The 5 biggest DeFi hacks of 2023

More than $1.3 billion has been lost to crypto hacks this year

article-image

Artwork by Crystal Le

share

Ledger was recently exploited for an estimated $610,000 —  a reminder that security and privacy remain important priorities for the crypto ecosystem.

According to DeFiLlama, hackers have cost crypto startups and projects more than $1.3 billion in losses this year. Since June 2016, on-chain losses have amounted to an estimated $7.54 billion, with $5.69 billion hacked in DeFi protocols. 

Brian Pak, co-founder of Chainlight, told Blockworks that these exploits should be a fundamental reminder that security is still overlooked in much of the DeFi Ecosystem.

Read more: ‘Wallet drainer’ code added to Ledger library has crypto on edge

“As we enter into another bull market and liquidity starts to pour into the DeFi ecosystem, we can expect to see hacks like this happen more often,” Pak said. “It is of paramount importance that protocols take preemptive measures and are properly audited. Furthermore, builders must place more focus on security if the DeFi ecosystem is to flourish.”

With 2024 just around the corner, let’s look at the five largest exploits that occurred this year.

1. Mixin Network — $200 million

Hong Kong-based decentralized peer-to-peer network Mixin Network was exploited for an estimated $200 million in September this year, making it one of the biggest hacks of the year.

Mixin has since released a new system with enhanced security features. It has also offered the hacker a bounty of $20 million in return for the stolen assets. 

“Most of our platform assets were users, and we hope you can refund them,” the Mixin team wrote. The company added in a post on X that the hacker could reach the team anonymously or through appropriate channels in order to return the compromised assets.

2. Euler Finance — $197 million

DeFi lending protocol Euler Finance was the victim of a flash loan attack that saw $197 million stolen after an attacker tricked the smart contracts into believing there were fewer collateral tokens than debt tokens. 

Following the exploit, the Euler team offered a $1 million reward bounty to ensure the attacker was arrested. 

After a series of back-and-forth communications, the Euler attacker — who went by “Jacob” — returned all stolen funds to the Euler team. 

3. Poloniex — $126 million

The Justin Sun-owned exchange Poloniex saw an estimated $126 million drained after hackers gained access to its hot wallets in mid-November.

Immediately after the hack, Sun wrote in a post on X that “Poloniex maintains a healthy financial position and will fully reimburse the affected funds,” and that the exchange was offering a 5% white hat bounty to the hacker in exchange for the stolen cryptocurrencies.

The hacker was given seven days to consider the offer before Sun would turn to law enforcement. 

A month after the attacks, Poloniex has since resumed withdrawal and deposit services for select tokens on the TRON network, including USDT, USDD, BTT, WIN, NFT, SUN, JST, USDJ and USDC. 

4. Multichain — $126 million

Cross-chain bridge Multichain saw a total of $126 million being moved from its bridges to an unidentified address after its private keys were compromised.

Stolen funds had been transferred to different addresses and were not withdrawn or put through cryptocurrency mixers. 

Soon after the attack, it was revealed that the company’s founder and CEO had been missing for a month, and it was suspected that Chinese authorities had arrested him

Multichain services have stopped indefinitely, and the team has urged users not to use any multichain bridges. 

5. Atomic Wallet — $100 million

North Korean hackers stole an estimated $100 million from Atomic Wallet after an estimated 5,000 crypto wallets were compromised, with one particular wallet losing over $1 million in funds
After failing to address the incident and downplaying its urgency, a group of investors have since sued the wallet provider.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Unlocked by Template.png

Research

With the spot ETH ETF approval, the institutions are coming. stETH - given its dominance in marketshare, existing liquid market structures, and highly desirable properties - is poised for institutions.

article-image

Launching cryptocurrencies the old fashioned way may soon make a return

article-image

Kraken and CertiK brought their beef to social media after Kraken said researchers exploited $3 million through a bug

article-image

NVIDIA’s historic run is only deepening the divide between mega-cap tech stocks and the rest of the market.

article-image

EIP-7702 was quickly adopted for the next Ethereum upgrade, but developers haven’t quite locked it down