This article is more than six months old

Top 10 crypto hacks of 2023 — Stake ranks fifth as hackers wipe $735m

Top 10 crypto hacks of 2023 — Stake ranks fifth as hackers wipe $735m
Stake.com suffered a hack this week, but it's only the fifth-biggest heist so far in 2023. Credit: Rita Fortunato/DL News.
  • Cybercriminals continue to plague the crypto industry.
  • In 2023, 69 hacks have cost the industry $735 million.
  • The 10 biggest hacks accounted for 84% of the money stolen.

The Stake.com hack this week is the latest digital heist to haunt crypto companies this year.

Cybercriminals have cost crypto companies and DeFi protocols over $735 million across 69 hacks in so far 2023, according to DefiLlama data.

With three months left in the year, 2023 is on course to be a better year than 2022, where hackers stole over $3.2 billion through 60 hacks.

Monthly total value of DeFi and crypto hacks

Ten big attacks in 2023 have made up the majority of the total value hacked, with over $620 million being taken in those attacks alone. The recent Stake.com heist is among them.

Stay ahead of the game with our weekly newsletters

NOW READ: How hackers turn stolen crypto into cash

Dive in to learn more about the 10 biggest crypto hacks in 2023.

1. Euler Finance — March 13 — $197 million

Lending protocol Euler Finance suffered the biggest hack of the year so far in March when an attacker syphoned close to $197 million through a vulnerability in Euler’s donate function contract. The hacker has since returned most of the stolen funds. DL News interviewed a man claiming to be the hacker in July who said he was being kept in a Paris prison.

2. Multichain — July 7 — $126 million

Cross-chain bridge protocol Multichain suffered what appeared to be a hack or a rug pull on July 6. It caused losses of more than $125 million, making it “one of the biggest crypto hacks on record,” according to crypto research firm Chainalysis.

Join the community to get our latest stories and updates

3. Atomic Wallet — June 3 — $100 million

A hacker drained $100 million in crypto from Atomic Wallet users in June. Atomic is a non-custodial crypto wallet. The hack has been connected to the North Korea-linked Lazarus Group, which experts say use crypto heists to fund the country’s rogue nuclear weapons programme. The company was slammed with a class-action lawsuit in the aftermath of the attack.

4. Curve Finance — July 30 — $61.7 million

Curve Finance was hit by several exploits in July that saw hackers swipe $61 million from multiple trading pools. After an initial exploit on July 30, word of the vulnerability spread, leading to several seemingly unconnected hackers exploiting various Curve trading pools in the hours that followed.

5. Stake.com — September 4 — $41.3 million

Crypto’s biggest online casino and sports betting platform Stake.com was hacked for $41 million on September 4.

“The loss of funds is by no means a trivial amount, but this attack has not materially affected Stake’s operations,” co-founder Edward Craven told DL News following the attack.

6. CoinsPaid — July 22 — $37.3 million

Hackers linked to Lazarus Group staged a sophisticated social engineering attack on the crypto payments provider CoinsPaid in July.

The attack involved a six-month long social engineering campaign that culminated in a malicious software download that allowed the crooks to syphon $37.3 million, according to a report shared with DL News.

7. Bitrue — April 14 — $23 million

Hackers hit one of Singapore-based Bitrue’s hot wallets for $23 million in April, an amount Bitrue claimed was less than 5% of its reserves.

8. GDAC — April 8 — $13.9 million

Hackers hit South Korean crypto exchange GDAC in a hot wallet attack, and made off with around 23% of the exchange’s holdings.

9. Yearn — April 13 — $11.5 million

Long-standing DeFi protocol Yearn had $11.5 million stolen in April when an exploiter discovered a vulnerability in an old version of one of the protocol’s contracts. Yearn lost $2.8 million to a different vulnerability in 2021.

10. MyAlgo — February 27 — $9.2 million

In February, a hacker used a compromised API key to insert malicious code into Algorand web wallet MyAlgo’s contracts, according to a postmortem from the company. The hacker made off with $9.2 million and a wealth of user data, including private keys and passwords.

Tyler Pearson is a researcher at DL News. He is based out of Alberta, Canada. Got a hot tip? Reach out to him at ty@dlnews.com.

Related Topics