Deep Dive: $452 Million Was Lost to Hacks In The First Quarter Of 2023

Ajibola Akamo

2 years ago

Top 5 Cryptocurrencies to Watch in June 2023

Key Highlights

The total amount of funds lost to crypto hacking and scams in Q1 2023 stands at $452 million, highlighting the pressing need for increased awareness and vigilance in protecting digital assets in the cryptocurrency landscape.
Flash Loan issues were the biggest contributor to losses in Q1 2023, with over $200 million lost through this channel. Smart contract exploits were the most common tactic used by cybercriminals, followed by rug pull and flash loan attacks.
Tokens were the most popular targets for hackers and scammers in Q1 2023, as they are easy to deploy and prey on the fear of missing out among new crypto investors. Lending and borrowing protocols were the most affected in terms of amounts lost, driven by a small number of high-profile events.

It’s no news that the rise of cryptocurrencies has been accompanied by an increasing number of hacking and scamming attempts that target digital assets.

Despite advancements in security measures, cybercriminals continue to develop new and sophisticated tactics to steal valuable crypto assets from individuals and organizations.

Unfortunately, the first quarter of 2023 has seen the total amount of funds lost to crypto hacking and scams, stand at a staggering $452 million, according to data from antivirus and app provider De.Fi.

This highlights the pressing need for increased awareness and vigilance when it comes to protecting digital assets in the rapidly evolving landscape of cryptocurrency.

While losing money in the cryptocurrency space is generally bad, this news has a sense of bittersweet sides to it as losses were down from $1.3 billion in the first quarter of 2022, representing a 65.23% decline.

However, the recovery rate was also down. In this article, we will delve into the details of the report by De.Fi and look at the top five hacks in the first quarter of 2023.

Key Stats

Out of the $452m lost in Q1, a total of $215m was lost in just the first 20 days of March, underscoring the rapid pace at which scammers have been operating in recent weeks.
In total, $130m was recovered in Q1 this year, marking a recovery rate of 28.7%. This figure was $520m in 2022, meaning that 40% of funds were recovered in the same month last year. The whole amount was recovered in March, leaving January and February the rare months when 0$ was recovered in crypto hacks & scams.
The biggest losses this quarter were due to Flash Loan issues, which have been becoming increasingly common in recent months, as over $200 million was lost through this channel.
In terms of frequency, smart contract exploits were the most popular among criminals at a total of 17 instances. This was followed by the rug pull and flash loan attack, at 8 and 6 cases respectively, the latter of which resulted in a majority of the losses in March.
The Ethereum chain had the highest losses that were recorded in these first three months of the year standing at $216 million.
BNB Smart Chain unfortunately remains popular for crypto criminals, with a whopping 18 cases happening in the first three months of the year, almost double that of its closest peers, with 10 on ETH and 7 on Arbitrum.
Tokens proved to be the most popular targets this year so far. This is unsurprising given that tokens are easy to deploy, and prey on the fear of missing out experienced by many new crypto investors. This is especially true with the market comeback in recent days. In terms of amounts lost, though, Lending and Borrowing protocols took the prize, though this was driven by a small number of high-profile events.

Top Five Hacks

Euler Finance — $196 million

On March 13th, Euler Finance, a prominent Ethereum-based noncustodial lending protocol, fell victim to a devastating flash loan attack.

The breach led to the loss of millions of dollars worth of various cryptocurrencies, including Dai, USD Coin (USDC), staked Ether (StETH), and Wrapped Bitcoin (WBTC).

The attacker executed multiple transactions, making away with a staggering total of nearly $196 million.

Detailed on-chain data revealed the theft included $8.7 million in Dai, $18.5 million in Wrapped Bitcoin, $135.8 million in Staked Ethereum, and $33.8 million in Circle’s USD stablecoin, USDC. Meta Sleuth, a reputable crypto analytic firm, drew parallels between this attack and a deflation attack that occurred only a month prior.

The attacker utilized a multichain bridge to facilitate the transfer of funds from the Binance Smart Chain (BNB) to the Ethereum network. Upon successfully moving the funds, the attacker commenced the flash loan attack.

To further cover their tracks, the stolen funds were deposited into Tornado Cash, a well-known crypto mixer, complicating recovery efforts.

On March 25th, over 51,000 ether, valued at nearly $90 million as of Saturday, was sent back to the Euler deployer contract. On March 27th, the hacker returned the additional $39 million in 3 transactions.

BonqDAO — $120 million

On 2 February, BonqDAO and AllianceBlock, two blockchain-based platforms, suffered a major loss of $120 million due to a vulnerability in the BonqDAO smart contract.

The exploit has forced the suspension of trading and liquidity to prevent the stolen tokens from being converted into other assets.

The Bonq protocol has also since been suspended, and the team is currently working on a solution to enable users to withdraw the remaining collateral.

The BonqDAO exploit occurred when its price oracle was manipulated, resulting in an increase in the WALBT price. This allowed the attacker to mint over 100 million BEUR.

The attacker then manipulated the WALBT price and liquidated multiple troves, enabling them to withdraw 113.8 million WALBT and 98 million BEUR, with a combined value of over $10 million.

The dumping of these illicit gains resulted in a significant drop in the value of both WALBT and BEUR.

The WALBT price dropped by more than 50%, and the BEUR price dropped by 34%. As a result, the total loss for BonqDAO and AllianceBlock was estimated to be $120 million.

CoinDeal — $45 million

The U.S. Securities and Exchange Commission (SEC) has recently filed charges against a group of individuals and companies implicated in the CoinDeal investment scheme.

This fraudulent operation reportedly raised over $45 million through the sale of unregistered securities, ultimately defrauding tens of thousands of unsuspecting retail investors.

The individuals charged in the scheme include Neil Chandran, Garry Davidson, Michael Glaspie, Amy Mossel, and Linda Knott, along with two unnamed companies.

The SEC alleges that the defendants falsely promoted CoinDeal, a purported blockchain technology company, as having been sold for trillions of dollars. They claimed that investors would generate substantial returns by investing in the venture.

However, the SEC’s investigation revealed that the defendants misappropriated millions of dollars from investor funds for their personal use. Among other luxury items, Chandran allegedly used the stolen funds to acquire cars, real estate, and a boat.

The SEC is now seeking to recover the misappropriated funds, along with pre-judgment interest and penalties. They are also pursuing permanent injunctions against all the defendants.

Neil Chandran is currently behind bars, awaiting trial in a separate investment fraud case overseen by the U.S. Justice Department. As regulators work to dismantle the CoinDeal scheme, the case serves as a stark reminder of the need for vigilance in the rapidly evolving world of digital assets and blockchain technology.

Monkey Drainer — $16.5 million

The Monkey Drainer phishing group announced in March on their Telegram channel that they are shutting down their illicit service.

The group, which specialized in providing phishing smart contracts, reportedly stole a staggering $16,506,602 before ceasing operations.

Monkey Drainer’s tactics involved supplying malicious smart contracts with unverified source code to unsuspecting users. These contracts were designed to drain the wallets of affected individuals, stealing native coins, ERC20 tokens, and NFTs across various blockchain networks, including Ethereum, Binance, and Avalanche.

The group took a 30% cut of the stolen funds as payment for their services.

Following the announcement, the Monkey Drainer hacker claimed that all files related to the operation had been immediately deleted.

SlowMist, a blockchain security firm, confirmed the total stolen amount reached $16,506,602. The sudden closure of the group highlights the ongoing threats posed by phishing scams in the cryptocurrency space and the need for increased vigilance among users and platforms alike.

Platypus Finance — $8.5 million

Platypus Finance, an automated market maker (AMM) offering stable swap opportunities, recently fell victim to a flash loan attack.

The perpetrator exploited several asset contracts within the protocol using an unverified malicious smart contract, ultimately stealing $8,500,887 in stablecoins. The stolen assets included around 4,400,000 USDC, 2,700,000 USDT, 687,000 BUSD, and 691,000 DAI.

The attacker took advantage of a vulnerability in the USP solvency check mechanism, securing a flash loan of 44,000,000 USDC. They then swapped the loan for 44,000,000 Platypus LP-USD and minted 41,700,000 USP tokens at no cost. These tokens were subsequently exchanged for various stablecoins.

At the time of reporting, the Platypus Finance team was collaborating with third-party services like Binance, Tether, and Circle to freeze the stolen assets, and USDT has already been successfully frozen.

Despite these efforts, the attacker managed to transfer 2,403,165 USDC through the Gnosis Proxy, moving a portion of the stolen funds. In response, the Platypus Finance team identified and removed the malicious contract and has since implemented additional security measures to prevent similar attacks in the future.