Crypto Hacks 2023: Full List Of Scams And Exploits As Millions Go Missing

Key Takeaways

• Vulnerabilities and user errors expose wallets and contracts to exploits. It is important to protect measures by updating security measures, carrying out regular auditing, and having secure solutions.
• Exchanges and DeFi platforms hold vast assets, making them prime hacking targets. Users should choose wisely who they operate with, choosing well-reputed platforms and investing diligently.
• Scammers often impersonate legitimate social media accounts. It is important not fall victim to phishing attacks that may arise from scammy giveaways
• Poor cybersecurity can lead to loss and breaches. Users should maintain strong passwords, employ reputable security software, and remain vigilant.

Click here for the full list of 2024 hacks, scams and exploits.

In the realm of cryptocurrency, volatility reigns supreme, evident in the staggering losses suffered by notable platforms. Euler Finance, a DeFi pioneer, faced a crippling $197 million flash loan attack, a blow to the community. 

Despite the turmoil, a ray of hope emerged when the hacker, known as “Jacob,” returned a portion of the stolen funds—a rare recovery in the DeFi world. The incident resonated across platforms like Stars Arena, which lost $3 million in AVAX tokens, highlighting the necessity for rigorous security assessments. 

Additionally, Trust Wallet’s sophisticated $4 million social engineering attack underscored the urgency for heightened vigilance in an increasingly vulnerable space.

Cryptocurrency Catastrophes: Unveiling Million-Dollar Losses And Rare Recoveries

Explore the riveting tales of security breaches and elusive recoveries as you delve into the complex world of cryptocurrencies. Each hack unveils the narratives behind million-dollar losses and the rare occurrences of fund returns.

1. Mixin Network ($200 Million)

Mixin Network , a decentralized peer-to-peer network facilitating digital asset transactions, made a public announcement on the 23rd of September regarding an immediate suspension of deposits and withdrawals. 

This decision followed a significant breach resulting in a reported $200 million loss due to a hack that specifically targeted the platform’s cloud service provider’s database. Mixin has assured its users of their commitment to resolving the issues stemming from this asset loss but indicated that specific solutions would be communicated at a later date.

2. Euler Finance ($197 Million)

Euler Finance, a DeFi protocol, suffered a flash loan attack on March 13, 2023, resulting in a $197 million loss. Exploiting a liquidity issue within Euler’s eToken function, the attacker manipulated token conversions, causing a significant decline in various cryptocurrencies and a 45% drop in EUL token value. 

Fortunately, the hacker, known as “Jacob,” returned 54,000 ETH and $10 million in DAI via encrypted messages, marking one of DeFi’s most substantial recoveries. Implementing circuit breakers and ensuring accurate protocol functions became crucial post-hack security measures.

3. Multichain ($126 Million)

The Multichain cross-chain bridge protocol encountered a suspected hack (seemed like a rug pull) on July 6. Such protocols attract hackers due to their experimental nature and centralized asset repositories. 

According to Chainalysis, unrelated issues have raised suspicions  of insider involvement in this exploit. Over $125 million in crypto was withdrawn, with substantial losses from the Fantom, Dogecoin, and Moon River bridges, affecting various assets including wETH, wBTC, USDC, Dogecoin, and Tether.

4. BonqDAO ($120 Million)

BonqDAO encountered a substantial smart contract exploit caused by an oracle breach, resulting in a $120 million loss. An exploiter tampered with an oracle in a smart contract, manipulating AllianceBlock token prices and generating significant BEUR quantities. 

The hacked BEUR was exchanged on Uniswap, plummeting prices and triggering ALBT trove liquidations. Approximately $120 million was lost, comprising $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wALBT tokens. BonqDAO and AllianceBlock are collaborating to redress the impact, including issuing new ALBT tokens.

5. HECO Bridge and HTX hack ($115 Million)

Justin Sun’s associated cryptocurrency platforms fell victim to two hacks on 23 November, potentially resulting in a $115 million loss . 

The HTX exchange, previously Huobi, lost around $30 million, while CryptoQuant estimates $85.4 million was stolen from Heco Chain, primarily in USDT and ETH. HBTC, HTX’s native cryptocurrency, was also heavily affected. The company vowed full compensation for losses due to the hot wallet attack.

6. Atomic Wallet ($100 Million)

On June 3, 2023, Atomic Wallet encountered a $100 million breach impacting over 5,500 crypto accounts. Cybersecurity analysts from firms like Elliptic tied the incident to Lazarus Group, a North Korean cybercrime syndicate notorious for substantial crypto thefts. Following the breach, a group of affluent investors from Russia and the Commonwealth of Independent States initiated legal action against Atomic Wallet. 

The specifics leading to the exploit remained unspecified by Atomic Wallet, which outlined four “probable” causes, including infrastructure breaches, device viruses, man-in-the-middle attacks, or malware injections. Emphasizing that less than 0.1% of users were affected, the firm refrained from detailing the exact conditions leading to the breach.

7. CoinEx Hack ($70 Million)

Hackers exploited compromised private keys on CoinEx, stealing over $70 million in tokens on September 12, 2023. The exchange pledged full compensation to affected users and suspended withdrawals to prevent more losses. 

The breach stemmed from compromised hot wallet keys used for deposits and withdrawals. CoinEx patched vulnerabilities, transferred remaining assets, and aims to recover lost funds through communication channels.

8. Curve Finance ($60 Million)

In a breach on July 30, Curve Finance experienced a hack leading to the loss of a minimum of $60 million. Subsequently, the platform initiated a recovery process by offering a reward to the attacker, successfully retrieving portions of the stolen funds, reaching a 73% recovery by August 7. 

The attack targeted Curve Finance’s liquidity pools, specifically those containing users’ stablecoins. Exploiting vulnerabilities in the stablecoin pool codes, hackers accessed and siphoned off the stolen funds.

9. Kyber Network ($54.7 Million)

Kyber Network suffered a $54.7 million loss in digital assets due to an exploit on November 22. The attack capitalized on double liquidity counting within the protocol. It’s deemed one of DeFi’s most sophisticated hacks, requiring precise on-chain actions for the exploit.

10. Stake.com ($41 Million)

Stake.com suffered a significant breach on September 4th, resulting in a staggering loss of around $41M from its hot wallets. The attack swiftly targeted Ethereum, BNB Smart Chain, and Polygon Networks, siphoning off $15.7 M from Etherem network and $25.2M from other two blockchains. The team took five hours to publicly acknowledge the breach after the initial attack. 

Users were earlier notified of maintenance, raising questions about the incident. The attacker began laundering stolen assets by moving them through different networks, eventually converting a significant amount to BTC.

11. CoinsPaid Phishing Scam ($37 Million)

In a security breach on July 22, cybercriminals successfully stole $37 million from the crypto payments provider CoinsPaid by employing social engineering tactics. Using a deceptive job offer, hackers gained entry to an employee’s computer. 

They orchestrated a faux interview process, manipulating the employee into installing a program that facilitated the theft of critical profiles and keys from the device. These stolen credentials granted unauthorized access to the company’s infrastructure. 

Prior to this incident, CoinsPaid had been subjected to numerous unsuccessful cyberattacks, including social engineering, distributed denial of service (DDoS), brute force attempts , and various other forms of cyber threats, starting from March.

12. Krosnos Research ($26 Million)

Kronos Research, a Taipei-based crypto trading  firm, revealed a $26 million security breach on November 19, 2023. Unauthorized access to its API keys led to the hack, prompting the firm to cease all trading operations for investigation. The aftermath impacted Woo Network, a trading platform highly dependent on Kronos Research as its key liquidity provider.

ZachXBT, a crypto investigator, tracked 12,800 ETH worth $25 million transferred to five new addresses linked to the incident. Kronos vows to restore services for supported exchanges and tokens, citing this as its first trading suspension since 2018 and aiming for a speedy recovery.

13. Bitrue Exchange ($23 Million)

Bitrue Exchange experienced a $23 million breach, resulting in the theft of various cryptocurrencies. Withdrawals were suspended, and less than 5% of Bitrue’s total reserves were affected. 

The exchange resumed operations after fixing the vulnerability and reassured users of heightened security measures.

14. Angle Protocol ($17.6 Million)

Angle Protocol faced a $17.6 million loss indirectly linked to Euler’s hack, impacting its Total Value Locked and prompting discussions on enhancing risk management strategies. 

Funds were repaid to Euler DAO, initiating debates on redistributing recovered funds to impacted users. The incident highlighted the need for improved emergency protocols and diversified risk management strategies in the DeFi space.

15. Platypus Finance ($9.2 Million)

Platypus Finance suffered a $9.2 million loss due to solvency check vulnerabilities, resulting in attacks draining stablecoins across multiple instances. 

While partial recoveries were made with the help of security firms and negotiations with Tether, some assets remained unrecoverable. The incident stressed the significance of robust security measures, regular audits, and protocol restarts to regain user trust.

16. Safemoon ($9 Million)

Safemoon experienced a smart contract exploit, losing nearly $9 million in SFM tokens through liquidity pool drainage. 

However, an agreement between the exploiter and Safemoon developers facilitated the return of $7.1 million, with the exploiter retaining 20% as a bug bounty. The incident emphasized the importance of rigorous smart contract audits and community vigilance to prevent future exploits.

17. dYdX ($9 Million)

The dYdX Exchange faced a sophisticated hack on November 17, resulting in a $9 million loss from its Version 3 insurance funds. The attack targeted the Yearn Finance token market, an unusual target with lower trading volumes, making it more effective. 

The exploit manipulated the market, causing unnatural trade surges and significant losses covered by the insurance fund, depleting 40% of its reserves. Despite this, personal funds remained secure. Investigations are ongoing to assess the hack’s full impact. 

The team attempted to mitigate by adjusting margin ratios for $YFI, but the hacker withdrew a substantial amount of USDC right before the crash, indicating a deliberate manipulation to drain funds.

18. LendHub ($6 Million)

LendHub faced a $6 million security breach due to a failure to eliminate a deprecated token during an update. Exploiting the market’s discrepancy, the hacker siphoned $6 million by manipulating mint and redeem functionalities. 

Information on fund recovery remains uncertain, underscoring the necessity for meticulous procedures during smart contract updates to prevent vulnerabilities and exploits.

19. Deus Finance ($6 Million+)

Deus Finance, a decentralized finance (DeFi) protocol, fell prey to a security breach, losing over $6 million in DEI stablecoins. The attack exploited vulnerabilities in the BNB Smart Chain and Arbitrum network, leading to losses of $1.3 million and over $5 million, respectively. Post-attack, Deus Finance halted contracts, burned DEI tokens, and initiated a recovery plan while assessing their token backing.

20. LastPass Hack ($4.4 Million)

On October 25, cybercriminals managed to extract approximately $4.4 million worth of cryptocurrency from a minimum of 25 LastPass users. 

LastPass, known for its encryption of user password data, encountered a security breach involving its cloud-based storage service. The attack, occurring last year, centered on an employee whose credentials were compromised, leading to the breach. 

The stolen funds encompassed cryptocurrencies from various blockchains, including Bitcoin, Ethereum, BNB, Arbitrum, Solana, and Polygon.

21. Trust Wallet ($4 Million)

Trust Wallet encountered a sophisticated social engineering attack, causing a $4 million loss for Webaverse. Criminals manipulated a multi-signature Trust Wallet transaction, transferring funds to a single-signature wallet using counterfeit KYC and agreements. Investigations are ongoing, focusing on understanding the breach despite lacking access to the wallet’s private key.

22. Stars Arena ($3 Million)

Stars Arena on Avalanche fell victim to an exploit, losing $3 million in AVAX tokens due to a smart contract vulnerability. 

Subsequently, a resolution was reached with the hacker, recovering roughly 90% of the stolen AVAX and compensating the attacker for their lost tokens, emphasizing the importance of rigorous security assessments and vulnerability checks for platforms.

23. Telcoin ($1.3 Million)

Telcoin, the fintech developer operating under the Monetary Authority of Singapore’s regulatory framework, disclosed a security compromise within the Polygon-based wallet application on December 26. The hack resulted in an unauthorized transfer of crypto assets valued at more than $1.3 million.

Telcoin developers have since stated that since no private keys were compromised during the exploit, all impacted user balances will be reinstated. Details regarding the reimbursement of the stolen funds are unknown.

24. Ledger ($500K USD)

Ledger, a leading digital wallet manufacturer, experienced a significant security breach in December 2023, where its Ledger Connect Kit software was compromised, leading to the theft of over $500,000 from users’ wallets. The hack, originating from a phishing attack on a former employee, affected 500-1,000 wallets, including those not exclusively using Ledger products.

The malicious code, active for about five hours, targeted transactions with decentralized applications. Ledger has since deactivated the code and confirmed the safety of using the updated Ledger Connect Kit.

25. Coins.ph ($445K)

Coins.ph, a Philippine-based crypto exchange, fell victim to an exploit where a hacker swiftly exchanged XRP lots multiple times within half an hour, amounting to nearly 12.2 million XRP tokens valued at $6 million. 

Coins.ph promptly blocked 445,000 XRP from the compromised address and collaborated with analytics firms to trace stolen XRP addresses, showcasing collective efforts to mitigate the breach’s impact.

26. Balancer ($238K)

Balancer, a prominent DeFi protocol on Ethereum, faced a security breach on its platform, preceded by a warning issued on September 19, 2023. Users were prompted to approve a malicious contract via the platform’s user interface, leading to wallet drainage. 

Although Balancer hasn’t confirmed the loss officially, estimates suggest a theft of around $238,000 in crypto. There’s no available information about the recovery of these funds. Balancer urged users to avoid their interface temporarily while they investigate and advised withdrawing from affected liquidity pools to prevent further exploits.

27. Kucoin’s Twitter Scandal ($23K USDT)

KuCoin encountered a security breach through its official Twitter account, leading to a loss of assets totaling over 22,628 USDT. Hackers controlled the account for 45 minutes, conducting fraudulent promotions and tricking users into sending funds to malicious addresses. 

KuCoin swiftly regained control of the compromised account and pledged to reimburse affected users. Measures were initiated to block addresses receiving stolen funds. Users were cautioned to scrutinize social media promotional content and avoid engaging with dubious links. KuCoin reinforced its security measures and assured users about the integrity of its website and other accounts.

The MetaMask developer, Tay, advised crypto users to spread their assets across different wallets to reduce the risk of losing all of their assets. The emphasis was placed on not keeping all assets in a single key or secret phrase for extended periods.

28. MyAlgo (Customer Information)

MyAlgo suffered a security breach via a Man-In-The-Middle attack, compromising passwords and private keys. 

While specifics about the amount lost remain undisclosed, hundreds of compromised accounts were identified. MyAlgo advised password changes and recommended Ledger hardware wallets for enhanced security.

Conclusion

The interplay between social media and cryptocurrencies has created avenues for scams and fraudulent schemes. Vulnerabilities in smart contracts and the vast assets in crypto exchanges further heighten the risks of unauthorized access and losses.

It’s important for users to be vigilant, employ enhanced security measures like hardware wallets and enabling two-factor authentication, and cautiously assess DeFi platforms and investments to safeguard against potential threats and ensure a secure crypto environment.

FAQs

How are social media platforms used for crypto-related fraudulent activities?

Social media platforms are often exploited by scammers impersonating legitimate crypto entities or influencers to promote fraudulent schemes, phishing attacks, or spread misinformation, intending to deceive users into revealing sensitive information or transferring assets.

How can vulnerabilities in smart contracts lead to crypto hacks?

Smart contracts, if poorly coded or unaudited, may contain vulnerabilities or bugs that hackers can exploit to manipulate contract functionalities, leading to unauthorized access or alterations, potentially causing loss of funds stored within the contract.

What risks are associated with crypto exchanges in relation to hacks and fraudulent activities?

Crypto exchanges can be targeted for hacks due to the vast amounts of assets they hold, vulnerabilities, inadequate security measures, or internal malpractices which may lead to unauthorized withdrawals, data breaches, or other exploitations.

How can users protect their crypto wallets from fraudulent activities and hacks?

Users can secure crypto wallets by using hardware wallets for significant amounts, employing strong, unique passwords, enabling two-factor authentication, and being vigilant against phishing attempts and malicious software.

In what ways can DeFi platforms be susceptible to fraudulent behavior and hacks?

DeFi platforms can be susceptible to various attacks like flash loan attacks, front-running, and exploits due to smart contract vulnerabilities, which can be orchestrated to drain funds or manipulate market conditions, highlighting the need for thorough platform assessment and cautious investment.

About the Author

Andrew Kamsky

Andrew Kamsky is a writer and chart analyst, holding a degree in Economics and an ACCA certification. Andrew’s professional background spans roles at a Big Four accountancy firm, a fintech bank, and a chart analyst position at a listed bank focusing on foreign currency hedging. Beyond his financial career, Andrew is passionate about music, glass neon lights and travel.

See more

[email protected] LinkedIn Twitter Youtube