Over the past three quarters in 2023, the web3 losses totalling a whopping $1.4 billion. These losses were caused by various attacks that took a toll on digital investments.
Rug pulls, smart contract vulnerabilities and private key compromises were the main commonly observed attack vectors from all these hacks.
In this blog, let’s take a close look at the most famous hacks of the year because of the huge financial losses they caused. But we won’t stop at just pointing fingers – we’ll also dive into the most exploited hack type and figure out how to prevent them from happening in the first place.
List of All The Popular Hacks In 2023
- Euler Finance ($200M)
The Euler Finance hack took place in March 2023. It caught the attention of many in the cryptocurrency and blockchain community due to its scale and impact.
It occurred due to an exploit involving a flash loan, which temporarily deceived the protocol into believing it held varying amounts of eToken and dToken. This manipulation allowed the attacker to siphon off nearly $200 million in assets, resulting in the security breach.
- BonqDAO ($120M)
On February 2nd, 2023, BonqDAO, a part of the Polygon DeFi protocol, became a victim of a significant security breach due to a flaw in its smart contract code.
The attacker exploited a vulnerability in BonqDAO’s price Oracle smart contract. The vulnerability was within the smart contract responsible for supplying BonqDAO with the price of $ALBT in a way that led to the liquidation of ALBT holdings.
- Atomic Wallet hack ($100M)
In June 2023, Atomic Wallet, a noncustodial cryptocurrency wallet, experienced a significant security breach, resulting in losses of approximately $100 million.
The Atomic Wallet security breach is believed to have been orchestrated by a Ukrainian hacker group. While the exact method remains uncertain, the breach may have resulted from a combination of vulnerabilities, including potential issues like a virus on user devices, an infrastructure breach, a man-in-the-middle attack, or malware code injection.
- Fintoch ($31.6M)
During the Fintoch attack in May 2023, approximately $31.6 million in USDT was stolen from its users on the Binance Smart Chain (BSC).
The Fintoch attack was due to the project’s fraudulent nature, where it operated as a Ponzi scheme promising unrealistic returns. When the rug was pulled and users couldn’t access their funds, the team siphoned off $31.6 million to other blockchains, leaving investors empty-handed.
- Mixin Kernel ($200M)
On September 25, 2023, the decentralized peer-to-peer network Mixin Network experienced a security breach costing $200 million.
The Mixin Kernel attack in September 2023 was carried out by exploiting a vulnerability in the database of Mixin Network’s cloud service provider. This security flaw allowed hackers to gain unauthorized access and led to the loss of $200 million in cryptocurrency assets.
- CoinEx ($70M)
The hack was first detected when unusual withdrawals were observed from one of CoinEx’s hot wallets on September 12, 2023, and later, it was found that the total amount stolen exceeded $70 million.
The Mixin Kernel hack was due to a compromised private key for CoinEx’s hot wallets. This vulnerability allowed hackers unauthorized access, enabling them to steal over $70 million in cryptocurrency.
- Alphapo ($23M)
In July 2023, the Alphapo platform, a crypto payment processor primarily serving various gambling services, fell victim to a significant security breach, which resulted in approx—$ 23 million loss.
The Alphapo hack unfolded due to a breach in the platform’s security. Specifically, the attacker gained access to the private keys of the platform’s hot wallets. With these compromised keys, the attacker executed transactions, siphoning funds from the platform’s wallets into their own accounts.
- Stake ($41M)
The hack took place on September 4, 2023, of which approx. $41 million worth of crypto assets were stolen.
The Stake casino hack in 2023 was primarily the result of a phishing attack that allowed a group of hackers to gain unauthorized access to Stake’s hot wallets.
- Coinspaid ($37.3M)
On July 22, 2023, CoinsPaid, the world’s largest crypto payments provider, experienced a massive security breach resulting in the theft of $37.3 million.
The attackers spent six months conducting persistent attacks, exploiting social engineering techniques, and gaining deep knowledge of CoinsPaid’s infrastructure. This allowed them to successfully infiltrate the company’s systems and perform the attack.
Battling Web3’s Sneaky Attacks
- Rug Pulls
First up, we’ve got “Rug Pulls.” In the first half of 2023, they managed to swipe over $80 million. To avoid falling into the trap of rug pulls, you’ve got to be a smart investor. That means doing your homework and checking projects inside out.
But here’s some good news – we’ve got tools like ‘ QuillCheck’ that can act like your weapon. With QuillCheck, you can conduct your own research and make sure your investments are as safe as they can be.
- Smart Contract Vulnerabilities
These are the most common pop-ups at all times, as blockchain involves smart contracts for the most part. In the first half of 2023, there were 60 incidents of smart contract vulnerabilities, and they cost $265 million.
To keep your smart contracts safe, they should undergo frequent and thorough audits.
- Private Key Compromise
In the third quarter of the year, “Private Key Compromise” made up 23% of all the losses. To stay safe from them, always add an extra layer of security with multi-factor authentication.
In DeFi, you’ve to be extra cautious with your private keys. Do your own safety checks, like security audits and due diligence.
Ready to make the move? Visit QuillMonitor for an in-depth analysis of Web3 breaches and receive instant alerts to stay ahead of the crypto game.
Want to ensure the safety and security of your crypto assets? Look no further than QuillAudits.
We provide a full suite of web3 security services, from smart contract audits to real-time hack monitoring, all in one place.
Don’t wait; secure your investments today!