The year 2023 has been a challenging one for the crypto industry, particularly when it comes to security. By September 30, hackers had already stolen a staggering $900 million through various attacks. While this figure pales in comparison to the $2.7 billion lost in similar attacks the previous year, what stands out is the higher number of hacks that have taken place. The decreasing value of digital assets and reduced Total Value Locked (TVL) in decentralized finance (DeFi) protocols have contributed to a lower average haul for hackers. As less money is locked into these protocols, there is simply less for them to steal.
One positive aspect amidst this challenging situation is that attackers are primarily targeting projects rather than individuals. After the turmoil caused by incidents like the FTX collapse and other scandals that rocked the crypto space last year, users seem to have become more serious about wallet security. The transparent nature of public blockchains enables forensic analysis of hacks, phishing attacks, and exploits. However, while these blockchains provide a permanent record of activities, they often fail to identify the attackers involved, leaving investigators with clues but no definitive proof.
Onchain analytics service Cielo has compiled a public list of wallets associated with some of the largest hacks in 2023. This includes the hackers behind Mixin ($200 million), HTX ($8 million), and CoinEx ($55 million). September alone witnessed a total of $308 million stolen through hacking activities. DefiLlama, a platform tracking major crypto hacks, records various entry methods used by hackers, including database attacks, frontend attacks, and compromised private keys.
The cryptocurrency space attracts a diverse range of actors involved in malicious activities. While major hacks often garner attention due to their association with sophisticated groups, it would be a mistake to attribute the majority of crypto-related crimes to a few select actors. Even though well-funded state-sponsored groups and organized crime outfits are drawn to the potential profitability of cryptocurrency theft, there are numerous independent actors conducting hacking activities.
While poorly secured protocols, liquidity pools, and smart contracts are the primary targets for hackers, individual users are also vulnerable. Onchain visibility of high-value wallets makes it easy for hackers to identify potential targets. Once a wallet can be associated with its owner, the opportunity for social engineering attacks arises. Recent incidents involving high-profile figures like Vitalik Buterin and Mark Cuban highlight the susceptibility of even experienced users to hacking attempts. Buterin’s Twitter account was hijacked through a SIM swap, resulting in $700,000 being stolen from his followers who fell victim to phishing links. Similarly, Mark Cuban’s wallet was drained after he clicked on a malicious link.
Despite the ongoing challenges of crypto hacks, there is some positive news for crypto holders. Improved tools and technologies are making web3 wallets more robust and secure. The frequency of hacks serves as a constant reminder to users of the importance of impeccable operational security (opsec). As market conditions are expected to improve in the first quarter of 2024, those who have managed to retain their crypto holdings will feel better equipped to navigate any challenges that may come their way.
The year 2023 has seen a surge in crypto hacks, resulting in substantial losses for individuals and projects. While the involvement of well-funded groups and organized crime outfits cannot be discounted, it is crucial to remember that the crypto space is attracting a wide range of actors involved in malicious activities. Web3 wallets are improving in terms of security, offering hope for a safer future in the crypto industry. However, users must remain vigilant and prioritize opsec as they continue to navigate the ever-evolving landscape of cryptocurrency.
Leave a Reply