2023 has been a wild year, with many high profile hacks. Over 751 breaches, a total of $1.8 billion were stolen, causing big losses for victims as well as the Blockchain community as a whole. Although this amount represents a 51% decrease compared to 2022, where the total losses from hacks amounted to $3.7 billion, this is still an unacceptably high number which severely impacts the reputation and trustworthiness of the Web3 ecosystem, ultimately hindering mass adoption.
In order to secure our blockchains better in 2024, it's paramount that we learn from past exploits and avoid these in the future, so let's dive in the top 10 hacks of 2023!
[10] Stake.com - $41M - The hack was due to the compromise of the platform's hot wallet private keys which the FBI attributed to the infamous North Korean hackers, Lazarus Group.
[9] KyberSwap - $47M - The decentralised exchange aggregator faced an attack exploiting a reentrancy vulnerability in the mint function of a new token.
[8] CoinEx - $54M - The Hong Kong-based exchange was hacked due to a breach involving the compromise of the exchange's hot wallet private keys, another hack likely performed by the North Korean Lazarus Group.
[7] Heco Bridge and HTX - $100M - Another Lazarus Group hack where funds were drained via a compromised operator account as well as three compromised hot wallets.
[6] Atomic Wallet - $100M - The exact cause of the hack remains unknown however, it has been attributed to the Lazarus Group which most likely is behind this hack.
[5] BonqDAO - $120M - The project suffered a price oracle manipulation attack facilitated by instantaneous price updates. The attacker was able to request a price update for a token, inflating its value, and then use that inflated value to drain assets from the protocol.
[4] Poloniex - $126M - The root cause of this hack is likely due to a breach involving the compromise of the exchange's hot wallet private keys.
[3] Multichain - $126.3M - This is suspected to be an inside job or a compromise of the platform's keys, following the arrest of Multichain’s CEO and some team members, red flags emerged around the legitimacy of the protocol.
[2] Euler Finance - $197M - In this incident the attackers exploited a vulnerability introduced in a July 2022 update to the project’s smart contracts. This update was missing vital checks regarding the health of a user’s current position when performing donations to the project’s reserves. Through a sophisticated flash loan attack the attackers were able to exploit the smart contract vulnerability and steal $197 million in various cryptocurrencies
[1] Mixin Network - $200M - In the biggest hack of 2023, the attackers started the exploit by first compromising the project’s cloud service provider. Information in that provider’s database gave the attackers the ability to access the project’s hot wallets and drain them of crypto.
This is a wrap for 2023 Web3 security, with key compromises being the single largest point of failure in the ecosystem and a leading black hat hacker organisation, the Lazarus Group, not afraid of taking advantage of this, and other blockchain vulnerabilities.
Have you missed out on some big security news in 2023? Make sure this doesn't happen to you in 2024 and follow us on X for the latest in Web3 cybersecurity.
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.
You build the future. We help you secure it.