Over the last few years, cryptocurrency hacking has become a pervasive and formidable threat, leading to billions of dollars stolen from crypto platforms and exposing vulnerabilities across the ecosystem. As we revealed in last year’s Crypto Crime Report, 2022 was the biggest year ever for crypto theft with $3.7 billion stolen. In 2023, however, funds stolen decreased by approximately 54.3% to $1.7 billion, though the number of individual hacking incidents actually grew, from 219 in 2022 to 231 in 2023. Why the huge drop in stolen funds? Mostly due to a drop in DeFi hacking. Hacks of DeFi protocols largely drove the huge increase in stolen crypto that we saw in 2021 and 2022, with cybercriminals stealing more than $3.1 billion in DeFi hacks in 2022. But in 2023, hackers stole just $1.1 billion from DeFi protocols. This amounts to a 63.7% drop in the total value stolen from DeFi platforms year-over-year. There was also a significant drop in the share of all funds stolen accounted for by DeFi protocol victims in 2023. We’ll explore the possible reasons for the drop in DeFi hacking in greater detail later on. Despite that drop, there still were several large hacks of notable DeFi protocols throughout 2023. In March, for instance, Euler Finance, a borrowing and lending protocol on Ethereum, experienced a flash loan attack, leading to roughly $197 million in losses. July 2023 saw 33 hacks — the most of any month — which included $73.5 million stolen from Curve Finance. Similarly, several large exploits occurred in September and November 2023 on both DeFi and CeFi platforms: Mixin Network ($200 million), CoinEx ($43 million), Poloniex Exchange ($130 million), HTX ($113.3 million), and Kyber Network ($54.7 million).
While these are the largest cryptocurrency hacks that have happened in 2023, OODA has been compiling a comprehensive Web3 incident database based on our research to categorize what compromises are taking place as well as document the root causes that plague Cryptos, DeFi, NFTs, and Web3 in general. Tracking root causes provides comprehensive insights into how innovators can create robust cyber risk management approaches and reduce the potential for consequential attacks. You can access the OODA comprehensive Crypto Incident tracker here.