The value of cryptocurrency stolen by hackers totaled $1.84 billion across 751 attacks in 2023, according to analysis by firms such as Certik and TRM Labs. That was down by 51% from $3.7 billion in 2022.
Nearly half of the financial losses were caused by private key compromises, according to Certik, with $880.89 million lost in 47 incidents — even though they accounted for only 6.3% of all attacks.
Private key theft, or seed phrase compromise — in which hackers gain access to a cryptocurrency’s underlying servers, networks, or software to steal funds or manipulate trades — was the most damaging type of infrastructure attack. Other forms of attack included protocol attacks and code exploits.
Much like 2022, a small number of large-scale hacks were responsible for most crypto thefts.
The 10 largest hacks represented nearly 70% of all stolen funds, with several exceeding $100 million—including attacks against Euler Finance in March, Multichain in July, Mixin Network in September, and Poloniex in November, according to TRM Labs.
Source: TRM Labs
Binance’s BNB Chain saw the highest number of breaches, according to Certik. There were 387 attacks, which resulted in $134 million in total losses and an average of $346,253 per incident.
And there was a total of 224 attacks on Ethereum, with $686 million stolen—an average of $3 million each.
Hacks, scams, and exploits that affected multiple chains accounted for $799 million in losses in 35 attacks, highlighting the potential security vulnerability in cross-chain bridges.
Four Reasons for the Decline in Crypto Hack Value
Four main factors contributed to the 50% drop in the value of crypto hacks last year: lower cryptocurrency prices, improved industry security measures, increased law enforcement response, and closer industry coordination.
4. Lower Cryptocurrency Values
The most recent crypto winter, which saw prices bottom out in November 2022, made cryptocurrencies less attractive to some hackers.
This is borne out in TRM’s data, which shows that hacks were as much as 70% lower year on year during the first quarter of 2023 when prices remained relatively low. As prices climbed during the year, the value of security breaches increased, peaking at $364.3 million in November, according to Certik. The third quarter saw the most losses, with $686.6 million stolen in 183 hacks.
In addition, data collated by Certik shows that there is a “moderate positive correlation” between the total value locked (TVL) in decentralized finance (DeFi) applications and monthly losses. “This suggests that approximately 31% of the variability in monthly losses can be statistically attributed to changes in DeFi’s TVL, which itself is a proxy for both asset valuations and user demand.”
Interestingly, the correlation between the value of losses to security breaches and TVL is stronger than the correlation between the value lost and the total cryptocurrency market capitalization.
“This indicates that TVL is a more effective metric for understanding the dynamics of losses within the DeFi sector…
While market cap gives a broad view of the crypto industry’s market value, TVL specifically reflects the active engagement and real-time utilization of the assets within DeFi protocols.”
This suggests that “factors specific to DeFi, such as the sophistication of protocols, user behavior, and the effectiveness of security measures, are more closely correlated with the value of losses from security incidents than the broader macro trends.”
- Expert Opinions: What is the Path for Layer 1 Blockchains in 2024?
- How to Mine Bitcoin at Home: A Guide to Best Practices in 2024
So, while market conditions affect the attractiveness of DeFi platforms to users and attackers alike, it is worth noting that 69% of the variability in monthly losses is not explained by TVL alone, Certik stated.
TRM Labs similarly noted that the fall in the value of hacks during the first quarter “was significantly greater than the fall in crypto prices during this period (around 45% for Ethereum)”.
What, then, are the other drivers beyond crypto prices?
3. Improved Security Measures
Crypto developers have ramped up their efforts in implementing security protocols in the past year as the industry strives to gain legitimacy in the eyes of potential new users. Real-time transaction monitoring and anomaly detection systems to protect exchanges and user wallets from attackers, can help to identify and intercept potential security breaches before they happen, TRM said.
“With each major hack or scam, the collective knowledge base of the industry grows. Protocols learn from past mistakes, implementing stronger security measures and fostering a culture of vigilance.
“For example, the increased use of bug bounty programs, improved coding practices, and the wider adoption of risk mitigation strategies (such as comprehensive pre-deployment security reviews and ongoing monitoring once live) all point to an industry that is learning and adapting,” Certik noted.
As platforms and protocols patch vulnerabilities and evolve, hackers adjust their methods, creating an arms race that has a direct impact on the rate of successful breaches.
2. Increased Law Enforcement Responses
As cryptocurrencies have gained more mainstream attention — particularly with the growing involvement of major financial institutions — law enforcement agencies worldwide have become increasingly involved in investigating cybercrime involving digital currencies.
Collaboration between agencies has resulted in faster responses to crypto hacks and attacks and an increase in tracing, freezing, and recovering stolen assets. It can be argued this has played a role in deterring potential hackers because of the risk of detection and prosecution.
Sanctions on the Tornado Cash cryptocurrency mixer in August 2022 by the US Treasury have also likely contributed to the decrease in funds stolen. The Treasury claimed that the mixer was used to launder more than $7 billion since 2019.
The use of sanctions by the US government against crypto targets, as well as governments including Russia and North Korea, may also have made it more difficult to launder hack proceeds.
Still, North Korea was responsible for almost one-third of all funds stolen last year. As US sanctions and law enforcement targeted their go-to platforms, Tornado Cash and ChipMixer, North Korean hackers shifted to using the Bitcoin service Sinbad. After Sinbad was sanctioned in November, they sought out alternative tools.
1. Greater Industry Coordination
A collective approach between exchanges, wallet providers, and blockchain networks has increased information-sharing about vulnerabilities, threats, and breaches. This makes it more difficult for hackers to exploit systemic weaknesses.
READ MORE: Best Decentralized Wallets for 2024
An increase in regulation of the cryptocurrency space is also having an impact. TRM analyzed policy developments in 21 jurisdictions that collectively represent 70% of global crypto market exposure and found that 80% of them have moved to tighten crypto regulation — almost half have specifically advanced consumer protection measures.
It also found a correlation between stronger regulation and reduced illicit activity, as virtual asset service providers (VASPs) in countries that have introduced full licensing and supervisory regimes for crypto have lower rates of illicit activity than those in less regulated jurisdictions.
The Bottom Line: DeFi Challenges Ahead
Although the value of cryptocurrencies stolen in 2023 dropped by half from the year earlier, the industry will face challenges in maintaining a downward trajectory to losses in 2024. The impetus to protect users’ crypto holdings will increase if prices continue to rise to their highest levels seen in recent years.
Malicious attackers are constantly identifying new vulnerabilities and new sophisticated threats could emerge at any time to quickly reverse the decline in hack volumes. It will remain crucial for the industry and law enforcement agencies to be vigilant and adaptable.
“The real test of DeFi’s improved security protocols awaits in the resurgence of a bull market,” according to Certik. Reducing the correlation between TVL and losses to hacks “would be the clearest indicator of a maturing industry that takes security seriously.”