Web3 hacks and scams cost the cryptocurrency sector $1.83 billion in 2023 despite plunging by half from 2022.
Since cryptocurrency started going mainstream, lots of hackers have come into the space aiming to steal from unsuspecting investors. However, it seems like more security measures put in place have helped repel these cyberattacks.
Crypto hack losses dropped by more than 50% in 2023. Nonetheless, the sector still recorded over $1.8 billion in losses from various exploits, and dYdX has allegedly identified the attacker behind a $9 million exploit and is considering taking legal action against the perpetrator.
Crypto Hack Losses Drop 51% In 2023
More than $1.8 billion in digital assets were lost across 751 security incidents in 2023. While that amount is still considerably high, it is 51% lower than what was lost in 2022. In that year, the losses to hacks and other incidents hit $3.7 billion.
This data was published by blockchain security firm CertiK in an annual report titled “Hack3d: The Web3 Security Report 2023.” On January 3, this security company compiled a document that highlighted the state of Web3 security over the past year.
Within that report, the firm noted that the third quarter of the past year recorded the most losses at more than $686 million. Moreover, private key vulnerabilities and compromises continued to be the most expensive attack vectors. In 2023, more than $880 million were lost to 47 incidents where private keys were stolen.
When you look at the blockchains, the Ethereum network recorded the most losses. Based on CertiK’s report, Ethereum accounted for $686 million in losses after being hit in 224 incidents, with an average of $3 million per incident. On the flip side, BNB Chain recorded 387 security breaches, but the total losses were just $134 million, considerably lower than Ethereum’s lost amount.
Furthermore, cross-chain interoperability remains a vulnerable area for crypto. The security report highlighted that losses were nearly $800 million in security attacks that affected many blockchains.
Ronghui Gu, the co-founder of CertiK, said that all things considered, 2023 was a “positive development” in blockchain security. He explained:
“The growth of bug bounty platforms and other proactive security measures is a good sign. Hopefully, we will see a continued decline in losses throughout 2024.”
Gu also stated that the 51% drop in losses might be attributed to the general bear market that saw dropping token and treasury valuations. Nonetheless, Gu thinks that if losses remain low during the bull run, it would mean that the Web3 sector is “learning its security lessons.”
Related:How Crypto Scams And Investment Fraud Networks Operate
DYDX Identifies Attacker, Considers Lawsuit Over $9 Million Loss
Decentralized exchange dYdX said that it discovered the identity of the attacker responsible for the platform’s v3 platform attack on Nov. 17, 2023. That incident resulted in a loss of $9 million from its insurance fund.
In a post-analysis of the “targeted attack” on the exchange, dYdX acknowledged that it is now considering legal action against the person responsible. To avoid cases of any future coordinated attacks with similar tactics, dYdX stated that it had enhanced its v3 trading platform to boost open-interest monitoring and alerts.
The exchange also stated that the strengthened v4 chain is particularly designed to reduce the impact of such risks. It includes a new feature that automatically reinstates the original margin fraction in response to bizarre price changes.
1/ After looking into the YFI incident on dYdX v3, we’ve successfully tracked down the individual responsible & made a report to law enforcement.
This is our in-depth analysis & next steps 🧵https://t.co/JGxebpERYl
— dYdX (@dYdX) January 3, 2024
In reviewing the attack method, dYdX observed that the attacker initiated most 5x leveraged long positions by using the YFI/USD trading pair across more than 100 wallets. Using different addresses, the attacker acquired spot Yearn.finance (YFI) tokens, resulting in a 215% increase in its price.
YFI is the native token of the Yearn.finance decentralized finance protocol.
Based on the exchange, the attacker multiplied their unrealized profits by entering extra YFI/USD positions, reaching a maximum of nearly $50 million. On November 17, dYdX raised the initial margin requirement and then lowered the base and incremental position sizes within the YFI/USD market to restrict the hacker’s activities.
The next day, the price of YFI lost nearly 30% within one hour, and the attacker could not close their positions. The insurance fund automatically covered the losses when the attacker’s holdings turned negative, as highlighted by dYdX.
This platform also noted that a week before the YFI incident, the assailant employed a similar approach with SUSHI/USD, generating approximately $5 million in gains. Fortunately, the v3 insurance fund remained unaffected, as dYdX had raised the initial margin requirement to 100%, thwarting any additional gains by the attacker.
Interestingly, the company eventually clarified that these attacks did not impact customer funds and showed that the attacker never benefited from manipulating its YFI market.
North Korean Hackers Steal $600M In Crypto In 2023
TRM Labs reported that North Korean hackers possibly stole nearly $700 million in crypto in 2023, with about $600 million confirmed based on its research.
Blockchain intelligence company TRM Labs said that groups linked to the Democratic People’s Republic of Korea (DPRK) were responsible for almost 33% of all crypto stolen through different kinds of hacks in 2023.
Based on a January 5 report, TRM Labs stated that North Korean hackers possibly stole $700 million in crypto last year, with at least $600 already confirmed in its research. DPRK hackers have stolen about $3 billion worth of crypto since 2017, indicating that the nation’s attacks involving digital assets increased significantly in the past year.
The blockchain company reported that the DPRK’s strategies for money laundering were continuously changing to evade international law enforcement pressure. Research indicated that the hackers in many cases compromised users’ private keys or seed phrases, transferred funds to DPRK-controlled wallets, and then swapped these assets for Tether or TRON (TRX).
TRM Labs stated:
“North Korea’s hacking prowess demands continuous vigilance and innovation from businesses and governments. Despite notable advancements in cybersecurity among exchanges and increased international collaboration in tracking and recovering stolen funds, 2024 is likely to see further disruption from the world’s most prolific cyber-thief.”
Officials working with the United States Treasury Department imposed sanctions on people and hacking groups they supposedly were linked to North Korea, including Lazarus. After the department’s sanctions against crypto mixers Sinbad and Tornado Cash, TRM Labs reported that the DPRK continued exploring other laundering tools.
North Korean hackers stole USD 600 million in crypto in 2023, TRM Labs research shows. Read the story now: https://t.co/dyNmTcVzcP
— TRM Labs (@trmlabs) January 5, 2024
US officials have mostly cited digital assets in their many reasons for imposing sanctions on specific entities, including the terrorist group Hamas after its October 7, 2023 attack on Israel. Crypto mixers have also been a specific target for legislators, who allege that the technology is mainly utilized in illegal activities.
Cross-Chain Orbit Bridge Allegedly Suffered $82 Million Exploit
Hackers have allegedly exploited Orbit Bridge, the bridging service of the cross-chain protocol Orbit Chain, for a staggering $82 million.
In a December 31 post on the X platform, pseudonymous Twitter user Kgjr highlighted the possible exploit, pointing to a series of major outflows from the Orbit Chain Bridge protocol. On-chain sleuth Officer CIA and blockchain security company Cyvers have posted similar information on this matter.
Looks like orbit bridge is getting drained right now, different fresh wallets for wbtc usdt usdc and dai, test tx's showup on orbit bridge scanner but bigger ones doesnt. Wallets bellow pic.twitter.com/zlUbT0HrO2
— Kgjr (clueless333) (@KGJRTG) December 31, 2023
Based on data from blockchain analytics company Arkham Intelligence, the hackers seem to have made off with $81.68 million in illegally acquired funds.
In five different transactions, $30 million in Tether (USDT), $10 million in USD Coin (USDC), $21.7 million in Ether (ETH), $9.8 million in Wrapped Bitcoin (WBTC), and $10 million in Dai (DAI), were all sent to new wallets.
The Orbit Chain protocol is believed to have major connections with the Klaytn network, a modular layer-1 blockchain. Based on data from Klaytn’s block explorer, eight of the biggest assets on the Klaytn network by total market capitalization are wrapped assets on the Orbit Bridge.
Interestingly, the nature of the exploit is not yet clear.
Launched in South Korea in 2018, Orbit Chain is a multi-asset blockchain that primarily focuses on cross-chain transfers between various decentralized networks. It is normally utilized to transfer assets between Klaytn and Ethereum Virtual Machine-compatible networks.
Orbit Chain is a unique entity from a cross-chain bridging protocol known as Orbiter Finance, which shares a similar sounding name.