$900 Million Has Been Stolen in Crypto Hacks This Year
Disclaimer: The Industry Talk section features insights by crypto industry players and is not a part of the editorial content of Cryptonews.com.
The total lost to crypto hacks in 2023 is on course to surpass $1 billion. By September 30, a total of $900M had been stolen by hackers, an astonishing figure even if it fails to match the $2.7B lost through similar attacks last year. While the cumulative value of crypto stolen in 2023 is lower, the number of hacks is greater.
The smaller average haul in 2023 can be partially attributed to falling asset prices and reduced DeFi TVL. With less dollars locked into protocols, there’s been less for hackers to steal. While hemorrhaging over $100M a month to hackers isn’t a good look for the industry, crypto users can at least take comfort from the fact that attackers are focusing their efforts on projects, not people. In the wake of the FTX collapse and other scandals that rocked crypto last year, there are signs that users are taking wallet security more seriously.
Who’s Behind This Year’s Biggest Hacks?
Public blockchains provide a permanent record of who did what, when, and how. This makes them ideal for forensically analyzing hacks, phishing attacks, and exploits. One thing they can rarely do, however, is provide proof of who the attacker was – even if the clues are there. Onchain analytics service Cielo has a public list of wallets involved with some of this year’s biggest hacks. It includes the hackers of Mixin ($200M), HTX ($8M), and CoinEx ($55M). Those were just a few of the hacks perpetrated in September, when a total of $308M was stolen.
DefiLlama, which tracks major crypto hacks, records such entry methods as database attack, frontend attack, and compromising private keys. Hackers are nothing if not industrious. Several of the year’s largest hacks have been credited to state-sponsored groups such as North Korea’s Lazarus Group, previously blamed for hacking Ronin in one of the largest onchain thefts of all time. Such well-funded and well-trained groups can’t take all the credit for this year’s $900M haul however.
Brandon Brown is the CEO and Co-Founder of FairSide, an insurance alternative provider for self-custody wallets. “While many of the hacks that make headlines can be attributed to major groups, the number of actors involved in malicious activities in the crypto space is diverse,” he explains. “It would be overly simplistic to attribute the majority of crypto-related crimes to a few sophisticated actors. That being said, the high-profile nature and potential profitability of cryptocurrency thefts mean that sophisticated actors, whether state-sponsored or organized crime groups, are attracted to this domain.”
Follow the Money
Hackers go where the money is, which generally means attacking poorly secured protocols, liquidity pools, and smart contracts. Individual users are not immune from attack, however. The ability for high-value wallets to be viewed by anyone onchain makes it easy for hackers to draw up a wish list of targets. If they can connect a wallet to its owner, the opportunity for a social engineering attack may present itself.
In recent weeks, Vitalik Buterin has seen his Twitter account hijacked via a SIM swap and $700K stolen from followers who clicked the phishing links posted to his account. Elsewhere, Mark Cuban had his wallet drained, becoming the latest public figure to click a wrong link and run into trouble.
Despite even savvy users coming unstuck, it’s not all bad news for crypto holders. Improved tooling is making web3 wallets more robust, while the frequency of hacks has kept the need for impeccable opsec paramount in the minds of users. With market conditions expected to pick up in Q1, those who’ve retained their crypto net worth will feel capable of handling anything 2024 may throw their way.