Funds stolen from crypto platforms fall more than 50% in 2023

Over the last few years, cryptocurrency hacking has become a pervasive and formidable threat, leading to billions of dollars stolen from crypto platforms and exposing vulnerabilities across the ecosystem, a report showed. According to Chainalysis’ Crypto Crime Report, 2022 was the biggest year ever for crypto theft with $3.7 billion stolen. In 2023, however, funds stolen decreased by approximately 54.3 per cent to $1.7 billion, though the number of individual hacking incidents actually grew, from 219 in 2022 to 231 in 2023.

The huge drop in stolen funds can be attributed mostly to a drop in DeFi (decentralised finance) hacking. Hacks of DeFi protocols largely drove the huge increase in stolen crypto that was seen in 2021 and 2022, with cybercriminals stealing more than $3.1 billion in DeFi hacks. But last year, hackers stole just $1.1 billion from DeFi protocols. This amounts to a 63.7 per cent drop in the total value stolen from DeFi platforms year-over-year. There was also a significant drop in the share of all funds stolen accounted for by DeFi protocol victims in 2023, as we see on the chart below.

Despite that drop, there still were several large hacks of notable DeFi protocols throughout 2023. In March, for instance, Euler Finance, a borrowing and lending protocol on Ethereum, experienced a flash loan attack, leading to roughly $197 million in losses. July 2023 saw 33 hacks — the most of any month — which included $73.5 million stolen from Curve Finance.

Similarly, several large exploits occurred in September and November 2023 on both DeFi and CeFi platforms: Mixin Network ($200 million), CoinEx ($43 million), Poloniex Exchange ($130 million), HTX ($113.3 million), and Kyber Network ($54.7 million).

Attack vectors affecting DeFi are sophisticated and diverse

DeFi hacking exploded in 2021 and 2022, with attackers stealing approximately $2.5 billion and $3.1 billion, respectively, from protocols. Mar Gimenez-Aguilar, lead security architect and researcher at Halborn, a security company specialising in web3 and blockchain solutions, said: “There’s been a worrying trend in the escalation of both the frequency and severity of attacks within the DeFi ecosystem. In our comprehensive analysis of the top 50 DeFi hacks, we observed that EVM-based chains and Solana are among the most targeted chains, largely due to their popularity and capability to execute smart contracts.” When examining this trend last year, security experts told us that they believe many DeFi vulnerabilities stemmed from protocol operators focusing primarily on growth, and not enough on implementing and maintaining robust security systems.

However, for the first time since DeFi’s emergence as a key sector of the crypto economy, the yearly total stolen from DeFi protocols fell — and fell significantly.

The value lost in DeFi hacks declined by 63.7 per cent year-over-year in 2023, and median loss per DeFi hack dropped by 7.4 per cent. And, while the number of individual crypto hacks rose in 2023, the number of DeFi hacks specifically declined by 17.2 per cent.

Classifying and analyzing attack vectors within the DeFi landscape

Attack vectors affecting DeFi are diverse and constantly evolving; it is therefore important to classify them to understand how hacks occur and how protocols might be able to reduce their likelihood in the future. According to Halborn, DeFi attack vectors can be placed into one of two categories: vectors originating on-chain and vectors originating off-chain.

On-chain attack vectors stem not from vulnerabilities inherent to blockchains themselves, but rather from vulnerabilities in the on-chain components of a DeFi protocol, such as their smart contracts. These aren’t a point of concern for centralized services, as centralized services don’t function as decentralized apps with publicly visible code the way DeFi protocols do. Off-chain attack vectors stem from vulnerabilities outside of the blockchain — one example could be the off-chain storage of private keys in, say, a faulty cloud storage solution — and therefore apply to both DeFi protocols and centralized services.

Overall though, the data provides reasons for optimism. Both the drop in raw value stolen from DeFi, and the relative decline in on-chain vulnerability-driven hacking over the course of 2023 suggests that DeFi operators may be getting better at smart contract security. “I do think that the increase of security measures in DeFi protocols is a key factor in the reduction in the quantity of hacks related to smart contracts vulnerabilities. If we compare the top 50 hacks by value lost from this year with those from previous ones (studied in Halborn’s Top 50 hacks report), there is a reduction in percentage of losses from 47.0 per cent of the total to 18.2 per cent. Price manipulation attacks, nevertheless, remain almost constant with around 20.0 per cent of the total value lost. This is an indication that, when performing an audit, protocols should also take into account how they interact with the whole DeFi ecosystem,” said Gimenez-Aguilar. However, she also stressed that the growth in hacks driven by attack vectors such as compromised private keys indicates that DeFi operators must move beyond smart contract security and address off-chain vulnerabilities as well: “Doing the same comparison as before, losses related to compromised private keys increased from 22.0 per cent to 47.8 per cent.” As we see above, both on-chain and off-chain vulnerabilities can be highly destructive.

However, Gimenez-Aguilar also acknowledged that the drop in DeFi hacking losses may be driven in part by the overall drop in DeFi activity in 2023, which may have simply decreased the number of DeFi protocols that made ripe targets for hackers. Total value locked (TVL), which measures the total value held or staked in DeFi protocols, was down for all of 2023, following a sharp decrease in the middle of 2022.

There are steps DeFi operators should take to improve security. DeFi protocols vulnerable to on-chain failures can develop systems that monitor on-chain activity related to economic risks and prior platform losses. Companies such as Hypernative and Hexagate, for example, produce customized alerts to prevent and react to cyber attacks, which can help platforms better secure integrations with third parties such as bridges, and communicate with customers who might be at risk. Platforms vulnerable to off-chain failures may aim to reduce reliance on centralized products and services.

North Korea hacked more crypto platforms than ever in 2023, but stole less in total than in 2022

North Korea-linked hacks have been on the rise over the past few years, with cyber-espionage groups such as Kimsuky and Lazarus Group utilizing various malicious tactics to acquire large amounts of crypto assets. Just last year, cryptocurrency stolen by hackers associated with North Korea reached its highest level of approximately $1.7 billion. In 2023, we estimate that the total amount stolen is slightly over $1.0 billion, but as we see below, the number of hacks rose to 20 — the highest number on record — in the context of the overall crypto bear market.

North Korea-linked hackers stole approximately $428.8 million from DeFi platforms in 2023, and also targeted centralized services ($150.0 million stolen), exchanges ($330.9 million), and wallet providers ($127.0 million).

2023 saw a notable decrease in North Korean targeting of DeFi protocols, mirroring the overall drop in DeFi hacking.

Although the total amount stolen from crypto platforms in 2023 was down significantly from prior years, it is clear that attackers are becoming increasingly sophisticated and diverse in their exploits. The good news is, crypto platforms are becoming more sophisticated in their security and responses to attacks, too.

When crypto platforms act promptly after exploits, law enforcement agencies will be better equipped to contact exchanges where frozen funds are located to initiate seizure and contact services through which the funds flowed to gather relevant information about accounts and users. Over time, as these processes improve, it is likely that funds stolen from crypto hacks will continue to decline.