Hacks and exploits continued to plague the crypto industry in 2023, with billions of dollars lost as crypto criminals took advantage of weak security.
The good news? This year wasn’t as bad as last year, which was the worst on record, according to analysts.
Blockchain intelligence company TRM Labs said in a December report that while “a few large hacks could close the gap in December,” 2023 would likely finish with “significantly lower totals than 2022”—during which a massive $4 billion was stolen.
Still, a hefty amount has been lost this year as well, with TRM Labs’ figures adding up to $1.7 billion.
Let’s look at some of the biggest hacks of the year. (Figures in this piece represent the value of the funds at the time of the incident.)
Mixin: $200 million
Hackers hit Hong Kong-based cross-chain asset transfers and decentralized exchange project Mixin in September, taking $200 million in crypto. The project’s “cloud service provider” was targeted and the project froze withdrawals. Mixin was later criticized for its design, with decentralization proponents claiming the project was more centralized than it claimed to be.
Euler Finance: $197 million
In March, hackers targeted DeFi lender Euler with a flash loan attack, taking $8.7 million in the decentralized stablecoin DAI, $18.5 million in Wrapped Bitcoin (WBTC), a huge $135.8 million in Staked Ethereum (stETH), and $33.8 million in Circle’s USD stablecoin USDC.
The hacker would later return most of the stolen funds back to users.
Poloniex: $126 million
Tron founder Justin Sun’s Poloniex crypto exchange was also targeted—with hackers making away with over $126 million in crypto in November. The criminals swooped away Ethereum, Tron, stablecoins USDT and TUSD, as well as a significant amount of meme coins.
The exchange later announced that it had frozen a portion of the assets associated with the hackers' addresses and that Poloniex’s operating revenue could cover the losses.
Atomic wallet: $100 million
North Korean hackers hit self-custodial, decentralized Atomic Wallet in June, taking at first $35 million in digital tokens. The number then grew almost three-fold as funds continued to leave wallets—and no explanation was given to customers.
Blockchain firm Elliptic later said it had partnered with several investigators and exchanges worldwide to trace and freeze the stolen funds that it had frozen the addresses.
Curve: $60 million
Hackers targeted the decentralized finance (DeFi) protocol Curve in July. The decentralized exchange—which runs on Ethereum—was one of many protocols that forked its code, leading hackers to find a vulnerability in the programming language it used subsequently, Vyper.
But Curve offered a reward to the attacker and successfully retrieved a 73% recovery by August 7.
Kyber: $48 million
Hackers hit DeFi market maker KyberSwap with an attack in November, making away with nearly $50 million in crypto. Then things got weird: the exploiter wrote an open, on-chain letter asking for complete control of the protocol and the company behind it—and for Kyber’s leadership to be purged.
Stake: $40 million
In September, hackers hit Stake, a gambling site popularized by rapper Drake, with a $40 million hack. Crypto funds were drained from a wallet belonging to the gambling platform but the company insisted customer funds were safe.
Criminals took $16 million in Ethereum, Tether, USD Coin, and DAI before pinching another $25 million in Binance Smart Chain and Polygon, according to experts. The FBI later said that North Korea-linked hacker organization Lazarus Group was behind the attack.
Edited by Ryan Ozawa.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.