The 5 biggest DeFi hacks of 2023

More than $1.3 billion has been lost to crypto hacks this year

article-image

Artwork by Crystal Le

share

Ledger was recently exploited for an estimated $610,000 —  a reminder that security and privacy remain important priorities for the crypto ecosystem.

According to DeFiLlama, hackers have cost crypto startups and projects more than $1.3 billion in losses this year. Since June 2016, on-chain losses have amounted to an estimated $7.54 billion, with $5.69 billion hacked in DeFi protocols. 

Brian Pak, co-founder of Chainlight, told Blockworks that these exploits should be a fundamental reminder that security is still overlooked in much of the DeFi Ecosystem.

Read more: ‘Wallet drainer’ code added to Ledger library has crypto on edge

“As we enter into another bull market and liquidity starts to pour into the DeFi ecosystem, we can expect to see hacks like this happen more often,” Pak said. “It is of paramount importance that protocols take preemptive measures and are properly audited. Furthermore, builders must place more focus on security if the DeFi ecosystem is to flourish.”

With 2024 just around the corner, let’s look at the five largest exploits that occurred this year.

1. Mixin Network — $200 million

Hong Kong-based decentralized peer-to-peer network Mixin Network was exploited for an estimated $200 million in September this year, making it one of the biggest hacks of the year.

Mixin has since released a new system with enhanced security features. It has also offered the hacker a bounty of $20 million in return for the stolen assets. 

“Most of our platform assets were users, and we hope you can refund them,” the Mixin team wrote. The company added in a post on X that the hacker could reach the team anonymously or through appropriate channels in order to return the compromised assets.

2. Euler Finance — $197 million

DeFi lending protocol Euler Finance was the victim of a flash loan attack that saw $197 million stolen after an attacker tricked the smart contracts into believing there were fewer collateral tokens than debt tokens. 

Following the exploit, the Euler team offered a $1 million reward bounty to ensure the attacker was arrested. 

After a series of back-and-forth communications, the Euler attacker — who went by “Jacob” — returned all stolen funds to the Euler team. 

3. Poloniex — $126 million

The Justin Sun-owned exchange Poloniex saw an estimated $126 million drained after hackers gained access to its hot wallets in mid-November.

Immediately after the hack, Sun wrote in a post on X that “Poloniex maintains a healthy financial position and will fully reimburse the affected funds,” and that the exchange was offering a 5% white hat bounty to the hacker in exchange for the stolen cryptocurrencies.

The hacker was given seven days to consider the offer before Sun would turn to law enforcement. 

A month after the attacks, Poloniex has since resumed withdrawal and deposit services for select tokens on the TRON network, including USDT, USDD, BTT, WIN, NFT, SUN, JST, USDJ and USDC. 

4. Multichain — $126 million

Cross-chain bridge Multichain saw a total of $126 million being moved from its bridges to an unidentified address after its private keys were compromised.

Stolen funds had been transferred to different addresses and were not withdrawn or put through cryptocurrency mixers. 

Soon after the attack, it was revealed that the company’s founder and CEO had been missing for a month, and it was suspected that Chinese authorities had arrested him

Multichain services have stopped indefinitely, and the team has urged users not to use any multichain bridges. 

5. Atomic Wallet — $100 million

North Korean hackers stole an estimated $100 million from Atomic Wallet after an estimated 5,000 crypto wallets were compromised, with one particular wallet losing over $1 million in funds
After failing to address the incident and downplaying its urgency, a group of investors have since sued the wallet provider.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Top Icon.png

Research

Osmosis thrived in H2 2023 on the back of increased DeFi activity deriving from recently launched Cosmos-related projects and better market conditions. With new value accrual mechanisms for the native token, Osmosis is well-positioned to continue its strong performance in 2024.

/

article-image

Though the opposing flow trend is likely to slow over time, industry watchers note, bitcoin fund assets could one day eclipse the $90 billion gold ETF space

article-image

Celestia had the first mover advantage. EigenDA has staked ether. What sets Avail apart?

article-image

Bitcoin moved 1% higher Monday morning in New York, Matrixport analysts say $62,000 could happen next month

article-image

It’s hard to believe right now that crypto — even with all of its flexibility and massive capabilities — could ever be like cash on the internet

article-image

Michael Saylor announced Monday morning that MicroStrategy bought 3k more bitcoin after the X account was compromised over the weekend

article-image

Plus, Pudgy Penguins grows its brand and a group of Autoglyphs sell for $14.5 million