Late October 2023 brought a major resurgence across the crypto market spearheaded by the world’s foremost cryptocurrency – Bitcoin (BTC). The ongoing rally saw massive inflows as well as different coins and tokens reaching highs not seen in well over a year.
The bull run brought the industry back into the public consciousness – if it had ever indeed truly left – as evidenced by the fact that a recent Grayscale poll found that as many as 70% U.S. voters want a president knowledgeable about blockchain, artificial intelligence, and other innovative technologies.
This rise in traffic also, unfortunately, brought about a renaissance in crypto hacks and scams, as evident to anyone actively following the comings and goings of the digital assets community and as evidenced by the fact that institutions like the U.K.’s Lloyds Bank (LON: LLOY) issued warnings of the most common types of crypto fraud.
Or so it would appear.
As it turns out, much like the crypto market never really left, neither did crypto-related illicit activity and with the New Year right around the corner, Finbold decided to take a brief look at the highest-profile cases from each of the quarters of 2023.
Euler Finance Hack (March)
The Euler Finance flash loan attack that took place on March 13, 2023, proved to be both the biggest single crypto hack of the year and the single largest crypto recovery. The attack, enabled by a liquidity issue in the DonateToReserve function, saw as much as $197 million in DAI, wrapped Bitcoin (wBTC), USDC stablecoin, and staked Ethereum (stETH) stolen.
In a surprising twist, the attacker, who self-identified as Jacob through a series of encrypted messages, not only apologized for the hack but also returned the stolen assets.
Multichain Hack (July)
The Multichain attack was similarly large but, unfortunately, did not have anything near to the happy ending of the Euler Finance hack. The cross-chain bridge protocol was drained of $125 million worth of cryptocurrency in a series of unauthorized and large withdrawals.
A vast majority of the drained assets came from the Fantom bridge and the attacker took USDC, Dogecoin (DOGE), Tether (USDT), wrapped Bitcoin (wBTC), and wrapped Ethereum (wETH).
Approximately a week after the attack, Multichain made an X post that detailed what can be, as an understatement, described as a series of unfortunate events and announced that it is shutting down.
On September 5, the blockchain security firm PeckShield alerted the public that wallets belonging to the online crypto casino Stake.com were drained of a total of $41 million worth of assets.
The attackers, possibly North Korea’s Lazarus Group, according to an FBI report, took a selection of cryptocurrencies, including ETH, Polygon (MATIC), and BNB.
Ledger Supply Chain Attack (December):
Cumulatively, the period between October and December accounted for the largest total losses to hacks in the cryptocurrency industry, but one, the Ledger Connect Kit attack that took place on December 14, drew the most attention.
The attacker drained the wallets of users who inadvertently gave him permission through malicious code the hacker injected into Ledger Connect Kit v1.1.7 library. At the very least, SushiSwap, Zapper, and Revoke.cash were compromised in the attack, and approximately $600,000 in assets was lost.
Ultimately, Ledger’s quick actions prevented more damage from being done, and the company promised to make the affected users whole, to fully follow up on the event, to fix the issues that led to the attack, and to tighten security in general.