Exploring Interconnected Trading with Cross-L2 DEX Solutions

4Cum...U9pd

3 Feb 2024

The TOP 5 Crypto Hacks of 2023

NEFTURE SECURITY I Blockchain Security
·
Follow
Published in
Coinmonks
8 min read
·
21 hours ago

Listen

Share

More
2023
‘s crypto actors biggest bully award goes to *rolling drum* North Korea state-sponsored hacking group: Lazarus!
Linked to at least 9 hacks in 2023, responsible for 3 out of the 6 biggest hacks, they made off with $630 million. Impressive, yet a far cry from the $1.7 billion plundered in 2022!
Nevertheless, 2023 marked a grand year for the Lazarus Group, crossing the $3 billion theft threshold from the crypto space — a landmark achieved by no other hacker group (that we know of).
While they provided much of 2023’s hacking entertainment, they only scored one heist in the top 5 of the 2023 crypto hack leaderboard.
Now, let’s delve into the details of the 5 biggest hacks of 2023, which initially brought in a combined total of $777 million!

1 — Multichain, a $231M Insider Work?

Source: Forex News
On July 5th, 2023, Multichain, a blockchain bridge, was first drained of a whooping $130 million, five days later, it was drained of an additional $107 million.
Following the initial theft, Multichain advised users to cease project usage and revoke contract approvals, a warning largely unfollowed as a significant amount of assets were still on the bridge at the time of the second hack.
Although the cause of the hacks were undisclosed, blockchain security researchers came to the conclusion that the hack was highly likely due to compromised administrator keys.
The circumstances surrounding those hacks, though, made them suspicious of how the administrator keys could have been compromised.
All had seemingly started quite well for Multichain in 2023, in March they had boasted of a total transaction volume had exceeded $100 billion.
But two months later, users statred reporting en masse that they experienced abnormal delays in cross-chain funds arriving on Multichain.
On May 24th, 2023, Multichain took to Twitter to announce that those issues were due an undisclosed “force majeure.”
Source: Mutlichain’s Twitter
This announcement was welcomed as well as you can imagine by the community, who roasted plenty Multichain, and grew suspicious of the project.
Rumors started making the round about the CEO being possibly arrested.
The rumors were true, but it would take months and those hacks for the full truth to be disclosed.
On July 14th, 2023, 4 days after thesecond hack, Multichain’s employee(s) took to Twitter to explain all that have been unfolding behind the scene in those past months.
Yes, Multichain CEO Zhaojun had been arrested.
On May 21st, 2023, Chinese authorities went to his home and took him to custody. Following his arrest, the Multichain team discovered that their operational access keys to the MPC node servers had been revoked.
Which mean that they could not log into the MPC servers needed to facilitate cross-chain operations, which in turn explains why Multichain users started experiencing abnormal delays at that time.
On June 4th, 2023, the team disclosed that:

Zhaojun’s family successfully logged into the cloud server platform using the historical information on his home computer.
However, Zhaojun’s family only allowed Multichain team engineers physical access to the home computer to fix technical issues with Router2 and Router5.

A highly dubious choice.
That is explained away by the two “hacks” that took place one month later.
According to the blockchain security at large, it’s high likely that they were orchestrated from the inside.
A spokeperson for Chainanalysis, told in a statement for Cointelegraph that it was “ a possible rug pull,” in a scenario where “the attacker gained control of Multichain’s MPC keys in order to pull off this exploit.”
One day before Multichain’s employee public statement, the CEO’s sister was arrested and marked the collapse of the project.
Despite, $62.5 million from the hacks saved by Circle and Tether, the hacks and ensuing collapse had dramatic consequences for some crypto actors. Due to Multichain-related losses, Geist Finance, Hector Network and SpiritSwap had to shut down.

2 — Mixin, North Korea Strikes Again!

As predicted months ago, supply chain attacks are on the rise! At least 4 supply chain attacks were reported in 2023 amounting to $237 million in losses and contributing to the second biggest hack of the year: Mixin Network!
In cybersecurity, what qualifies as a supply chain attack is a cyberattack that targets organizations and attempts to inflict damage by exploiting the “weaker link(s)” and their vulnerabilities in the supply chain network.
The “Supply Chain Network” is every intermediary and organization used to operate a business. Every new actor in a supply chain brings with it its “points of vulnerability.”
As a result, supply chain attacks have become one of the most dangerous security threats for businesses and organizations at large.
In September 2023 alone, two supply chain attacks took place in the crypto space.
Ethereum-based automated market maker Balancer’s frontend was compromised, leading to a $240,000 loss when their DNS service provider EuroDNS was targeted by a social engineering attack.
Four days later, the Mixin hack took place.
This time around, it was their cloud service provider, Google, that was successfully breached and enabled the private key exploit that resulted in the $200 million loss.
North Korea state-sponsored hacking group Lazarus is thought to be the mastermind behind the attack.
This latest hack, due to the significant damage it caused, suggests that supply chain attacks could become one of the major threats in the crypto industry in the years to come, as it has for everyday economic actors.

Web3 actors converging toward each other and becoming even more interwoven to provide better services for web3 users is turning into an ever-lasting trend.

Thus, supply chain attacks will grow as these web3 actors’ supply chains become even more fragmented, creating multiple new points of vulnerability.
Supply chain attacks will possibly abound aplenty in 2024.

3 — Euler, a Shenaniganesque Hack

Source: Cryptopolitan
The most notable flash loan attacks that took place in 2023 was Euler Finance for its scale: $197 million and for the theatrics surrounding it.
To make it short, the whole affair was embroiled in North Korean shenanigans!
According to on-chain data initially identified by Lookonchain, the Euler Finance protocol hacker transferred 100 ether to a wallet linked to the North Korean state-sponsored hacking group, Lazarus.
The immediate conclusion was, “Here we go again, North Korea is behind the 6th crypto hack of all time, who is surprised?”
But wait, the plot thickens!
On March 20th, the hacker sent an on-chain message to Euler claiming that:

“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement.”

Lazarus Group has never negotiated sending any funds back until then. Moreover, why would they ever send funds to a flagged address that could trace back to them?
Well, maybe because they were not behind this hack!
And probably because they were dragged into this mess by the hacker without their permission, they attempted to get right back at him and jumped with their two feets in the middle of the Euler Saga!
The day following the Euler hacker’s peace offering, Polygon’s CISO Mudit Gupta reported that a wallet connected to the Lazarus sent 2 Ethereum, worth $3,586 to the Euler Finance hacker, with a message urging him to decrypt an encrypted message!
Encrypted message that was nothing more than a phishing attempt to get the Euler exploiter’s private key and screw him over!
Well, that was quite the convoluted story, to say the least.
Since then, the Euler hacker has shown himself to be true to his words and sent back $177 million to the protocol.

4 — Poloniex, Manhunt or Insider job?

Source: Cryptodaily
$126 million was drained from the Poloniex cryptocurrency exchange in November 2023 due to compromised private keys.
Initially, it was assumed that the Lazarus Group was behind the hack, given the high stakes and the method used, reminiscent of their previous attacks: sending different types of tokens to specialized addresses.
However, an announcement by Justin Sun, Poloniex’s majority shareholder, eight days later dispelled this allegation.
Sun affirmed that the funds were traced back to a single individual, whose identity they knew.
They sent an on-chain message to the hacker, threatening to involve authorities from the U.S., China, and Russia if he did not accept their bug bounty. They also warned him that all the assets were flagged, making it impossible for him to cash out.
Three months later, the hacker has yet to respond, and the Poloniex hack has almost been forgotten.
One thing of note though.
Less than two weeks after the Poloniex hack, hackers exploited HTX, formerly known as Huobi, for $30 million and drained $86 million from the HECO Chain, both entities essentially owned by Justin Sun.
This development sets off alarm bells for many.
Two theories emerged: either someone was targeting Justin Sun, or Sun, under scrutiny from authorities around the world, was preparing an escape plan, with the hacks intended to fund his grand exit.

5 — BonqDAO, the Largest Oracle Exploit of 2023

Source: Neptune Mutual
On February 2nd, 2023, the Polygon DeFi protocol BonqDAO lost $120 million to the largest oracle exploit in 2023.
Thanks to a vulnerability in the the price feed smart contract of BonqDAO, they were able to change the price of the $ALBT token and borrow 100 million $BEUR stablecoins.
They then swapped them for other tokens on Uniswap!
Learn all there is to know about Oracle Exploit here:

Oracle Exploit, the Go-to-Crypto Hack in a Bear Market

Oracle Manipulation has cost $219,6 million in 2022, and its victims are many from Algorithmic Market Maker to Yield…
medium.com

Seemingly, BonqDAO’s reputation took such a damaging hit with this oracle exploit that they chose to dissolve their identity and be reborn anew under a new name: 3A DAO!
Source:3A DAO’s Twitter
We hope that 3A DAO, “the safest DeFi Lending Protocol,” will not have to meet the same fate as BonqDAO.
Want to discover more about the 2023 crypto criminal landscape?
Dive into our thorough 2023 report!

A Year of Crypto Crimes in Review — The 2023 Report

More than $5 billion was wiped out by crypto hackers and fraudsters in 2023!
medium.com

About us

Nefture is a Blockchain Security Company that secures crypto transactions!
With Nefture Security, within ✨seconds✨ you can know if your wallet has been compromised and get your wallet security audit for free.
Check if your wallet is compromised now⚡https://www.app.nefture.com/

91

Blockchain Security
Blockchain
Cybersecurity
Cryptocurrency News
Cryptocurrency

91

Follow