Millions of dollars already lost to hacks in 2023
Security breaches and hacks have become a harsh reality in the rapidly growing world of cryptocurrencies. With millions of dollars worth of assets on the line, staying ahead of the game and protecting your investments is crucial. Delving into the crypto hack landscape of 2023, we’ll examine the staggering number of incidents that have occurred thus far.
This year has already witnessed a significant amount of hacks. BonqDAO, dForce, Magic Eden, OpenSea, and Harmony are some of the names that fell victim to these hacks.
Third-party hack blamed on inappropriate images displayed on Magic Eden
This year began with unusual activity at Magic Eden. The website of the non-fungible (NFT) exchange Magic Eden was flooded with bizarre photographs.
On Jan. 3, the NFT marketplace managed by Solana (SOL) announced on Twitter that it had not been hacked, but instead, the company’s picture hosting service, which was hosted on a third-party website, was hacked, which resulted in the exposure of several unsavory photos.
On that day, numerous users of Magic Eden noticed that clicking on a collection’s page brought up a pornographic picture and not the usual NFT thumbnail. Several individuals said they had seen a still from The Big Bang Theory.
Robinhood Twitter account hacked to promote a coin
An unknown organization or person hijacked the Twitter account behind the cryptocurrency and stock trading platform Robinhood to encourage users to purchase a new token.
On Jan. 25, several crypto Twitter users stated that Robinhood Twitter posted a tweet calling on its 1.1 million followers to pay $0.0005 for a token on the BNB Smart Chain named “RBH.” Before the post was deleted, the head of product business operations at Coinbase, Conor Grogan, said that at least ten customers had acquired about $1,000 worth of the fraudulent coin.
The founder and CEO of Binance, Changpeng Zhao, then said that the company’s security team had frozen the account connected to the post and was “waiting for further investigations.”
The infamous tweet was later deleted. A spokesman for Robinhood informed a cryptocurrency outlet, Cointelegraph, that the hacker, thought to be a “third party vendor,” had also posted the information on the platform’s Instagram and Facebook sites.
North Korean hackers try to launder funds stolen from Harmony attack
North Korean swindlers responsible for the exploit on the Harmony bridge that happened in June 2022 seemed to continue their efforts to launder the money in January this year. According to on-chain data made public on Jan. 28 by a popular Twitter account and self-proclaimed “blockchain detective” ZachXBT, the culprits transferred 17,278 ether, equivalent to around $29 million at the time of writing, over that weekend.
ZachXBT claimed that the tokens were sent to six other cryptocurrency exchanges, but he did not disclose to which sites the tokens were transferred. Transactions were carried out from three primary addresses.
ZachXBT claims that the exchanges were informed about the money transfers, and as a result, a portion of the funds that had been stolen was blocked. According to the crypto detective, the actions taken by the exploiters to launder the money were strikingly identical to those that took place in June last year, when more than $60 million was laundered.
AllianceBlock also took a hit
AllianceBlock lost millions of dollars due to a recent attack that resulted in the theft of 110 million ALBT tokens from Bonq, a decentralized lending project built on Polygon.
Due to the $12 million exploit, AllianceBlock, a platform that claims to be focused on bridging decentralized finance (DeFi) and traditional finance (TradFi) worlds, has suffered a massive setback.
According to the company’s statement, attackers took advantage of a security flaw in Bonq, which allowed them to access 110 million ALBT tokens. The project asserts that the vulnerability is unique to Bonq and that none of its smart contracts were compromised during the attack.
BonqDAO hit again
A somewhat modest decentralized autonomous organization (DAO) also became a victim of a rather significant smart contract hack, which resulted in a $120 million theft from its protocol.
The exploiter was able to control the price of the AllianceBlock (ALBT) token after BonqDAO informed its Twitter followers on Feb. 1 that an oracle breach had compromised its Bonq protocol. This enabled the exploiter to steal tokens.
According to the findings of an independent investigation conducted by the blockchain security company PeckShield, the amount of money stolen in the Bonq hack was approximately $120 million. This figure was calculated by subtracting $108 million from 98.65 million BEUR tokens and $11 million from 113.8 million wrapped-ALBT (wALBT) tokens.
According to PeckShield, the attacker tampered with the wALBT token’s price by altering the oracle’s update price function in one of BonqDAO’s smart contracts.
This resulted in the BEUR and wALBT being exploited. The hacker then burned all 113.8 million wALBT to unlock ALBT, having traded around $500,000 worth of BEUR for USDC on Uniswap.
Sperax suffers another bridge
Spreek, a Twitter user, alerted the community on Feb. 4 that $250,000 worth of Sperax USD (USDs) had been abused.
According to his findings, the assault vastly increased the available USD. It did not leave any trace in the transfer logs that would indicate minting or transferring an infinite amount of tokens.
The Sperax USD smart contract showed no signs of having been maliciously updated. Accordingly, the investigator has hypothesized that the attacker may have used a vulnerability in the stablecoin’s rebasing function.
On-chain logs suggest that the attacker made off with stablecoins valued at more than $250,000 before Sperax suspended the USDs system.
dForce also suffers from exploit
The dForce network was another February victim of a serious hacking assault that resulted in damages that exceeded around $3.65 million.
Following a year in which the crypto space was subjected to several assaults, February, like January, began with a rhythmic pattern. On Feb. 10, PeckShield issued a warning regarding a cyber assault on dForce net. The company estimated that the amount of money lost was around $3.65 million.
PeckShield brought attention to the fact that the money had been taken on two different tiers: Optimism and Arbitrum. According to their tweet, the alleged losses were associated with three distinct types of cryptocurrency assets. The blockchain security platform, for example, discovered that dForce had thrown away about 1,236.65 ETH and 719,437 USX live due to the Arbitrum layer-2 protocol.
PeckShield then tweeted a request for dForce to investigate the vulnerability. An hour and a half after the initial report, dForce verified the details. wstETH/ETH vaults on Arbitrum and Optimism were recently exploited, according to the network.
dForce said that they had discovered the problems a few hours earlier and promptly put a halt to the vaults to limit the crisis. However, they stressed that most of this process is still functional and that the money is still securely housed in dForce Lending. However, at the time of writing, dForce did not reveal every aspect of the assault. They said a paper outlining the solutions in great detail would be forthcoming.
OpenSea is not left behind
In February 2022, OpenSea was the victim of a significant phishing assault, which led to the theft of non-fungible tokens (NFTs) worth over $1.7 million from its users. The NFT marketplace has been subject to numerous attacks over the past years. OpenSea users reportedly lost a total of $3.9 billion to fraudulent activities in 2022 alone.
Proper security measures, anyone?
As we moved into 2023, there was a resounding chorus of pledges to raise security inside the crypto sector. However, there has been little shift in the situation thus far. Blockchain-based businesses need to do more to protect their customers from fraudulent activity.
Since the FTX debacle, many exchanges seem to have focused on transparency and proof of funds, but the question of securing one’s assets should always be a priority.
Users themselves must take action to protect their assets while being wary of phishing efforts and only transacting with reputable exchanges and wallets.