The Most Notorious Web3 Security Breaches of 2023

The Most Notorious Web3 Security Breaches of 2023

The Most Notorious Web3 Security Breaches of 2023

The Most Notorious Web3 Security Breaches of 2023

The Most Notorious Web3 Security Breaches of 2023

Read Time: 4 minutes

Over the past three quarters in 2023, the web3 losses totalling a  whopping $1.4 billion. These losses were caused by various attacks that took a toll on digital investments.

Rug pulls, smart contract vulnerabilities and private key compromises were the main commonly observed attack vectors from all these hacks. 

In this blog, let’s take a close look at the most famous hacks of the year because of the huge financial losses they caused. But we won’t stop at just pointing fingers – we’ll also dive into the most exploited hack type and figure out how to prevent them from happening in the first place.

  • Euler Finance ($200M)

The Euler Finance hack took place in March 2023. It caught the attention of many in the cryptocurrency and blockchain community due to its scale and impact.

It occurred due to an exploit involving a flash loan, which temporarily deceived the protocol into believing it held varying amounts of eToken and dToken. This manipulation allowed the attacker to siphon off nearly $200 million in assets, resulting in the security breach.

  • BonqDAO ($120M)

On February 2nd, 2023, BonqDAO, a part of the Polygon DeFi protocol, became a victim of a significant security breach due to a flaw in its smart contract code.

The attacker exploited a vulnerability in BonqDAO’s price Oracle smart contract. The vulnerability was within the smart contract responsible for supplying BonqDAO with the price of $ALBT in a way that led to the liquidation of ALBT holdings.

  • Atomic Wallet hack ($100M)

In June 2023, Atomic Wallet, a noncustodial cryptocurrency wallet, experienced a significant security breach, resulting in losses of approximately $100 million.

The Atomic Wallet security breach is believed to have been orchestrated by a Ukrainian hacker group. While the exact method remains uncertain, the breach may have resulted from a combination of vulnerabilities, including potential issues like a virus on user devices, an infrastructure breach, a man-in-the-middle attack, or malware code injection. 

  • Fintoch ($31.6M)

During the Fintoch attack in May 2023, approximately $31.6 million in USDT was stolen from its users on the Binance Smart Chain (BSC).

The Fintoch attack was due to the project’s fraudulent nature, where it operated as a Ponzi scheme promising unrealistic returns. When the rug was pulled and users couldn’t access their funds, the team siphoned off $31.6 million to other blockchains, leaving investors empty-handed.

  • Mixin Kernel ($200M)

On September 25, 2023, the decentralized peer-to-peer network Mixin Network experienced a security breach costing $200 million.

The Mixin Kernel attack in September 2023 was carried out by exploiting a vulnerability in the database of Mixin Network’s cloud service provider. This security flaw allowed hackers to gain unauthorized access and led to the loss of $200 million in cryptocurrency assets.

  • CoinEx ($70M)

The hack was first detected when unusual withdrawals were observed from one of CoinEx’s hot wallets on September 12, 2023, and later, it was found that the total amount stolen exceeded $70 million.

The Mixin Kernel hack was due to a compromised private key for CoinEx’s hot wallets. This vulnerability allowed hackers unauthorized access, enabling them to steal over $70 million in cryptocurrency.

  • Alphapo ($23M)

In July 2023, the Alphapo platform, a crypto payment processor primarily serving various gambling services, fell victim to a significant security breach, which resulted in approx—$ 23 million loss.

The Alphapo hack unfolded due to a breach in the platform’s security. Specifically, the attacker gained access to the private keys of the platform’s hot wallets. With these compromised keys, the attacker executed transactions, siphoning funds from the platform’s wallets into their own accounts.

  • Stake ($41M)

The hack took place on September 4, 2023, of which approx. $41 million worth of crypto assets were stolen.

The Stake casino hack in 2023 was primarily the result of a phishing attack that allowed a group of hackers to gain unauthorized access to Stake’s hot wallets. 

  • Coinspaid ($37.3M)

On July 22, 2023, CoinsPaid, the world’s largest crypto payments provider, experienced a massive security breach resulting in the theft of $37.3 million.

The attackers spent six months conducting persistent attacks, exploiting social engineering techniques, and gaining deep knowledge of CoinsPaid’s infrastructure. This allowed them to successfully infiltrate the company’s systems and perform the attack.

Battling Web3’s Sneaky Attacks

  • Rug Pulls

First up, we’ve got “Rug Pulls.” In the first half of 2023, they managed to swipe over $80 million. To avoid falling into the trap of rug pulls, you’ve got to be a smart investor. That means doing your homework and checking projects inside out. 

But here’s some good news – we’ve got tools like ‘ QuillCheck’ that can act like your weapon. With QuillCheck, you can conduct your own research and make sure your investments are as safe as they can be.

  • Smart Contract Vulnerabilities

These are the most common pop-ups at all times, as blockchain involves smart contracts for the most part. In the first half of 2023, there were 60 incidents of smart contract vulnerabilities, and they cost $265 million. 

To keep your smart contracts safe, they should undergo frequent and thorough audits. 

  • Private Key Compromise

In the third quarter of the year, “Private Key Compromise” made up 23% of all the losses. To stay safe from them, always add an extra layer of security with multi-factor authentication.

In DeFi, you’ve to be extra cautious with your private keys. Do your own safety checks, like security audits and due diligence.

Final Thoughts

Ready to make the move? Visit QuillMonitor for an in-depth analysis of Web3 breaches and receive instant alerts to stay ahead of the crypto game.

Want to ensure the safety and security of your crypto assets? Look no further than QuillAudits.

We provide a full suite of web3 security services, from smart contract audits to real-time hack monitoring, all in one place.

Don’t wait; secure your investments today!


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+