Top Ten Blockchain Attacks of 2023

SlowMist
5 min readJan 11, 2024

In our last report, we covered the 2023 activities of North Korean hackers Lazarus Group, major phishing gangs, and some money laundering tools. This report focuses on the top ten cyber attacks of 2023.

Top Ten Attacks of 2023

Mixin

On September 23, 2023, an attack on Mixin Network’s cloud service provider’s database led to a significant asset loss on its mainnet, totaling around $200 million — the largest financial loss in a 2023 attack. Mixin announced collaboration with Google and the SlowMist security team for investigation. The official statement promised up to 50% compensation for the losses, with the remainder to be paid in bond tokens and repurchased with profits.

(https://twitter.com/SlowMist_Team/status/1706133260869468503)
(https://twitter.com/MixinKernel/status/1706139175018529139)

Euler Finance

On March 13, 2023, the DeFi lending protocol Euler Finance suffered an attack, netting the attacker around $197 million. SlowMist’s analysis revealed that the attacker exploited lightning loans for deposits and triggered a soft liquidation by donating funds to a reserve address after leveraging twice. The attacker exploited two vulnerabilities: donating funds without checking for insolvency and exploiting a larger yield value during soft liquidation. On April 4, Euler Labs reported that the attacker returned all the stolen funds.

January 10, 2024, Euler Labs’ CEO Michael Bentley detailed the incident in a blog post “War & Peace.”

(https://medium.com/eulerfinance/war-peace-ab2670711175)

(https://twitter.com/euler_mab/status/1745079435332550836)

Poloniex

On November 10, 2023, the Poloniex exchange was hacked, resulting in a $130 million loss. SlowMist speculated an APT attack, possibly by Lazarus Group, given the attack’s sophistication. Poloniex’s CEO Justin Sun stated that part of the stolen assets were frozen and business income would cover the losses.

(https://twitter.com/SlowMist_Team/status/1723006264693657708)

BonqDAO & AllianceBlock

On February 2, 2023, BonqDAO and AllianceBlock were attacked due to a vulnerability in BonqDAO’s smart contract, losing about $120 million. The attacker exploited an oracle manipulation, triggering liquidations at incorrect prices. AllianceBlock clarified that no smart contracts were compromised and both teams worked to mitigate the impact by reducing liquidity.

HTX & Heco Bridge

On November 22, 2023, HTX and its Heco cross-chain bridge were attacked, totaling $113.3 million in losses. Justin Sun announced on Twitter that HTX would fully compensate the losses and temporarily halt deposits and withdrawals.

(https://twitter.com/justinsuntron/status/1727304656622326180)

Atomic Wallet

On June 3, 2023, Atomic Wallet users reported thefts on social media. Less than 1% of monthly active users were affected. SlowMist’s analysis suggested a security issue in the download process, estimating losses at least $100 million.

Orbit Chain

On December 31, 2023, Orbit Chain’s cross-chain protocol was attacked, losing $81.6 million. Orbit Chain requested global crypto exchanges to freeze the stolen assets and offered up to $8 million for decisive intelligence on January 11, 2024.

(https://twitter.com/Orbit_Chain/status/1745331289098711041)

Curve Finance and Related Incidents

On July 30, 2023, Curve Finance announced on Twitter that due to a recursive lock failure, several stablecoin pools using Vyper 0.2.15 (alETH/msETH/pETH) were attacked. The crvUSD contract and other funds were unaffected. To date, the Curve Finance stablecoin pool hack has caused a total loss of $73.5 million for Alchemix, JPEG’d, MeTRONomeDAO, deBridge, Ellipsis, and the CRV/ETH pool. On August 6, Alchemix tweeted that the Curve Finance hacker had returned all of Alchemix’s funds in the Curve pool. On August 19, MeTRONomeDAO reported that an MEV bot named “c0ffeebabe” had recovered most of the stolen funds and returned them to MeTRONome.

CoinEx

On September 12, 2023, CoinEx was hacked due to a leaked hot wallet private key, incurring a $70 million loss. CoinEx identified and isolated suspicious wallets related to the attack. SlowMist found links between the CoinEx, Stake.com, and Alphapo hackers, suspecting Lazarus Group’s involvement.

(https://twitter.com/SlowMist_Team/status/1701919426009035190)

Alphapo

On July 23, 2023, Alphapo’s hot wallet was hacked, losing about $60 million. The funds were exchanged on Ethereum and transferred across Avalanche and BTC networks. The attack likely involved the Lazarus Group as well.

Summary

The top ten attacks of 2023 led to a total loss of about $1.145 billion. Euler Finance and Curve Finance incidents saw partial funds recovery. SlowMist recommends comprehensive audits and robust emergency plans for quick, effective responses and transparency in security incidents.

Check out our full report below:

https://www.slowmist.com/report/2023-Blockchain-Security-and-AML-Annual-Report(EN).pdf

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. They offer AML (Anti-money laundering) software, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. They have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, they can identify risks and prevent them from occurring. Their team was able to find and publish several high-risk blockchain security flaws. By doing so, they could spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.