The 10 biggest crypto hacks and scams of 2023

Since the birth of the cryptocurrency industry, cybercriminals have found ways to defraud investors and companies with their decentralized assets. Throughout 2023, cryptocurrency hacks and scams have continued to occur, with hundreds of millions of cryptocurrency stolen. There are several notable scams that have made news headlines, leaving huge losses for both users and platforms.

Let's discuss the biggest crypto hacks of 2023.

1. Euler Finance hack

In March 2023, the Euler Finance hack shocked the cryptocurrency industry when hackers stole nearly $200 million in cryptocurrency from the lending platform.

Euler Finance became aware of the hack when PeckShield mentioned the platform in a post on X (formerly Twitter). In the post, PeckShield simply told Euler that it might want to look into a series of quick and suspicious transactions. These transactions turned out to be the result of a massive hack in which $197 million in cryptocurrency was stolen.

Strangely, however, the individual(s) responsible for this hack returned the stolen funds just weeks after it happened. Even more interesting, the responsible party appears to have added an apology note to one of the refund transactions, as you can see on Etherscan.

2. Mixin violation

In September 2023, cryptocurrency platform Mixin suffered a similar fate to Euler Finance when $200 million in cryptocurrency was stolen by hackers. This attack was carried out through a data breach of cloud service provider Mixin. Mixin announced the hack in an X post, in which one user commented that they had lost $100,000.

 

At the time of writing, Mixin has not yet been able to track down the attacker or recover the stolen funds. However, the platform has committed to compensating each user for half of the lost assets.

3. CoinsPaid Phishing scam

Phishing is a very common Social Engineering tactic used by cybercriminals and has caused a lot of damage in the cryptocurrency industry. In August 2023, cryptocurrency payment processor CoinsPaid suffered a $37 million hack when malicious actors targeted an employee with a fake job offer.

During the attack, this employee accidentally installed malware while thinking he was taking a test during an interview. This malware was then used to hack CoinsPaid's internal infrastructure, giving attackers access to millions of cryptocurrency funds. Although hacking group Lazarus is suspected of being responsible for the hack, nothing has been confirmed and CoinsPaid has not yet attempted to recover the stolen funds at the time of writing.

4. Atomic Wallet hack

Popular software cryptocurrency wallet provider Atomic Wallet suffered a $100 million hack in June 2023, in which more than 5,000 user accounts were attacked. As a result, some users had their money stolen, others lost their wallets completely. At the time of writing, Atomic Wallet has not yet explained how the hack took place.

In August 2023, Atomic Wallet came under fire and faced a class action lawsuit from many affected investors over the stolen funds. Time will tell whether Atomic Wallet will face legal consequences as a result of the hack and whether affected users will receive compensation.

5. Curve Finance hack

In late July 2023, Curve Finance suffered a cyberattack that resulted in the theft of over $60 million in cryptocurrency. In this case, Curve Finance's liquidity team was targeted. The stablecoin pools hosted by Curve Finance have vulnerabilities in their code that hackers can exploit to access stolen funds.

In August 2023, a portion of the stolen funds were returned by hackers after Curve Finance offered a reward to the person who could identify the culprit. White-hat hackers also played a key role in recovering some funds, with a total of 73% of stolen funds being returned.

Curve also pledged to compensate users affected by the hack.

6. TrustWallet scam

Another popular software wallet provider, TrustWallet, made headlines in crypto news in September 2023, when bad actors targeted its users via phishing emails.

In this malicious campaign, thousands of emails were sent to users, in which cybercriminals impersonated TrustWallet employees, informing recipients that their TrustWallet accounts would soon be suspended if the wallet was not verified. verification, but actually leads the victim to a link to a verification page designed to steal data. Users are asked to provide their recovery phrase, an important piece of information that can be used to access cryptocurrency wallets.

After the targeted user entered their seed phrase, the hackers gained access to their TrustWallet account funds, resulting in the theft of over $40 million in cryptocurrency.

7. MultiChain hack

In July 2023, cryptocurrency news platforms began reporting on a hack that occurred on MultiChain, a cross-chain protocol used to connect blockchains. Suspicions began to spread when a total of 125 million USD was taken from MultiChain through multiple transactions.

It is believed that the hack was perpetrated by insiders, with the platform's CEO, Zhaojun, being arrested by Chinese authorities not long after the withdrawal took place. The CEO's devices, including phones, computers and hardware wallets, were also confiscated during the arrest. Furthermore, when director Zhaojun was arrested, his sister was also detained by the police on suspicion of being involved in the incident.

Since the hack, MultiChain has closed its operations. The company posted on X about the decision and listed the chain of events that led to the closure.

8. LastPass data breach

LastPass is no stranger to violations. People use LastPass to store all kinds of sensitive information, including cryptocurrency exchange credentials and private keys or seed phrases for cryptocurrency wallets. The amount of valuable information stored using LastPass has made it a frequent target for cybercriminals.

In October 2023, $4.4 million in cryptocurrency was stolen due to the LastPass breach that took place the previous year. Multiple seed phrases and passwords were used to steal funds, all of which were stored by LastPass. More than 25 users were affected by the theft after their data was stolen in the 2022 breach, for a huge amount of money.

9. Stake hack

The controversial yet very popular cryptocurrency platform, Stake, was hacked in September 2023, in which a total of $41 million was stolen. In this hack, users' cryptocurrency hot wallets were targeted, with various assets, such as Ethereum and Dai, stolen. All funds were sent to a single wallet address, possibly owned by the hacker(s) responsible for the attack. From there, the funds are sent to many other wallets, spreading their locations making them harder to track.

There is suspicion that North Korean hackers had something to do with this theft. But then the FBI revealed that the Lazarus hacker group had been identified as the party responsible for the incident. The amount has yet to be identified or recovered, like many other cryptocurrency hacks.

10. CoinEx hack

$70 million in cryptocurrency was stolen from cryptocurrency exchange CoinEx in September 2023, after multiple private keys for users' hot wallets were accessed by hackers.

$54 million in cryptocurrency was stolen through mining, with a whopping transfer amounting to nearly 5,000 Ethereum. Along with that, 231 Bitcoin, 2,220 Bitcoin Cash, 135,600 Solana and a series of other assets were stolen. Although no CoinEx cold wallets were affected, the attackers still managed to steal a huge amount of funds, which have not been recovered as of press time.

It's no surprise that the Lazarus hacking group is suspected of being the culprit of this hack, they are believed to have perpetrated many attacks in the past.