- In 2023, stolen funds from crypto platforms plummeted by over 50%, reaching $1.7 billion, marking a significant decline from the $3.7 billion stolen in 2022.
- Despite this decrease, the number of individual hacking incidents rose, with the reduction primarily attributed to a substantial drop in DeFi hacking, while North Korea-affiliated hackers recorded a surge in the number of attacks but stole less overall.
Cryptocurrency hacking has been a persistent menace, with billions of dollars stolen from crypto platforms over the years. However, recent data suggests a positive turn of events in 2023, as funds stolen from crypto platforms experienced a significant drop of over 50%, falling from $3.7 billion in 2022 to $1.7 billion in 2023. Despite this decline, the number of individual hacking incidents rose from 219 to 231 during the same period, emphasizing that hacking remains a potent threat to the crypto ecosystem.
Analyzing the Dynamics of DeFi Hacking Trends in 2023
The notable decrease in stolen funds can be attributed primarily to a substantial drop in decentralized finance (DeFi) hacking. DeFi hacks were a major contributor to the surge in stolen crypto in 2021 and 2022, reaching a staggering $3.1 billion in 2022 alone. However, in 2023, hackers managed to steal just $1.1 billion from DeFi protocols, marking a remarkable 63.7% reduction in the total value stolen from these platforms.
Despite the overall decrease, several notable DeFi protocol hacks occurred in 2023. Euler Finance, Curve Finance, Mixin Network, CoinEx, Poloniex Exchange, HTX, and Kyber Network were among the victims of these attacks, highlighting the persistent vulnerabilities within the DeFi space.
Classifying and Analyzing DeFi Attack Vectors
To understand the drop in DeFi hacking better, a comprehensive analysis of attack vectors was conducted in collaboration with Halborn, a security company specializing in web3 and blockchain solutions. DeFi attack vectors were classified into two categories: those originating on-chain and those originating off-chain.
On-Chain Attack Vectors:
- Protocol Exploitation
- Contagion
- Price Manipulation Hack
- Smart Contract Exploitation
- Governance Attacks
- Other
Off-Chain Attack Vectors:
- Insider Attack
- Phishing
- Compromised Server
- Wallet Hack
- Compromised Private Key
- Third-Party Compromised
- Other
According to Mar Gimenez-Aguilar, Lead Security Architect at Halborn, both on-chain and off-chain vulnerabilities pose serious concerns. Historically, DeFi hacks were often a result of vulnerabilities in smart contract design and implementation. However, compromised private keys, price manipulation hacks, and smart contract exploitation were prominent contributors to hacking losses in 2023.
Optimism Amid Challenges
Despite the challenges, there are reasons for optimism. The drop in raw value stolen from DeFi platforms and the decline in on-chain vulnerability-driven hacking suggest that DeFi operators may be improving their smart contract security. However, Gimenez-Aguilar emphasized the need to address off-chain vulnerabilities, particularly compromised private keys, which saw an increase in associated losses from 22.0% to 47.8%.
The drop in DeFi hacking losses may be influenced by both improved security measures and a decrease in overall DeFi activity in 2023. It remains crucial for DeFi operators to enhance security practices, whether through on-chain monitoring systems or reducing reliance on centralized products and services.
North Korea’s Cryptocurrency Hacking Spree
In 2023, North Korea-affiliated hackers had a record-breaking year in terms of the number of individual crypto hacks, executing 20 attacks — the highest on record. Despite this surge in hacking incidents, the total amount stolen decreased from approximately $1.7 billion in 2022 to just over $1.0 billion in 2023.
North Korean hackers targeted various crypto platforms, stealing $428.8 million from DeFi protocols, $150.0 million from centralized services, $330.9 million from exchanges, and $127.0 million from wallet providers. Notably, there was a decrease in North Korean targeting of DeFi protocols in 2023, aligning with the overall drop in DeFi hacking trends.
Analyzing a Notable Attack: The Atomic Wallet Exploit
In June 2023, thousands of users of Atomic Wallet fell victim to a hacker affiliated with North Korea, resulting in an estimated $129 million in losses. The attack, attributed to the North Korean group TraderTraitor, showcased sophisticated on-chain maneuvers, including chain hopping through various blockchains and using mixing services like Sinbad to obfuscate transaction details.
The Future of Crypto Hacking
While the total amount stolen from crypto platforms in 2023 witnessed a significant decline, the sophistication and diversity of attacks continue to pose challenges. The positive aspect is that crypto platforms are improving their security measures and responses to mitigate the impact of exploits. Swift actions by crypto platforms and law enforcement agencies can lead to the recovery of frozen funds and gathering relevant information to combat future attacks.
In conclusion, the crypto landscape remains dynamic, with both hackers and platforms adapting and evolving. The ongoing battle between security measures and hacking techniques underscores the need for continuous vigilance and innovation in the crypto space. As the industry matures, it is expected that security practices will play a crucial role in reducing the frequency and impact of crypto hacks.