Table of Contents
- Who is to blame for crypto hacks?
- Q1 2023: Crypto Hacks and Scams
- Q2 2023: Top 5 Crypto Hacks and Scams (So Far)
- Why You Should Proactively Beef Up Your Crypto Security
- Why Do You Need Crypto Cold Storage?
- Boost Your Security To The Power of CoolWallet Cold Storage
According to Chainalysis, 2022 was the biggest year ever for crypto hacks, with bad actors looting a staggering $3.8 billion in assets (or $4.17 billion if you ask Crystal), despite it being a brutal bear market year with pockets already stretched. Scarily, DeFi protocols were hacked 13 times more than centralized ones according to a Coindesk report.
So far this year, things seem a bit more respectable, with a more “respectable” $320 million according to Certik lifted in Q1 2023. There also seems to be a shift from DeFi to NFT project rug pulls and other scams.
The smaller bounty hauls are likely since most of the “easy” retail money is already flushed out by market volatility, the collapse of key crypto banker Silvergate Bank, central custodian bankruptcies, and better due diligence at centralized exchanges. Still, this doesn’t mean that hackers and scammers are taking it easy on investors. In fact, they’re testing new pathways to your crypto that they will exploit for max extraction value in 2024, a more promising year for the industry, and beyond.
Who is to blame for crypto hacks?
This begs the question: who should take the blame for lost assets? The platform, the criminal, or the user? Usually, the blame game co-mingles responsibility for hacked assets across these parties even before they hit a crypto mixer. In the aftermath of a hack, the party at fault is often the first factor considered once the situation has been resolved and funds have been recovered or deemed permanently lost. Were crypto exchanges negligent in securing user funds? Did traders hastily part with their assets for promises that were too good to be true?
These questions rarely have clear answers, but by examining recent hacks, exploits, and fraud schemes in the crypto space, we can reinforce the old saying: “Think twice, trade once.” And now is also a good time to remind you that as a crypto investor, you’ve bought into fully decentralized digital assets that require no financial intermediary by design (in response to the last banking crisis of 2008) and are supposed to protect against us against the overreach of money printing central banks and greedy financial institutions whose unnecessary charges slowly erode your wealth over time. Crypto should mean taking complete responsibility for your own financial wealth, not a punt on the latest sh*tcoin or meme coin for quick gains. (well, it’s never a bad idea to take small calculated punts in crypto if you have done your research.)
Below we cover some of the most recent 2023 crypto hacks and what they say about the current state of security. We also discuss how security and closer scrutiny will help you stay on top of what may be the beginning of a new bull market to come later in 2023.
Q1 2023: Crypto Hacks and Scams
In the first quarter of 2023, hackers managed to steal over $320 million from the crypto industry, according to blockchain security firm CertiK. Although these losses were lower than in 2022’s first and fourth quarters, they were still significant. A breakdown of the stolen funds reveals that $31 million was lost to 90 exit scams and $222 million to 52 flash loan and oracle manipulation exploits. BNB Chain experienced the most incidents, while Ethereum had the highest losses, totaling $221 million in Q1 2023.
The recent Euler Finance hack accounted for 60% of the losses in Q1 2023, resulting in over $195 million being stolen through a flash loan exploit. However, it’s important to note that a large portion of the funds stolen in these hacks was later recovered through negotiations with the hackers. For example, Euler Finance managed to recover about 90% of the lost funds after nearly a month of negotiations.
This trend of negotiating with hackers to recover funds has become more common in the crypto space. Another example is the lending protocol Sentiment, which recovered approximately $870,000 after offering a $95,000 bounty to those responsible for stealing almost a million dollars from their platform. While the amount lost to hacking may seem massive, the increasing success in recovering funds offers some hope for the future of the industry.
Q2 2023: Top 5 Crypto Hacks and Scams (So Far)
So far in Q2 (April and the first week of May), hacks have been relatively minor compared to the staggering amounts of money lost last year. However, this doesn’t mean hackers have become complacent. On the contrary, they continue devising new ways to target unsuspecting victims, as highlighted in the examples below, which include a couple of shocking names on the Wall of Shame thus far.
1) The Bitrue Exchange Heist ($23 million)
Bitrue, a popular crypto exchange, fell prey to a massive hack in April 2023, leading to the theft of $23 million in Ethereum, Gala, and other cryptocurrencies. The cybercriminals exploited the exchange’s hot wallet system, accessing one of the four hot wallets that held 5% of all assets held by the exchange. One of the main reasons to keep funds on an exchange when not actively trading is their security measures also extend to user funds. Banks are not insured by the government in the same way as a bank.
2) The Crypto Whale Mystery ($10 million)
A perplexing hacking spree this April saw crypto whales and early investors lose $10 million from their accounts across 11 different blockchains, mainly on Ethereum. The hackers targeted individuals with significant holdings, exploiting a vulnerability in the open-source multisig contract used to secure assets. The attack bypassed the contract’s security measures, allowing hackers to access private keys and drain funds. With the source of the hack still not fully understood, keeping private keys offline would have prevented this hack indefinitely.
3) Deus Finance ($6 million)
Deus Finance, a decentralized finance (DeFi) protocol, suffered a security breach on May 5th that resulted in a loss of over $6 million due to an attack on its stablecoin DEI. The hack began on the BNB Smart Chain (BSC) and then targeted the Arbitrum network, where ARB/ETH deployments lost over $5 million. The root cause of the breach was allegedly a basic implementation error in the token contract.
In response to the attack, Deus Finance paused all contracts and burned DEI tokens to prevent further damage. This isn’t the first time Deus Finance has faced a security breach. In March 2022, the protocol was exploited in a flash-loan attack that resulted in over $3 million in losses in Dai and Ether. The stolen funds were funneled using the crypto mixer Tornado Cash, as revealed by PeckShield. Deus Finance operates as a decentralized marketplace for trading digital and non-digital assets, such as commodities, on the Ethereum blockchain.
4) Trust Wallet’s Social Engineering Hack ($4 million)
Trust Wallet users experienced a $4 million loss when crafty hackers used social engineering tactics to bypass security measures. The attackers deceived users into revealing sensitive information, enabling them to access and empty their accounts. Scammers posing as Web3 investors meet in person and convince them to download a PDF containing malware to steal their wallet credentials.
Social engineering attacks, such as phishing and impersonation, are growing as international events attract important figures and employees within the blockchain industry. It’s becoming increasingly crucial for people to stay alert and proactive in safeguarding their personal information and devices.
5) Kucoin’s Twitter Scandal ($22k)
Scammers hijacked Kucoin’s Twitter account to stage a phony crypto giveaway, causing unsuspecting users to send assets to an unknown account. While the amount seems petty in comparison with other hacks, it’s very scary. With such a large amount of communication being done via Twitter or other social media platforms, stolen credentials of a much larger would have been magnitudes worse than the $22,600 lost in this case.
Kucoin has promised to reimburse users that sent money to the fake giveaway but a much larger deal of damage was done to their reputation, as it calls into question how secure any of their personal or business login credentials are.
Why You Should Proactively Beef Up Your Crypto Security
Crypto chains are immutable and cannot be rolled back unless a majority of the network chooses to, and if this happens, this really jeopardizes the trust in a blockchain. Therefore, once your funds have been moved to another wallet, that’s pretty much it. There are no do-overs. For this reason, it’s vital that you proactively bolster your crypto portfolio security before the you-know-what hits the fan. There are no second chances with self-custodial wallets.
Most issues and hacks could have been thwarted if traders had taken self-custody of their funds, used cold-storage devices, and scrutinized promises that seemed too good to be true ( and of course, didn’t keep their private keys on Google Docs, dummy). Implementing a CoolWallet device before your cryptocurrencies are compromised or lost can save you from future headaches. Be proactive in securing your assets.
The hacks we discuss in this article could have been prevented if the stolen cryptocurrencies had been solely managed and secured by their owners. Transfer your tokens to a cold storage device like the CoolWallet Pro before you find yourself in a similar situation.
Why Do You Need Crypto Cold Storage?
When you trade cryptocurrency more than once a day, it’s a lot more convenient to keep it in a place that makes it easier to move around. If it’s not traded daily or intended for down the road, keeping it in the same place as normal or where others have control over it doesn’t make sense, does it?
Cold storage does what it says on the box. It keeps your crypto “cold”, or offline, and therefore safe as physically possible, literally, by ensuring your wallet is not accessible through the internet. By having your private key offline on a physical device, your tokens can only be moved by physically interacting with your CoolWallet Pro cold wallet or another hardware device. Think of your hardware wallet (and any decentralized non-custodial wallet) as the only key to a digital safe that belongs to you personally. This is a core philosophy of crypto ownership and is represented by the Proof of Keys movement which has a simple mantra: Not your keys, not your crypto.
Some advantages of cold storage include full control of your funds at all times, a near 0% risk of being hacked (but never 0, as humans always make mistakes), and greater peace of mind. Your coins will never mysteriously disappear or become frozen as long as they remain in cold storage.
Boost Your Security To The Power of CoolWallet Cold Storage
Scammers are becoming more sophisticated and technical with their hacking attempts. Previously the majority of hacks were targeted at lending protocols or Dapps that were not secure enough, but this is not the case anymore. With their previous victims learning their lesson the hard way, it’s necessary to use a cold storage device to stay one step ahead of the next wave of security threats.
Cold storage remains the best solution to negate the risk of getting your cryptocurrency stolen. In most cases, hackers don’t simply brute force their way into your wallet, but rather use their deception and guile to trick their way inside. On top of this, it’s important to be aware that social scams are on the rise in many forms. Hot wallets are convenient, but if a wallet as popular as TrustWallet can be hacked, so can any other popular hot wallet software.
The CoolWallet team understands that exchanges and hot wallets provide a certain level of convenience when trading your tokens often, which is why ensuring ease of use and a plethora of features remain core to our mission. However, a non-negiotable element remains for us to keep your assets as safe as possible. Our CoolWallet Pro hardware wallet does this by offering you layers of additional protection by keeping your private keys offline and using various phone and app biometric verifications, an EAL6+ secure element protection (read why this is important here), and our military-grade encrypted Bluetooth communication, to name a few.
To extend the reach and utility of your crypto assets, our CoolWallet App serves as a Web3 hub for safe and simple access to the best DeFi and NFT protocols out there, which can all be accessed not only with our cold wallet, but also with our dedicated hot wallet module which helps you get hold of new crypto assets and airdrops faster.
Scams and hacks will always be present in the cryptocurrency space, an industry that thrives on innovation and ensuring the strong survive (longest chain anyone? ), making cold storage, your best judgment, and understanding current hack and scam tactics your best defenses against losing everything.
Stay safe by being smart out there crypto friends!