Over the last few years, cryptocurrency hacking has become a pervasive and formidable threat, leading to billions of dollars stolen from crypto platforms and exposing vulnerabilities across the ecosystem. As we revealed in last years Crypto Crime Report, 2022 was the biggest year ever for crypto theft with $3.7 billion stolen. In 2023, however, funds stolen decreased by approximately 54.3% to $1.7 billion, though the number of individual hacking incidents actually grew, from 219 in 2022 to 231 in 2023.
Why the huge drop in stolen funds? Mostly due to a drop in DeFi hacking. Hacks of DeFi protocols largely drove the huge increase in stolen crypto that we saw in 2021 and 2022, with cybercriminals stealing more than $3.1 billion in DeFi hacks in 2022. But in 2023, hackers stole just $1.1 billion from DeFi protocols. This amounts to a 63.7% drop in the total value stolen from DeFi platforms year-over-year. There was also a significant drop in the share of all funds stolen accounted for by DeFi protocol victims in 2023, as we see on the chart below.
Well explore the possible reasons for the drop in DeFi hacking in greater detail later on. Despite that drop, there still were several large hacks of notable DeFi protocols throughout 2023. In March, for instance, Euler Finance, a borrowing and lending protocol on Ethereum, experienced a flash loan attack, leading to roughly $197 million in losses. July 2023 saw 33 hacks the most of any month which included $73.5 million stolen from Curve Finance. We can see the spikes driven by those hacks below.
Similarly, several large exploits occurred in September and November 2023 on both DeFi and CeFi platforms: Mixin Network ($200 million), CoinEx ($43 million), Poloniex Exchange ($130 million), HTX ($113.3 million), and Kyber Network ($54.7 million).
Keep reading to learn more about crypto hacking trends in 2023, including how North Korea-affiliated cyber criminals had one of their most active years, executing more individual crypto hacks than ever before.
DeFi hacking exploded in 2021 and 2022, with attackers stealing approximately $2.5 billion and $3.1 billion, respectively, from protocols. Mar Gimenez-Aguilar, Lead Security Architect and Researcher at our partner Halborn, a security company specializing in web3 and blockchain solutions, told us more about the rise in DeFi hacking during those years. Theres been a worrying trend in the escalation of both the frequency and severity of attacks within the DeFi ecosystem, she explained. In our comprehensive analysis of the top 50 DeFi hacks, we observed that EVM-based chains and Solana are among the most targeted chains, largely due to their popularity and capability to execute smart contracts. When examining this trend last year, security experts told us that they believe many DeFi vulnerabilities stemmed from protocol operators focusing primarily on growth, and not enough on implementing and maintaining robust security systems.
However, for the first time since DeFis emergence as a key sector of the crypto economy, the yearly total stolen from DeFi protocols fell and fell significantly.
The value lost in DeFi hacks declined by 63.7% year-over-year in 2023, and median loss per DeFi hack dropped by 7.4%. And, while the number of individual crypto hacks rose in 2023, the number of DeFi hacks specifically declined by 17.2%.
In order to understand this trend better, we worked with Halborn to analyze 2023 DeFi hacking activity through the lens of the specific attack vectors hackers utilized.
Attack vectors affecting DeFi are diverse and constantly evolving; it is therefore important to classify them to understand how hacks occur and how protocols might be able to reduce their likelihood in the future. According to Halborn, DeFi attack vectors can be placed into one of two categories: vectors originating on-chain and vectors originating off-chain.
On-chain attack vectors stem not from vulnerabilities inherent to blockchains themselves, but rather from vulnerabilities in the on-chain components of a DeFi protocol, such as their smart contracts. These arent a point of concern for centralized services, as centralized services dont function as decentralized apps with publicly visible code the way DeFi protocols do. Off-chain attack vectors stem from vulnerabilities outside of the blockchain one example could be the off-chain storage of private keys in, say, a faulty cloud storage solution and therefore apply to both DeFi protocols and centralized services.
Source: Halborn
According to Gimenez-Aguilar, both on-chain and off-chain vulnerabilities present serious concerns. Historically, the majority of DeFi hacks have stemmed from vulnerabilities in smart contract design and implementation a large proportion of the affected contracts we examined had either not undergone any audit or had been audited inadequately, she said, explaining on-chain vulnerabilities. Another notable trend is the increase in attacks as a result of compromised private keys, which underscores the importance of improvements in security practices outside of a given blockchain.
Indeed, the data shows that both the on-chain and off-chain vulnerabilities Gimenez-Aguilar describes in particular the compromise of private keys, price manipulation hacks, and smart contract exploitation drove hacking losses in 2023.
Source: Halborn
Overall, on-chain vulnerabilities drove the majority of DeFi hacking activity in 2023, but as we see on the chart below, that changed over the course of the year, with compromised private keys driving a larger share of hacks in the third and fourth quarters.
Source: Halborn
On a hack-by-hack basis, hacks stemming from contagion (on-chain) were the most destructive, with a median loss of $1.4 million. Governance attacks (on-chain), insider attacks (off-chain), and compromised private keys (off-chain) follow, with all three accounting for a median hack value of roughly $1 million.
Source: Halborn
Overall though, the data provides reasons for optimism. Both the drop in raw value stolen from DeFi, and the relative decline in on-chain vulnerability-driven hacking over the course of 2023 suggests that DeFi operators may be getting better at smart contract security. I do think that the increase of security measures in DeFi protocols is a key factor in the reduction in the quantity of hacks related to smart contracts vulnerabilities. If we compare the top 50 hacks by value lost from this year with those from previous ones (studied in Halborns Top 50 hacks report), there is a reduction in percentage of losses from 47.0% of the total to 18.2%. Price manipulation attacks, nevertheless, remain almost constant with around 20.0% of the total value lost. This is an indication that, when performing an audit, protocols should also take into account how they interact with the whole DeFi ecosystem, said Gimenez-Aguilar. However, she also stressed that the growth in hacks driven by attack vectors such as compromised private keys indicates that DeFi operators must move beyond smart contract security and address off-chain vulnerabilities as well: Doing the same comparison as before, losses related to compromised private keys increased from 22.0% to 47.8%. As we see above, both on-chain and off-chain vulnerabilities can be highly destructive.
However, Gimenez-Aguilar also acknowledged that the drop in DeFi hacking losses may be driven in part by the overall drop in DeFi activity in 2023, which may have simply decreased the number of DeFi protocols that made ripe targets for hackers. Total value locked (TVL), which measures the total value held or staked in DeFi protocols, was down for all of 2023, following a sharp decrease in the middle of 2022.
Source: DeFiLlama
We cant say for sure whether the drop in DeFi hacking was driven primarily by better security practices or the drop in DeFi activity overall most likely, it was a mix of the two. But, if the decrease in hacking was primarily driven by the drop in overall activity, then it would be important to watch whether DeFi hacking rises again in tandem with another DeFi bull market, as this would lead to higher TVL and therefore a larger pool of DeFi funds for hackers to target.
Regardless, there are steps DeFi operators should take to improve security. DeFi protocols vulnerable to on-chain failures can develop systems that monitor on-chain activity related to economic risks and prior platform losses. Companies such as Hypernative and Hexagate, for example, produce customized alerts to prevent and react to cyber attacks, which can help platforms better secure integrations with third parties such as bridges, and communicate with customers who might be at risk. Platforms vulnerable to off-chain failures may aim to reduce reliance on centralized products and services.
North Korea-linked hacks have been on the rise over the past few years, with cyber-espionage groups such as Kimsuky and Lazarus Group utilizing various malicious tactics to acquire large amounts of crypto assets. In 2022, cryptocurrency stolen by hackers associated with North Korea reached its highest level of approximately $1.7 billion. In 2023, we estimate that the total amount stolen is slightly over $1.0 billion, but as we see below, the number of hacks rose to 20 the highest number on record.
We estimate that North Korea-linked hackers stole approximately $428.8 million from DeFi platforms in 2023, and also targeted centralized services ($150.0 million stolen), exchanges ($330.9 million), and wallet providers ($127.0 million).
2023 saw a notable decrease in North Korean targeting of DeFi protocols, mirroring the overall drop in DeFi hacking that we discussed above.
In June 2023, thousands of users of Atomic Wallet, a non-custodial cryptocurrency wallet service, were targeted by a hacker, leading to estimated losses of $129 million. The FBI later attributed this attack to North Korea-affiliated hacking group TraderTraitor and stated that the Atomic Wallet exploit was the first in a series of similar attacks, including the Alphapo and Coinspaid exploits later in the month. Although the specifics of how the attack occurred remain unclear, we used on-chain analysis to look at what happened to the funds after the initial attack, which weve broken down into four phases.
In the first phase, the attacker chain hopped moving assets from one blockchain to another, typically to obfuscate the flow of ill-gotten funds to the Bitcoin blockchain via the following three methods:
The Chainalysis Reactor graph below illustrates the third method whereby the stolen funds (in Ether at the time) moved through several intermediary addresses before reaching the Avalanche Bridge and converting to Bitcoin.
In the second phase, the attacker sent the stolen funds to the OFAC-sanctioned Sinbad, a mixing service that obscures on-chain transaction details and has been previously used by North Korean money launderers. Then, the attacker withdrew the funds from Sinbad and moved them to consolidation addresses on Bitcoin.
In the third phase, the attackers money laundering strategy shifted to focusing almost exclusively on the Tron blockchain rather than the Bitcoin blockchain. The attacker chain hopped to the Tron blockchain via one of the following methods:
In the fourth and final phase, the attacker deposited the funds at various services on the Tron blockchain. Some of these funds were mixed via Trons JustWrapper Shielded Pool, whereas others were ultimately sent to high-activity Tron addresses suspected of belonging to over-the-counter traders.
Additional on-chain activity revealed that funds stolen from Atomic were consolidated with assets from other sources before moving elsewhere, which is likely related to the subsequent Alphapo and Coinspaid exploits.
Although the total amount stolen from crypto platforms in 2023 was down significantly from prior years, it is clear that attackers are becoming increasingly sophisticated and diverse in their exploits. The good news is, crypto platforms are becoming more sophisticated in their security and responses to attacks, too.
When crypto platforms act promptly after exploits, law enforcement agencies will be better equipped to contact exchanges where frozen funds are located to initiate seizure and contact services through which the funds flowed to gather relevant information about accounts and users. Over time, as these processes improve, it is likely that funds stolen from crypto hacks will continue to decline.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, investment, regulatory or other professional advice, nor is it to be relied upon as a professional opinion. Recipients should consult their own advisors before making these types of decisions. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information herein. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipients use of this material.
View post:
Stolen Crypto Falls in 2023, but Hacking Remains a Threat - Chainalysis Blog
- Bitcoin Just Did Something It Has Only Done 3 Times Before. The Cryptocurrency Usually Does This Next. - The Motley Fool - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Market News: Bitcoin Halving Steadies Price, Network Transaction Fees Spike - Investopedia - April 25th, 2024 [April 25th, 2024]
- Bitcoin Just Did Something It Has Only Done 3 Times Before. The Cryptocurrency Usually Does This Next. - Yahoo Finance - April 25th, 2024 [April 25th, 2024]
- 10 Best Cryptocurrencies To Buy In April 2024 - Forbes - April 25th, 2024 [April 25th, 2024]
- Movement Labs raises $38 million to build layer 2 blockchain on Ethereum with Facebook tech - Fortune - April 25th, 2024 [April 25th, 2024]
- Cardano Founder Charles Hoskinson Reiterates Core Purpose of Cryptocurrency Here's What You Need to Know - Cryptonews - April 25th, 2024 [April 25th, 2024]
- From Cryptocurrency to Cannabis: 7 Penny Stocks on the Rise - InvestorPlace - April 25th, 2024 [April 25th, 2024]
- South Carolina: Cryptocurrency scams on the rise in Upstate - WYFF4 Greenville - April 25th, 2024 [April 25th, 2024]
- Binance BNB Memecoin Traders Join 100X New Cryptocurrency On Uniswap - Yahoo Finance - April 25th, 2024 [April 25th, 2024]
- The Future of Real Estate: Investing in Tokenized Properties with Cryptocurrency - ForexLive - April 25th, 2024 [April 25th, 2024]
- The Current Position with Cryptocurrency Regulation in the United States - Latest Cryptocurrency Prices & Articles - April 25th, 2024 [April 25th, 2024]
- 3 Must-Know Facts About Ethereum, Before You Buy the Cryptocurrency - The Motley Fool - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency: 3 Meme Coins To Watch In May for Exponential Gains - Watcher Guru - April 25th, 2024 [April 25th, 2024]
- EOS Falls 14% In Bearish Trade By Investing.com - Investing.com - April 25th, 2024 [April 25th, 2024]
- The UItimate Cryptocurrency to Buy With $1,000 Today - The Motley Fool - April 25th, 2024 [April 25th, 2024]
- Romance scams involving AI images, cryptocurrency on the rise in Chicago - CBS Chicago - April 25th, 2024 [April 25th, 2024]
- Bitcoin Halving Event Of 2024: The Aftermath Forbes Advisor Australia - Forbes - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Ethereum Classic Down More Than 4% Within 24 hours - Benzinga - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency: Top 3 Coins To Buy Now For 10X Gains In 2024 - Watcher Guru - April 25th, 2024 [April 25th, 2024]
- What's going to be different with the halving of Bitcoin this time? - Euronews - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency OKB Decreases More Than 3% Within 24 hours - Benzinga - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency OKB Decreases More Than 3% Within 24 hours - Investing.com UK - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Kaspa Falls More Than 3% In 24 hours - Benzinga - April 25th, 2024 [April 25th, 2024]
- BRICS To Replace US Dollar With Cryptocurrency for Trade - Watcher Guru - April 25th, 2024 [April 25th, 2024]
- Bitcoin Halving Sparks Unprecedented Transformation in Cryptocurrency Market - West Island Blog - April 25th, 2024 [April 25th, 2024]
- Influential Analyst on YouTube Shares High-Potential Cryptocurrency That Could Beat Shiba Inu (SHIB) and Dogecoin (DOGE) Gains in This Bull Run -... - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Uniswap Up More Than 3% In 24 hours By Benzinga - Investing.com UK - April 25th, 2024 [April 25th, 2024]
- Bitcoin is halving again what does that mean for the cryptocurrency and the market? - The Conversation - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Ethereum Classic Down More Than 4% Within 24 hours By Benzinga - Investing.com UK - April 25th, 2024 [April 25th, 2024]
- RackNerd Expands Cryptocurrency Payment Options with Coinify Integration, Accepting Over 30 Cryptocurrencies - PR Web - April 25th, 2024 [April 25th, 2024]
- What Meltdown? Crypto Comes Roaring Back in the Philippines. - The New York Times - March 18th, 2024 [March 18th, 2024]
- Chinas cryptocurrency investors made gains of US$1 billion in 2023 - South China Morning Post - March 18th, 2024 [March 18th, 2024]
- 1 Super Cryptocurrency Could Soar to $200,000 by 2025, According to a Wall Street Analyst - The Motley Fool - March 18th, 2024 [March 18th, 2024]
- Cryptocurrency Miners Need to Report their Energy Use - Earthjustice - March 18th, 2024 [March 18th, 2024]
- Understanding the Fundamental Differences Between Cryptocurrency and Fiat Currency - FinSMEs - March 18th, 2024 [March 18th, 2024]
- SOL Flips BNB, Becoming 4th Largest Cryptocurrency as Ethereum Becomes Next Target - CCN.com - March 18th, 2024 [March 18th, 2024]
- Prosecutors seek from 40 to 50 years in prison for Sam Bankman-Fried for cryptocurrency fraud - The Associated Press - March 18th, 2024 [March 18th, 2024]
- Cryptocurrency: 3 Meme Coins That Could 15x This Bull Season - Watcher Guru - March 18th, 2024 [March 18th, 2024]
- Can the Bitcoin surge push India to overcome its cryptocurrency hurdles? - The National - March 18th, 2024 [March 18th, 2024]
- The Ultimate Cryptocurrency to Buy With $1,000 Today - Yahoo Finance - March 18th, 2024 [March 18th, 2024]
- Cryptocurrency laundryman gets hung out to dry - The Register - March 18th, 2024 [March 18th, 2024]
- Bitcoin price predictions: How much more could it rise in 2024? - Euronews - March 18th, 2024 [March 18th, 2024]
- Shiba Inu Is Skyrocketing: Is It a Top Cryptocurrency to Buy Right Now? - Yahoo Finance - March 18th, 2024 [March 18th, 2024]
- 1 Top Cryptocurrency to Buy Before It Soars 1,328%, According to Cathie Wood of Ark Invest - The Motley Fool - March 18th, 2024 [March 18th, 2024]
- The other Bitcoin rally: How scams are cashing in on the cryptocurrency fever - EL PAS USA - March 18th, 2024 [March 18th, 2024]
- Kalshi Prediction Market To Introduce Cryptocurrency Betting (Payouts In USD) - Blockchain Magazine - March 18th, 2024 [March 18th, 2024]
- Bitcoin Hits Record $72,000, Emboldening Crypto Industry - The New York Times - March 18th, 2024 [March 18th, 2024]
- Solana (SOL) Flips BNB to Become 4th Largest Cryptocurrency - Watcher Guru - March 18th, 2024 [March 18th, 2024]
- Predicting which Cryptocurrency will Boom in 2024 - ForexLive - March 18th, 2024 [March 18th, 2024]
- Nigeria's Cryptocurrency Crackdown Will Have Consequences, Experts Say - Voice of America - VOA News - March 18th, 2024 [March 18th, 2024]
- Crypto ETN providers head for UK but urge rethink on retail ban - Financial Times - March 18th, 2024 [March 18th, 2024]
- Trump Signals Positive Stance on Cryptocurrency If Elected to the White House - Yahoo Finance - March 18th, 2024 [March 18th, 2024]
- Bitcoin Bulls vs. Bubble Bears: A Cryptocurrency Clash - Crypto Times - March 18th, 2024 [March 18th, 2024]
- Imprison crypto fraudster Bankman-Fried 40 to 50 years, say feds - New York Daily News - March 18th, 2024 [March 18th, 2024]
- Is This The Best Cryptocurrency to Buy With $1,000? - Analytics Insight - March 18th, 2024 [March 18th, 2024]
- How Immortalboost.com Connects Gamers and Cryptocurrency - TheXboxHub - March 18th, 2024 [March 18th, 2024]
- Avalanche (AVAX) Created Millionaires, Here's The New A.I Exchange Cryptocurrency Predicted Huge Gains In 2024 - Analytics Insight - March 18th, 2024 [March 18th, 2024]
- Solana volume leapfrogs Ethereum as memecoin frenzy seen sending price to $415 - DLNews - March 18th, 2024 [March 18th, 2024]
- Bitcoin alternatives, from Ether to Dogecoin - Quartz - March 18th, 2024 [March 18th, 2024]
- Cryptocurrency Price on March 12: Bitcoin trades near $72,000; Toncoin, Avalanche jump up to 34% - The Economic Times - March 18th, 2024 [March 18th, 2024]
- Cryptocurrency: 3 Coins To Watch Under $1 as Bitcoin Hits $56,000 - Watcher Guru - February 27th, 2024 [February 27th, 2024]
- The Ultimate Cryptocurrency to Buy With $1,000 Today - The Motley Fool - February 27th, 2024 [February 27th, 2024]
- The vast Ponzi scheme that is cryptocurrency - The Pasadena Star-News - February 27th, 2024 [February 27th, 2024]
- Exploring the World of Global Cryptocurrency Exchanges - Indiana Daily Student - February 27th, 2024 [February 27th, 2024]
- Cryptocurrency Prices And News: Bitcoin Price Hits 27-Month High Above $57000 - Investor's Business Daily - February 27th, 2024 [February 27th, 2024]
- 7 Best Cryptocurrency Investing Strategies | Investing | U.S. News - U.S News & World Report Money - February 27th, 2024 [February 27th, 2024]
- Cryptocurrency fraud costs: $1.56 billion in 2023 - Accounting Today - February 27th, 2024 [February 27th, 2024]
- Expanding Horizons: WDC Quantify's 2024 Plan to Revolutionize Cryptocurrency Trading and Investment - Morningstar - February 27th, 2024 [February 27th, 2024]
- BC Court Upholds Temporary Freeze on Cryptocurrency Mining Connections to BC Hydro Grid - BlockTribune - February 27th, 2024 [February 27th, 2024]
- Texas Blockchain Council and Riot Platforms Win Temporary Restraining Order Against DoE Cryptocurrency Mining ... - BlockTribune - February 27th, 2024 [February 27th, 2024]
- Bitcoin price passes $57,000 to hit 2-year high - Quartz - February 27th, 2024 [February 27th, 2024]
- More from Fed's Schmid: Would be a mistake to consider cryptocurrency as a currency - ForexLive - February 27th, 2024 [February 27th, 2024]
- 1 Top Cryptocurrency to Buy Before It Soars 4,500%, According to Cathie Wood's Ark Invest - The Motley Fool - February 27th, 2024 [February 27th, 2024]
- Cryptocurrency: 3 Coins That Could Surge in March - Watcher Guru - February 27th, 2024 [February 27th, 2024]
- Blockchain Unveiled: Beyond Cryptocurrency Lies a World of Opportunity - AutoGPT Official - AutoGPT - February 27th, 2024 [February 27th, 2024]
- Updated Bitcoin prices outlook for 2024 By Investing.com - Investing.com - February 27th, 2024 [February 27th, 2024]
- Suspicious Activity Surrounds BitForex Cryptocurrency Exchange The Merkle News - The Merkle Hash - February 27th, 2024 [February 27th, 2024]
- Donald Trump's Cryptocurrency Portfolio Tops $5M, Thanks to $2.9M in Trump-Branded Tokens Bitcoin News - Bitcoin.com News - February 27th, 2024 [February 27th, 2024]
- Matthew Perry's X account hacked and soliciting cryptocurrency donations through fraudulent site - MSN - February 27th, 2024 [February 27th, 2024]
- Bitcoin: Here's why the flagship cryptocurrency keeps soaring - Cointribune EN - February 27th, 2024 [February 27th, 2024]