Over the last few years, cryptocurrency hacking has become a pervasive and formidable threat, leading to billions of dollars stolen from crypto platforms and exposing vulnerabilities across the ecosystem. As we revealed in last years Crypto Crime Report, 2022 was the biggest year ever for crypto theft with $3.7 billion stolen. In 2023, however, funds stolen decreased by approximately 54.3% to $1.7 billion, though the number of individual hacking incidents actually grew, from 219 in 2022 to 231 in 2023.
Why the huge drop in stolen funds? Mostly due to a drop in DeFi hacking. Hacks of DeFi protocols largely drove the huge increase in stolen crypto that we saw in 2021 and 2022, with cybercriminals stealing more than $3.1 billion in DeFi hacks in 2022. But in 2023, hackers stole just $1.1 billion from DeFi protocols. This amounts to a 63.7% drop in the total value stolen from DeFi platforms year-over-year. There was also a significant drop in the share of all funds stolen accounted for by DeFi protocol victims in 2023, as we see on the chart below.
Well explore the possible reasons for the drop in DeFi hacking in greater detail later on. Despite that drop, there still were several large hacks of notable DeFi protocols throughout 2023. In March, for instance, Euler Finance, a borrowing and lending protocol on Ethereum, experienced a flash loan attack, leading to roughly $197 million in losses. July 2023 saw 33 hacks the most of any month which included $73.5 million stolen from Curve Finance. We can see the spikes driven by those hacks below.
Similarly, several large exploits occurred in September and November 2023 on both DeFi and CeFi platforms: Mixin Network ($200 million), CoinEx ($43 million), Poloniex Exchange ($130 million), HTX ($113.3 million), and Kyber Network ($54.7 million).
Keep reading to learn more about crypto hacking trends in 2023, including how North Korea-affiliated cyber criminals had one of their most active years, executing more individual crypto hacks than ever before.
DeFi hacking exploded in 2021 and 2022, with attackers stealing approximately $2.5 billion and $3.1 billion, respectively, from protocols. Mar Gimenez-Aguilar, Lead Security Architect and Researcher at our partner Halborn, a security company specializing in web3 and blockchain solutions, told us more about the rise in DeFi hacking during those years. Theres been a worrying trend in the escalation of both the frequency and severity of attacks within the DeFi ecosystem, she explained. In our comprehensive analysis of the top 50 DeFi hacks, we observed that EVM-based chains and Solana are among the most targeted chains, largely due to their popularity and capability to execute smart contracts. When examining this trend last year, security experts told us that they believe many DeFi vulnerabilities stemmed from protocol operators focusing primarily on growth, and not enough on implementing and maintaining robust security systems.
However, for the first time since DeFis emergence as a key sector of the crypto economy, the yearly total stolen from DeFi protocols fell and fell significantly.
The value lost in DeFi hacks declined by 63.7% year-over-year in 2023, and median loss per DeFi hack dropped by 7.4%. And, while the number of individual crypto hacks rose in 2023, the number of DeFi hacks specifically declined by 17.2%.
In order to understand this trend better, we worked with Halborn to analyze 2023 DeFi hacking activity through the lens of the specific attack vectors hackers utilized.
Attack vectors affecting DeFi are diverse and constantly evolving; it is therefore important to classify them to understand how hacks occur and how protocols might be able to reduce their likelihood in the future. According to Halborn, DeFi attack vectors can be placed into one of two categories: vectors originating on-chain and vectors originating off-chain.
On-chain attack vectors stem not from vulnerabilities inherent to blockchains themselves, but rather from vulnerabilities in the on-chain components of a DeFi protocol, such as their smart contracts. These arent a point of concern for centralized services, as centralized services dont function as decentralized apps with publicly visible code the way DeFi protocols do. Off-chain attack vectors stem from vulnerabilities outside of the blockchain one example could be the off-chain storage of private keys in, say, a faulty cloud storage solution and therefore apply to both DeFi protocols and centralized services.
Source: Halborn
According to Gimenez-Aguilar, both on-chain and off-chain vulnerabilities present serious concerns. Historically, the majority of DeFi hacks have stemmed from vulnerabilities in smart contract design and implementation a large proportion of the affected contracts we examined had either not undergone any audit or had been audited inadequately, she said, explaining on-chain vulnerabilities. Another notable trend is the increase in attacks as a result of compromised private keys, which underscores the importance of improvements in security practices outside of a given blockchain.
Indeed, the data shows that both the on-chain and off-chain vulnerabilities Gimenez-Aguilar describes in particular the compromise of private keys, price manipulation hacks, and smart contract exploitation drove hacking losses in 2023.
Source: Halborn
Overall, on-chain vulnerabilities drove the majority of DeFi hacking activity in 2023, but as we see on the chart below, that changed over the course of the year, with compromised private keys driving a larger share of hacks in the third and fourth quarters.
Source: Halborn
On a hack-by-hack basis, hacks stemming from contagion (on-chain) were the most destructive, with a median loss of $1.4 million. Governance attacks (on-chain), insider attacks (off-chain), and compromised private keys (off-chain) follow, with all three accounting for a median hack value of roughly $1 million.
Source: Halborn
Overall though, the data provides reasons for optimism. Both the drop in raw value stolen from DeFi, and the relative decline in on-chain vulnerability-driven hacking over the course of 2023 suggests that DeFi operators may be getting better at smart contract security. I do think that the increase of security measures in DeFi protocols is a key factor in the reduction in the quantity of hacks related to smart contracts vulnerabilities. If we compare the top 50 hacks by value lost from this year with those from previous ones (studied in Halborns Top 50 hacks report), there is a reduction in percentage of losses from 47.0% of the total to 18.2%. Price manipulation attacks, nevertheless, remain almost constant with around 20.0% of the total value lost. This is an indication that, when performing an audit, protocols should also take into account how they interact with the whole DeFi ecosystem, said Gimenez-Aguilar. However, she also stressed that the growth in hacks driven by attack vectors such as compromised private keys indicates that DeFi operators must move beyond smart contract security and address off-chain vulnerabilities as well: Doing the same comparison as before, losses related to compromised private keys increased from 22.0% to 47.8%. As we see above, both on-chain and off-chain vulnerabilities can be highly destructive.
However, Gimenez-Aguilar also acknowledged that the drop in DeFi hacking losses may be driven in part by the overall drop in DeFi activity in 2023, which may have simply decreased the number of DeFi protocols that made ripe targets for hackers. Total value locked (TVL), which measures the total value held or staked in DeFi protocols, was down for all of 2023, following a sharp decrease in the middle of 2022.
Source: DeFiLlama
We cant say for sure whether the drop in DeFi hacking was driven primarily by better security practices or the drop in DeFi activity overall most likely, it was a mix of the two. But, if the decrease in hacking was primarily driven by the drop in overall activity, then it would be important to watch whether DeFi hacking rises again in tandem with another DeFi bull market, as this would lead to higher TVL and therefore a larger pool of DeFi funds for hackers to target.
Regardless, there are steps DeFi operators should take to improve security. DeFi protocols vulnerable to on-chain failures can develop systems that monitor on-chain activity related to economic risks and prior platform losses. Companies such as Hypernative and Hexagate, for example, produce customized alerts to prevent and react to cyber attacks, which can help platforms better secure integrations with third parties such as bridges, and communicate with customers who might be at risk. Platforms vulnerable to off-chain failures may aim to reduce reliance on centralized products and services.
North Korea-linked hacks have been on the rise over the past few years, with cyber-espionage groups such as Kimsuky and Lazarus Group utilizing various malicious tactics to acquire large amounts of crypto assets. In 2022, cryptocurrency stolen by hackers associated with North Korea reached its highest level of approximately $1.7 billion. In 2023, we estimate that the total amount stolen is slightly over $1.0 billion, but as we see below, the number of hacks rose to 20 the highest number on record.
We estimate that North Korea-linked hackers stole approximately $428.8 million from DeFi platforms in 2023, and also targeted centralized services ($150.0 million stolen), exchanges ($330.9 million), and wallet providers ($127.0 million).
2023 saw a notable decrease in North Korean targeting of DeFi protocols, mirroring the overall drop in DeFi hacking that we discussed above.
In June 2023, thousands of users of Atomic Wallet, a non-custodial cryptocurrency wallet service, were targeted by a hacker, leading to estimated losses of $129 million. The FBI later attributed this attack to North Korea-affiliated hacking group TraderTraitor and stated that the Atomic Wallet exploit was the first in a series of similar attacks, including the Alphapo and Coinspaid exploits later in the month. Although the specifics of how the attack occurred remain unclear, we used on-chain analysis to look at what happened to the funds after the initial attack, which weve broken down into four phases.
In the first phase, the attacker chain hopped moving assets from one blockchain to another, typically to obfuscate the flow of ill-gotten funds to the Bitcoin blockchain via the following three methods:
The Chainalysis Reactor graph below illustrates the third method whereby the stolen funds (in Ether at the time) moved through several intermediary addresses before reaching the Avalanche Bridge and converting to Bitcoin.
In the second phase, the attacker sent the stolen funds to the OFAC-sanctioned Sinbad, a mixing service that obscures on-chain transaction details and has been previously used by North Korean money launderers. Then, the attacker withdrew the funds from Sinbad and moved them to consolidation addresses on Bitcoin.
In the third phase, the attackers money laundering strategy shifted to focusing almost exclusively on the Tron blockchain rather than the Bitcoin blockchain. The attacker chain hopped to the Tron blockchain via one of the following methods:
In the fourth and final phase, the attacker deposited the funds at various services on the Tron blockchain. Some of these funds were mixed via Trons JustWrapper Shielded Pool, whereas others were ultimately sent to high-activity Tron addresses suspected of belonging to over-the-counter traders.
Additional on-chain activity revealed that funds stolen from Atomic were consolidated with assets from other sources before moving elsewhere, which is likely related to the subsequent Alphapo and Coinspaid exploits.
Although the total amount stolen from crypto platforms in 2023 was down significantly from prior years, it is clear that attackers are becoming increasingly sophisticated and diverse in their exploits. The good news is, crypto platforms are becoming more sophisticated in their security and responses to attacks, too.
When crypto platforms act promptly after exploits, law enforcement agencies will be better equipped to contact exchanges where frozen funds are located to initiate seizure and contact services through which the funds flowed to gather relevant information about accounts and users. Over time, as these processes improve, it is likely that funds stolen from crypto hacks will continue to decline.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, investment, regulatory or other professional advice, nor is it to be relied upon as a professional opinion. Recipients should consult their own advisors before making these types of decisions. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information herein. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipients use of this material.
View post:
Stolen Crypto Falls in 2023, but Hacking Remains a Threat - Chainalysis Blog
- Cryptocurrency News Round-Up: Bitcoin in Space & MtGox 2.0 [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- This week in bitcoin: Visualizing cryptocurrency [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- PotCoin cryptocurrency aiming to aid Colorados cash-only pot shops [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Crypto()Currency - CryptoCurrency.org [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- As Bitcoin Soars in Value, Alternative Cryptocurrencies ... [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Cryptocurrency - Wikipedia, the free encyclopedia [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Bitcoin vs. Political Power: The Cryptocurrency Revolution - Stefan Molyneux at TNW Conference - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- TNW - Stefan Molyneux - Money, Power and Politics The Cryptocurrency Revolution - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Bit coin and Cryptocurrency - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Atencoin is the First AML Compliant CryptoCurrency - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- How to Set Up a Ripple (CryptoCurrency) Generating System! - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Bitcoin / Cryptocurrency - An Extensive FAQ - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- --- The Great Debate --- Bitcoin vs Altcoin @ The CryptoCurrency Convention 4/9/14 - - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Bryce Weiner @ CryptoCurrency Convention 4/9/14 - - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Popularcoin @ CryptoCurrency Convention 4/9/14 - Joshua Nold - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- TimeKoin @ CryptoCurrency Convention 4/9/14 - Michael Brown - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Infinitecoin @ CryptoCurrency Convention 4/9/14 - Loring Small - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Bitcoin Exchange CryptoRush Loses Millions of BlackCoin Cryptocurrency - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Brock Pierce, Entrepreneur "FireSide Chat" @ CryptoCurrency Convention NYC - 4/9/14 - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Dogecoin Founder Speaks on the Future of Cryptocurrency [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Flash Gordon Conquers the Universe 3 Captured by Shark Men (1940) - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- [OFFICIAL SPONSOR] Nick Spanos, Bitcoin Center NYC @ CryptoCurrency Convention 4/9/14 - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- AuroraCoin @ CryptoCurrency Convention NYC 4/9/14 - David Lio - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Florincoin @ CryptoCurrency Convention NYC 4/9/14 - Joe Fiscella - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- DigiByte @ CryptoCurrency Convention NYC 4/9/14 - Jared Tate - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Digitalcoin @ CryptoCurrency Convention NYC 4/9/14 - Andrew Davidson - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- PotCoin @ CryptoCurrency Convention NYC 4/9/14 - Nick Iversen - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- ZenithCoin @ CryptoCurrency Convention NYC 4/9/14 - Eddie Corral - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- BitAngels Co-Founder, David Johnson @ CryptoCurrency Convention NYC 4/9/14 - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- New York to Regulate Bitcoin: Is the Cryptocurrency Biz Like the Wild West? - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Australian dogecoin founder speaks on the future of cryptocurrency [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- Cryptocurrency [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- How to Buy Bitcoins BTC Litecoins LTC Quarks QRK Cryptocurrency Altcoins - Video [Last Updated On: April 28th, 2014] [Originally Added On: April 28th, 2014]
- Coinnext Cryptocurrency Exchange Coming Soon - Video [Last Updated On: April 30th, 2014] [Originally Added On: April 30th, 2014]
- Cryptocurrency News Round-Up: MtGox Hearing Begins as Bitcoin gets Bloomberg Endorsement [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- mTrader.org - Cryptocurrency Mining System - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Ripple XRP Decentralized CryptoCurrency Bitcoin Exchange Open-Sourced BlockChain - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- Cryptocurrency News Round-Up: Transparent Exchange & Bitcoin Banks [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- Bitcoin Cryptocurrency Crash Course with Andreas Antonopoulos - Jefferson Club Dinner Meet - Video [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- MAX KEISER & ALEX JONES talks about BITCOIN - Is Cryptocurrency the FUTURE? - Video [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- CryptoCurrency - cryptobars commodity Launch! - Video [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- Coin Pursuit Launches SliceFeeds Interactive Cryptocurrency Network [Last Updated On: May 3rd, 2014] [Originally Added On: May 3rd, 2014]
- CS 171 Final Project: Cryptocurrency Visualizations - Video [Last Updated On: May 3rd, 2014] [Originally Added On: May 3rd, 2014]
- The Mises View: "Taxing Cryptocurrency" | Jeff Deist - Video [Last Updated On: May 3rd, 2014] [Originally Added On: May 3rd, 2014]
- Cryptocurrency Explained The Tech Guy 1046 - Video [Last Updated On: May 3rd, 2014] [Originally Added On: May 3rd, 2014]
- Such Dogecoin. Much Validity. How one altcoin may have turned into cryptocurrencys best marketing tool [Last Updated On: May 4th, 2014] [Originally Added On: May 4th, 2014]
- Cryptocurrency | Ground Zero with Clyde Lewis [Last Updated On: May 4th, 2014] [Originally Added On: May 4th, 2014]
- Know How 74 Cryptocurrency - Video [Last Updated On: May 4th, 2014] [Originally Added On: May 4th, 2014]
- MIT undergrads will each receive $100 in bitcoin [Last Updated On: May 5th, 2014] [Originally Added On: May 5th, 2014]
- Bitcoin wins US election panel's approval for political donations [Last Updated On: May 9th, 2014] [Originally Added On: May 9th, 2014]
- CryptoCurrency of the World Unite! - Video [Last Updated On: May 10th, 2014] [Originally Added On: May 10th, 2014]
- The Bitcoin Stats Show - Ep 6: 16th April 2014 - Video [Last Updated On: May 10th, 2014] [Originally Added On: May 10th, 2014]
- Bitcoin vs. Political Power: The Cryptocurrency Revolution Stefan Molyneux at TNW Conferen - Video [Last Updated On: May 11th, 2014] [Originally Added On: May 11th, 2014]
- AMD cuts Radeon R9 280 price as inflation woes die down [Last Updated On: May 15th, 2014] [Originally Added On: May 15th, 2014]
- BBT Presents: Ode to Cryptocurrency - Video [Last Updated On: May 15th, 2014] [Originally Added On: May 15th, 2014]
- The Cryptocurrency Certification Consortium - Video [Last Updated On: May 15th, 2014] [Originally Added On: May 15th, 2014]
- Scryptify Cryptocurrency Video - Crypto Currency Exchanges - Video [Last Updated On: May 15th, 2014] [Originally Added On: May 15th, 2014]
- Bitpagar Cryptocurrency - Video [Last Updated On: May 16th, 2014] [Originally Added On: May 16th, 2014]
- How to Mine Cryptocurrency Safely - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- Bunnycoin - Innovative New Cryptocurrency - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- Cubieboard 1 2 Mining Peercoins SHA256 based Cryptocurrency - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- Megacoin Teaser Video New CryptoCurrency Bitcoin Best AltCoin 2014 Anonymous Zerocoin - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- Jan Irvin on Learning, Statism, Culture, Cryptocurrency and Voluntarism -- Potent News Podcast #1 - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- Nxt cryptocurrency platform: Proof of Stake mining system - Video [Last Updated On: May 19th, 2014] [Originally Added On: May 19th, 2014]
- Givecoin.info Announces Partnership with Do A Bit of Good: World's First Charitable Mining Screensaver [Last Updated On: May 21st, 2014] [Originally Added On: May 21st, 2014]
- Cryptocurrency: Get Mining! - Video [Last Updated On: May 22nd, 2014] [Originally Added On: May 22nd, 2014]
- Violincoin - The first cryptocurrency for musician - - Video [Last Updated On: May 22nd, 2014] [Originally Added On: May 22nd, 2014]
- Trollcoin - The Fun Cryptocurrency! - Video [Last Updated On: May 22nd, 2014] [Originally Added On: May 22nd, 2014]
- The Cryptocurrency Store (Spanish/Espagnol) - Video [Last Updated On: May 23rd, 2014] [Originally Added On: May 23rd, 2014]
- How To Trade CryptoCurrency: Sign up to a safe and reliable exchange for trading CryptoCurrency - Video [Last Updated On: May 23rd, 2014] [Originally Added On: May 23rd, 2014]
- UT students to launch cryptocurrency exchange [Last Updated On: May 24th, 2014] [Originally Added On: May 24th, 2014]
- Cryptocurrency and Nonprofits with Eric Nakagawa - Video [Last Updated On: May 24th, 2014] [Originally Added On: May 24th, 2014]
- The Cryptocurrency Store - Video [Last Updated On: May 24th, 2014] [Originally Added On: May 24th, 2014]
- Videoconferencia Cryptocurrency 201243946 - Video [Last Updated On: May 27th, 2014] [Originally Added On: May 27th, 2014]
- VideoCharla Jesus Ramos Cryptocurrency - Video [Last Updated On: May 27th, 2014] [Originally Added On: May 27th, 2014]
- Cryptocurrency Round-Up: Bitcoin Pioneer Dies and Digital Currency's Status in Australia [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Bleutrade Cryptocurrency Exchange Review - Video [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Bitcoin enthusiasts discuss the cryptocurrency - Video [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Make Fast 1.0 up to 10.00 BTC or Any Cryptocurrency REAL CASH - Video [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Halcyon cryptocurrency - Video [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]