeFi platforms and investments to safeguard against potential threats and ensure a secure crypto environment.
How are social media platforms used for crypto-related fraudulent activities?
Social media platforms are often exploited by scammers impersonating legitimate crypto entities or influencers to promote fraudulent schemes, phishing attacks, or spread misinformation, intending to deceive users into revealing sensitive information or transferring assets.
How can vulnerabilities in smart contracts lead to crypto hacks?
Smart contracts, if poorly coded or unaudited, may contain vulnerabilities or bugs that hackers can exploit to manipulate contract functionalities, leading to unauthorized access or alterations, potentially causing loss of funds stored within the contract.
What risks are associated with crypto exchanges in relation to hacks and fraudulent activities?
Crypto exchanges can be targeted for hacks due to the vast amounts of assets they hold, vulnerabilities, inadequate security measures, or internal malpractices which may lead to unauthorized withdrawals, data breaches, or other exploitations.
How can users protect their crypto wallets from fraudulent activities and hacks?
Users can secure crypto wallets by using hardware wallets for significant amounts, employing strong, unique passwords, enabling two-factor authentication, and being vigilant against phishing attempts and malicious software.
In what ways can DeFi platforms be susceptible to fraudulent behavior and hacks?
DeFi platforms can be susceptible to various attacks like flash loan attacks, front-running, and exploits due to smart contract vulnerabilities, which can be orchestrated to drain funds or manipulate market conditions, highlighting the need for thorough platform assessment and cautious investment.