Top 5 hacker attacks on cryptocurrency projects in 2023 published

In mid-December, users of the Ledger Connect Kit suffered from a hacker attack that stole coins worth a little over $ 600,000.

Unfortunately, this is only a small part of the losses at the hands of attackers for the entire year of 2023, as the total amount reaches $ 1.3 billion. Moreover, since 2016, the volume of losses has amounted to about $ 7.54 billion, with $ 5.69 billion of them attributed to hacks of DeFi protocols. Negative events also need to be recorded in statistics, so let’s summarize them in the form of a rating of the five largest hacker attacks of 2023.

It is important to note that the victims of the hack in the case of Ledger Connect Kit were not the devices of the French manufacturer, but rather the connector needed to connect crypto wallets to decentralized applications. The hacker penetrated its library and introduced a so-called drainer used to steal coins.

The key task of the latter is to force the owner of the cryptocurrency wallet to sign the transaction, which will lead to the subsequent withdrawal of all assets at the address.

The hacker managed to realize his plan by using the so-called blind signature on hardware wallets, when the owner does not see the details of the approved transaction. In general, Ledger devices show the details of transfers before they are made, which is known as a «transparent signature.» However, not all third-party wallets and decentralized applications support it, which sometimes forces users to approve transactions blindly.

In the end, the company’s representatives found a way to resolve the situation. First, they will compensate users for losses in the equivalent of $ 610 thousand by February 2024.

Second, by June 2024, Ledger hardware wallets will no longer support blind signatures. This means that device owners will be able to see the details of transfers, the amount sent, the recipients, and the type of transaction itself.

Accordingly, if a device offers to sign a suspicious transaction due to hacker activity, people will see it.

Ledger employees promise to interact with representatives of popular blockchain platforms to launch a transparent signature as soon as possible.

This means that, ideally, the security of hardware wallet owners will be much higher in the next six months. And this is without compromising convenience.

Thefifth place in the ranking is occupied by the Atomic Wallet hack, which resulted in losses of approximately $ 100 million.

It is noteworthy that the attack was carried out by North Korean hackers associated with the well-known Lazarus Group. North Korea has been supporting the hacking of crypto projects at the national level for several years in a row, and this area brings the government considerable amounts of money.

According to Blockworks sources, the fourth place in the ranking was taken by the hack of the Multichain cross-chain bridge. The attackers managed to misappropriate $ 126 million in cryptocurrency, and the funds have not yet been withdrawn or even passed through cryptomixers. Accordingly, in this case, the hackers are clearly ready to wait for a better time to continue their activities. Shortly after the attack, it became known that the founder and CEO of the Zhaojun project went missing and could not be found for about a month. It is believed that he was arrested by the Chinese authorities.

At the same time, the Multichain platform was suspended indefinitely, and the project team urged users not to use their blockchain bridges for swaps between different networks due to the risks involved.

Third place. A similar amount of $ 126 million was lost during the hacking of the Poloniex crypto exchange. In November, a hacker managed to gain access to the trading platform’s hot wallets.

As a result, its owner Justin Sun assured his Twitter followers that the damage to the company was minimal, and Poloniex would compensate all victims.

The attacker was offered an amount of 5 percent of the stolen funds for their return within one week. A month after the incident, Poloniex’s management resumed withdrawals of some tokens on the Tron network, including USDT, USDD, BTT, WIN, NFT, SUN, JST, USDJ, and USDC.

The DeFi incident at Euler Finance took second place with losses of $ 197 million. After the attack, the Euler team offered a $ 1 million reward for the hacker’s arrest. However, this story had a happy ending — the hacker returned all the stolen funds to the team.

Finally, the most damaging hack of the industry in 2023 was the attack on the Mixin Network, when hackers managed to steal about $ 200 million in various cryptocurrencies.

Since then, the Mixin team has released a new system with improved security features. Its employees also offered a $ 20 million reward to the hacker in exchange for the stolen assets.

Every year, the cybersecurity industry improves in the fight against hackers. They also actively cooperate with other projects and law enforcement agencies to quickly find intruders. In this regard, it is possible that next year the losses of the crypto industry from hackers will be lower.

However, it is important to understand that the influx of newcomers to the coin industry amid the growth of digital assets will create conditions for hackers to «make money» on simpler schemes such as announcements of free tokens and NFTs. Obviously, it will not be possible to insure new blockchain users against such losses.

Hackers will continue to be active in the cryptocurrency industry, especially as the new bull run begins. Therefore, fans of digital assets should take care of the security of the latter. First of all, it is advisable to purchase a hardware wallet and use it exclusively for storing coins, not for interacting with decentralized applications.