[ad_1]
Since the crypto industry came to be, cybercriminals have been looking for ways to con investors and companies out of their decentralized assets. Throughout 2023, crypto hacks and scams have continued to occur, with hundreds of millions in crypto being snatched. There are a few notable thefts that hit news headlines, leaving a huge dent in the wallets of both people and platforms.
So, let’s discuss the biggest crypto hacks of 2023.
1. Euler Finance Hack
In March 2023, the Euler Finance hack shook the crypto industry when hackers stole almost $200 million in crypto from the lending platform.
Euler Finance became aware of the hack when PeckShield mentioned the platform in a post on X (formerly Twitter). In the post, PeckShield simply told Euler that it might want to take a look at a slew of rapid and suspicious transactions. These transactions turned out to be the result of a huge hack, wherein $197 million in cryptocurrency was stolen.
However, in a strange turn of events, the individual(s) responsible for this hack returned the stolen funds just a few weeks after it took place. Even more interestingly, the party responsible seemed to add an apology note in one of the return transactions, as you can see on Etherscan.
2. Mixin Breach
In September 2023, crypto platform Mixin suffered a similar fate to Euler Finance when $200 million in crypto was stolen by hackers. This attack was conducted via a data breach of Mixin’s cloud service provider. Mixin announced the hack in an X post, with one user commenting that they allegedly lost $100,000 in the exploit.
At the time of writing, Mixin still hasn’t been able to track down the attacker or recover the stolen funds. However, the platform did commit to compensating every user half of their lost holdings.
3. CoinsPaid Phishing Scam
Phishing is a very popular social engineering tactic used by cybercriminals, and has done a lot of damage in the crypto industry. In August 2023, crypto payment processor CoinsPaid suffered a $37 million hack when malicious actors targeted an employee with a phony job offer.
In the exploit, the employee unknowingly installed malware under the assumption they were taking a test as part of the fake employer’s interview process. This malware was then used to hack the CoinsPaid internal infrastructure, giving attackers access to millions in crypto funds. While the Lazarus hacking group has been suspected of the hack, nothing has been confirmed, and CoinsPaid has not managed to recover the stolen funds at the time of writing.
4. Atomic Wallet Hack
The popular software crypto wallet provider Atomic Wallet suffered a $100 million hack in June 2023, wherein over 5,000 user accounts were hit. While some users had some of their funds stolen, some had their wallets emptied entirely. At the time of writing, Atomic Wallet still hasn’t explained how the hack took place.
The Lazarus hacking group was initially blamed for the exploit, though things began to take a turn when a Ukrainian hacking group was highlighted as the possible perpetrator.
In August 2023, Atomic Wallet came under fire when the company faced a class-action lawsuit from numerous affected investors over the stolen funds. Time will tell if Atomic Wallet faces legal repercussions for the hack, and if affected users will receive compensation.
5. Curve Finance Hack
At the end of July 2023, Curve Finance was hit by a cyberattack that resulted in the theft of over $60 million in cryptocurrency. In this instance, Curve Finance’s liquidity pools were targeted, wherein users had deposited their stablecoins. The stablecoin pools hosted by Curve Finance had code vulnerabilities that hackers exploited in order to access the stolen funds.
In August 2023, part of the stolen funds were returned by the hacker after Curve Finance offered a reward to those who could identify the culprit. White-hat hackers also played a role in returning some of the funds, with 73 percent of the stolen holdings being retrieved in total.
What’s more, Curve committed to compensating the users affected by the hack, vowing to reimburse the entirety of the funds stolen.
6. TrustWallet Scam
Another popular software wallet provider, TrustWallet, hit crypto news headlines in September 2023, when malicious actors began targeting users via phishing emails.
In this malicious campaign, thousands of emails were sent to users, with cybercriminals impersonating Trust Wallet staff. The email informed recipients that their Trust Wallet account would soon be suspended if the wallet was not verified. A link to a verification page was provided, though this lead to a malicious webpage designed to steal data. Users were asked to provide their recovery phrase, a key piece of information that can be used to access crypto wallets.
After a targeted user inputs their seed phrase, the hacker has access to their TrustWallet account funds, which led to the theft of over $40 million in cryptocurrency.
7. MultiChain Hack/Rug Pull
In July 2023, crypto news platforms began reporting a hack or possible rug pull that took place on MultiChain, a cross-chain protocol used to bridge blockchains. Suspicions began circulating when a total of $125 million was taken from MultiChain through numerous transactions.
It is thought that the hack was the result of insiders, with the platform’s CEO, Zhaojun, being arrested by Chinese authorities not long after the withdrawals took place. The CEO’s devices, including his phones, computers, and hardware wallets, were also taken away during the arrest. What’s more, Zhaojun’s arrest, his sister has also been taken into police custody for suspected involvement in the exploit.
Since the hack or rug pull, MultiChain has closed its operations. The company posted on X about the decision, listing the chain of events that led to the closure.
8. LastPass Data Breach
LastPass is no stranger to breaches, with 2023 bringing more trouble for the password manager. People use LastPass to store all kinds of sensitive information, including crypto exchange credentials and private keys or seed phrases for crypto wallets. The amount of valuable information stored with LastPass has made it a repeated target for cybercriminals.
In October 2023, $4.4 million in cryptocurrency was stolen via a LastPass breach that took place the year prior. Multiple seed phrases and passwords were used to steal the funds, all of which were being stored by LastPass. Over 25 users were affected by the theft after having their data stolen in the 2022 breach, with the funds still being at large.
9. Stake Hack
The controversial yet popular crypto gambling platform Stake suffered a hack in September 2023, wherein a total of $41 million was stolen. In this hack, users’ crypto hot wallets were targeted, with various assets, such as Ethereum and Dai, being stolen. All the funds were sent to a single wallet address, likely owned by the hacker(s) responsible. From there, the funds were sent to multiple other wallets, spreading out their location and making them harder to keep track of.
It was always suspected that North Korean hackers had something to do with this theft. This suspicion was confirmed when the FBI revealed that the Lazarus hacking group had been pinned as the responsible party. The funds are yet to be located or retrieved, as is the case for many crypto hacks.
10. CoinEx Hack
A shocking $70 million in crypto was stolen from ther CoinEx crypto exchange in September 2023, after numerous private keys for user hot wallets had been accessed by hackers.
All in all, $54 million in crypto was stolen via the exploit, with a huge transfer of almost 5,000 Ethereum triggering suspicions at the start of the month. Along with this, 231 Bitcoin, 2,220 Bitcoin Cash, 135,600 Solana, and a slew of other assets were stolen. Though no CoinEx cold wallets were affected, the attackers still managed to steal a mammoth amount, which has not been recovered as of the time of writing.
It’s no surprise that the Lazarus hacking group have been suspected as the culprit for this hack, having been allegedly responsible for numerous attacks in the past.
Crypto Hacks Aren’t Going Anywhere
With billions in crypto being stolen over the past decade, it’s highly unlikely that crypto-based scams and hacks are disappearing any time soon. Not only are cybercriminals become more sophisticated in their tactics, but platforms with lacking security and investors without experience also make for easy targets.
[ad_2]
Source link