The Most Insane Crypto Hacks So Far
Over the weekend, a wallet associated with the Binance exchange was hacked for $27 million in USDT stablecoin. Meanwhile, the third quarter of 2023 was a record-breaking quarter in Web3-sector security breaches. We tell you what happened and look back at the biggest thefts and hacks in the crypto sector.
ZachXBT signals a theft
On November 12, famous cryptocurrency watchdog ZachXBT shared a report on X about the $27 million USDT theft he discovered. What is known about the affected address is that it had received deposits from the Binance exchange a week earlier, and the wallet was also previously involved in Binance's smart contracts' rollout.
The attackers transferred the stolen funds to Ethereum via FixedFlot and ChangeNow, and then to Bitcoin via the Thorchain protocol. This is a common tactic among fraudsters in the crypto space.
It appears someone had 27M USDT stolen yesterday.
— ZachXBT (@zachxbt) November 12, 2023
0x0f2183c8e415e61b4ad7774bf1097019eb2d5b85798a2a229070495131d60321
USDT was quickly swapped for ETH, then transferred to a number of services (FixedFloat, ChangeNow, etc), and bridged to Bitcoin via THORChain. pic.twitter.com/SgEBwyZZSc
Last week, one of the hot wallets of the Poloniex exchange was also hacked for about 125 million dollars. The incident was reported by blockchain security company Peckshield and one of the exchange's investors, Justin Sun. The hacker also took the time to withdraw the stolen funds and made 357 transactions and purchased the TRX token, which caused its price to rise by more than 20% in a day.
#PeckShieldAlert Our community contributor has detected that #Poloniex Hacker 1 sent 25,500 $OMG to #Binance pic.twitter.com/xy9tQXbET5
— PeckShieldAlert (@PeckShieldAlert) November 10, 2023
Certik recently released a report citing the third quarter of 2023 as the most events-rich period, resulting in millions of dollars in cryptocurrency losses. In 184 incidents, $699 million was lost, twice as much as the first and second quarters of 2023 combined.
The Lazarus Group, a group of hackers that has been involved in large-scale hacking attacks on the crypto sector more than once, caused the most damage, which brings us to the next topic...
The biggest hacker attacks in crypto sector of all time
Ronin Network: $625 million (March 2022)
The Ronin Network is an important element of the ecosystem of the popular mobile web3 game Axie Infinity. In March 2022, North Korean hacker group Lazarus Group managed to compromise the protocol's nodes and manipulate transactions. This resulted in a loss of a staggering $625 million dollars. The aftermath affected millions of users around the world, and Ronin Network members immediately launched an extensive recovery effort and cooperated with the investigation.
Poly Network: $610 million (August 2021)
An anonymous group of hackers was able to drain about $610 million from the Poly Network protocol on August 10, 2021. The scammers leveraged addresses on the Ethereum, Binance Smart Chain, and Polygon networks. The protocol team asked miners and exchanges to stop the hackers' transactions. Within 15 days, Poly Network managed to recover the entire stolen amount. It turned out that the hackers' goal was to identify a vulnerability and secure Poly Network. This led the protocol to launch a large-scale bug bounty program to identify and fix various vulnerabilities.
Binance: $570 million (October 2022)
In October 2022, the largest exchange Binance suffered a hack of its Binance Smart Chain blockchain. The network serves as a connecting bridge for the transfer of various assets. Hackers managed to generate a large amount of BNB worth $570 million dollars. Although the problem was quickly fixed, the attack raised the issue of DeFi security and helped identify more vulnerabilities as well as improve the security of cross-chain bridges.
Coincheck: $534 million (January 2018)
A group of hackers attacked a Tokyo-based exchange in January 2018 and withdrew $534 million worth of NEM (XEM) tokens. The attackers took advantage of the company's lack of staff and exploited the exchange's security system. The identity of the attackers was never identified. The incident forced NEM developers to improve security measures by creating a tool that allows exchanges to automatically revoke transactions with stolen funds.
FTX: $477 million (Nov. 2022)
In the early stages of bankruptcy proceedings, FTX was attacked by fraudsters. The attackers managed to withdraw $477 million in cryptocurrency. Former FTX CEO Sam Bankman-Fried admitted that malware installed by a former employee of the company led to the problem. However, the public is still unsure of the veracity of Bankman-Fried's words, being convinced of the involvement of the disgraced businessman himself.
Conclusion
These incidents lead to several important conclusions.
- Although the attacks are different from each other, they are all related in one way or another to security vulnerabilities in protocols/exchanges/wallets. This should spur developers to pay proper attention to security in the future. And as we can observe, fraudulent attacks are contributing to better developer performance. Companies and developers have immediately taken various measures, including recovery of funds.
- Speaking about the recovery of the losses, in all cases the community did not remain apathetic. Even if the victims failed in some cases to recover their funds from the clutches of hackers, the crypto community has always provided material support or participated in investigations. And this aspect is encouraging.
- There are still implementation channels or other ways for hackers to withdraw stolen assets instantly and with little or no trace.
Increasing attacks have led to record numbers, which raises the question of the importance of constantly improving security measures and monitoring in the crypto sector. Cryptocurrency owners should also not forget that they are capable of taking their own steps to improve security when it comes to storing assets. Choosing a trustworthy exchange, storing cryptocurrency in a cold wallet, and safely storing private keys are minimal but necessary steps that should be taken by the user.
Justin Sun Sam Bankman-Fried Binance
