In 2023, hacks within the crypto industry caused losses surpassing $1.7 billion.
However, this was also the year that the number of hacks decreased, while 10 high-profile cases were responsible for $1.2 billion of overall losses.
Threat actors exploited systems using both known weaknesses or social engineering tactics as well as advanced hacking methods and zero-day threats.
Web3 security company Salus studied 453 reported cyber incidents. In their yearly report, they break down the impact of the 10 most damaging attacks in the crypto space.
Looking back at 2023, what have been the most damaging vulnerabilities within the Web3 spaces, which high-profile attacks have been the most damaging, and how to strengthen security going forward?
Salus Cybersecurity Report Highlights
A few notable statistics covered in Salus’ 2023 Web3 Security Landscape Report include:
- Access control issues (specifically private key theft) were the most financially damaging vulnerability — resulting in losses worth $666 million
- 70% of all losses ($1.7 billion) are linked to the 10 high-caliber hacking cases that reported losses of $1.2 billion
- Lazarus Group was the most prolific criminal gang in the crypto space — setting companies back over $300 million
- September was the month with the highest losses — surpassing $360 million
Access control issues were responsible for 39.18% of hacking — leading to losses of $666 million.
2023 was not as much about the quantity of attacks, but about hard-hitting cases that accounted for the majority of the losses.
It’s estimated that the North Korean criminal group operating as Lazarus Group earned $300 million through versatile hacks that took place over the last year.
Researchers observed the attacks from month to month, and it was clear that the majority of hacking activity took place in September — the month that led to losses surpassing $360 million. July and November were also lucrative months for cybercriminals.
In December and October, on the other hand, the number of hacks decreased, giving the time for companies to regroup and strengthen their security.
Vulnerabilities That Caused Major Losses in 2023
Major attacks that we read about in 2023 were possible because of these flaws:
- Access control problems
- Flash loan attacks
- Exit scams
- Oracle issues
- Phishing
- Reentrancy
- Other hacking threats
Access control problems had the highest financial losses which surpassed $666 million. They accounted for 39,18% of all attacks. Out of 29 hacking that involved this flaw, the most damaging were Atomic Wallet, Multichain, and Poloniex.
Flash loan attacks, which constituted 16.12% of all attacks, were detected in 37 reported incidents — including Euler Finance, KyberSwap, and Yearn Finance. The victims lost $274 million due to the exploitation of smart contracts within Decentralized Finance (DeFi).
Exit scams were present in 276 recorded hacking incidents — accounting for 12.24% of all recorded hacks. They brought losses of $208 million in funds for investors who participated in projects that promised high returns.
Oracle flaws caused losses of $134 million in 7 instances — making them responsible for 7.88% of attacks. In high-profile cases such as BonqDAO, oracle flaws were misused for the manipulation of token prices.
Phishing scams kickstarted 13 hacking cases (3.98%) in the Web3 industry. Social engineering was often used to gain initial footing, as an attack that preceded more sophisticated tactics — often involving Lazarus Group. Phishing led to losses worth $67.6 million.
Reentrancy counted 15 cases, making up 4.35% of all attacks. It set back companies for at least $74 million. Vyper bug and the Exactly Protocol have been exploited in several reentrancy cases.
The rest of the weaknesses covered 76 incidents — or 16.47% of attacks. These cases led to losses of $280 million. This includes the Mixin network hack that involved hacking of the cloud service provider.
How to Prevent Cyber Attacks in 2024?
The table below shows proposed safety measures that companies can apply to protect themselves against the six most common hacking exploits within the crypto industry.
| Cyber Attack | Cyber Prevention Methods |
| Access control problems | ● Introduce strong authorization mechanisms
● Regularly change permissions ● Have thorough monitoring systems |
| Flash loan attacks | ● Add fees for flash loans
● Set time constraints ● Limit borrowing amounts |
| Exit scams | ● Diversify investments
● Research projects and teams ● Work with firms that have a good track record |
| Oracle flaws | ● Time-Weighted Average Price (TWAP)
● Thoroughly assess token liquidity |
| Phishing | ● Conduct Web3 penetration testing
● Train users and teams ● Promote the use of hardware wallets ● Have multi-factor authentication ● Monitor domains at all times |
| Reentrancy | ● Stick to the Check-Effect-Interaction Model
● Have Comprehensive Reentry Protection |
Top exploits in the crypto space have involved versatile advanced hacking methods as well as scams that don’t require technical hacking knowledge.
To protect yourself, beware of both.
While it’s essential to know the signs of common scams in the crypto space, you also need to have effective tools in place that can catch common vulnerabilities early — before they cause major incidents.
10 High-Profile Attacks Accountable For 70% of Overall Losses
In 2023, cybersecurity experts counted fewer hacking incidents compared to previous years. However, the following 10 attacks have racked up $1.2 million in losses — making up 70% of all losses in 2023.
Three of the worst attacks happened in November.
The majority involved access control exploits (compromised keys).
Mixin Network — Hacked Due to Third-Party Cloud Vulnerability
In September 2023, Mixin Network disclosed that threat actors hacked into their cloud service, i.e. a database of the company. With this access, the cyber criminal could access the platform funds.
The company, marketing itself as decentralized, was criticized for holding all of its assets in one place, within a single hot wallet. Another question that was raised is why were transactions even recorded in the cloud-based database instead of blockchain technology.
Mixin Network breach resulted in losses of $200 million. The main asset that was stolen during this incident was Bitcoin.
Euler Finance — Hacker Exploited DeFi Protocol
In March 2023, Euler Finance suffered a flash loan attack. The cybercriminal exploited smart contracts to cause debt and liquidation. As a result, the value of Euler Finance’s Total Value Locked (TVL) decreased significantly.
In a strange turn of events, the hacker who claimed responsibility for this cyber attack apologized and returned all of the funds that had been stolen from crypto users.
Initially, the damage from the attack was estimated to be $197 million.
Multichain — Exploited Lost Keys and Possible Rug Pull
In July 2023, Multichain experienced unexpected withdrawals and movement of the funds to unknown addresses. Multichain is the rebranded company, formerly known as Anyswap.
The company has been criticized for poor security practices in general.
Both the CEO and later his sister were arrested. The funds as well as all the hardware have been confiscated by the police for the purposes of the investigation.
Financial losses from this hacking surpass $125 million — most of it sourced from the Multichain’s Fantom bridge.
The company is no longer operating.
Poloniex — Lazarus Compromised Private Keys
In November 2023, the crypto exchange known as Poloniex was hacked. The cybercriminal gang linked to North Korea, Lazarus, was responsible for this cyber attack.
The group exploited private keys to reach deep into the hot wallets and drain their funds.
The company said that they recovered from the attacks as well as reimbursed users whose funds had been stolen.
The attack resulted in a loss that is estimated between $114–$126 million.
BonqDAO — Breached Because of Oracle Vulnerability
In February 2023, BonqDAO suffered an attack after exploiting oracle weakness to alter the price and mint Bonq’s stablecoin. Most of the transactions transpired on the Polygon network.
The bad actor exploited the error within the smart contract to manipulate the Tellor price feed and allow themselves to borrow funds after inflating collateral.
The bug enabled them to borrow $100 million which is now lost in this cyber attack. Overall losses after this attack are estimated to be $120 million.
Atomic Wallet — Lazarus Exploits Known Vulnerability
In June 2023, Atomic Wallet’s funds were drained. The attack compromised over 5,500 user accounts, i.e. wallets.
The group responsible for this hack was Lazarus. They exploited a known weakness that hadn’t been patched at the time.
The losses of the attack itself are around $100 million.
However, the overall cost of the cyberattack will surpass that because of the class-action lawsuit that is currently unfolding due to lax security measures of the company. The company also failed to notify the police about the security incident.
HECO Bridge — Stolen Funds Via Account Compromise
In November 2023, HECO Bridge suffered a highly sophisticated attack. The hack started as an operator account compromise.
Losses of $86.6 million were recorded from HECO Chain’s Ethereum bridge. An additional $12.5 million was drained from hot wallets that used to belong to HTX (formerly Huobi).
That is not counting the cost of the additional strengthening of the security measures and changes made to operational practices.
Curve — Hacked Because of Zero-Day Exploit
In August 2023, Curve suffered an attack due to vulnerable code. A threat actor exploited a zero-day compiler bug to conduct the attack, misused smart contracts to alter token prices, and siphoned a lot of money from the platform.
The company has lost $69.3 million in this incident.
The hacker returned part of the stolen funds ($12.7 million), with this message attached:
“I saw some ridiculous views, so I want to clarify that I’m refunding you not because you can find me, it’s because I don’t want to ruin your project, maybe it’s a lot of money for a lot of people, but not for me, I’m smarter than all of you. . .”
AlphaPo — Phished by Lazarus
In July 2023, AlphaPo suffered a hack due to leaked and stolen private keys following a successful scam.
This is another hack behind which is the Lazarus Group. In this case, sophisticated phishing tactics were used for the attack to steal money from hot wallets.
The stolen funds are estimated to be worth $60 million in ETH, TRON, and BTC.
CoinEx — Hacker Got Its Hands on Private Keys
In September 2023, CoinEx shared that several private keys were compromised — which gave the hacker a way to steal the funds from hot wallets.
This is another attack that highlights the issue of access control exploits.
CoinEx was also attributed to the North Korean cyber criminal group Lazarus.
The losses in this attack are estimated at $54.3 million, while the users were fully refunded following the hack and the vulnerabilities have been patched since.
How to Prevent Losses in the Web3 Industry for 2024?
Based on the common vulnerabilities that Salus highlights in their study, the Web3 ecosystem predominantly fights evolved versions of well-known threats.
Problems that prevail are access control troubles, phishing, exit scams, reentrancy, and Oracle vulnerabilities.
Considering that most hacking is financially motivated, it’s safe to say that the Web3 industry will continue to be vulnerable to hacking due to the allure of crypto.
To protect your most valuable assets, keep learning about the top cases, continually update security, and make sure that your security posture is prepared for the most common weaknesses highlighted in this report.
Specifically, this could mean introducing tools that can help your teams monitor, identify, and react to threats early. Adding more phishing awareness training for all employees.
Ensuring that your users are aware of the threats that express their trust and biases.
Doing regular pen testing to make sure that you catch weaknesses in your system before malicious hackers exploit them.
That is, having multidimensional security that hackers have to go through before they reach the most sensitive and valuable corners of your network.
