Biggest Crypto Thieves in 2023: How much did they steal?

Cryptocurrency empowers us to regain control over our financial autonomy, allowing us to function as financial institutions. As the cryptocurrency landscape continues to evolve, ensuring the security of digital assets becomes increasingly crucial. 

However, numerous individuals depend on third-party wallet providers. The security of their crypto assets depends on these providers' safeguards and protective measures. As such, cybercriminals often identify vulnerabilities within these third-party platforms, directing their efforts toward stealing cryptocurrencies and leveraging flash loans to their advantage.

2023 incidents have highlighted the vulnerability of various platforms, including crypto exchanges, wallets, and even online gaming, such as Bitcoin pokies. Here, we look into the biggest cryptocurrency thefts in 2023, which collectively account for most of the stolen funds, closing in on $1 billion.

Bitrue, a cryptocurrency exchange, stated on Twitter that it had discovered a "brief exploit" in one of its hot wallets. The hack resulted in the theft of approximately $23 million in various cryptocurrencies, including Shiba Inu (SHIB) and Ether (ETH). 

The trading platform halted withdrawals while it conducted further security checks, promising to refund affected individuals. Ultimately, the crypto exchange claimed that the $23 million successful hack was less than 5% of its assets.

CoinsPaid, the European cryptocurrency payment platform, fell victim to a cyberattack resulting in the theft of $37.3 million. While the North Korean Lazarus Group is suspected as the likely culprit, the Estonian company takes pride in offering cybercriminals a "remarkably low" reward. 

It's important to note that client funds remained unaffected and fully accessible, with regular processing activities restored. Nevertheless, the attack temporarily hampered platform availability and led to a reduction in the company's revenue. 

This cyber incident unfolded on July 22, prompting CoinsPaid to launch an investigation using various blockchain analytics tools to trace and tag the stolen funds. The Estonian law enforcement agency also filed an official report on July 25.

Stake.com, an online cryptocurrency casino, announced the compromise of its ETH/BSC hot wallets, resulting in unauthorized transactions totaling over $41 million in stolen crypto.

The platform swiftly reassured its users about the safety of their funds, especially those not directly affected by the breach. However, during this period, some users reported being affected by the situation and experiencing difficulties depositing or withdrawing funds on Stake.com. 

This hack is attributed to the infamous North Korean threat group 'Lazarus,' recognized for its expertise in executing substantial cryptocurrency heists.

In July, Curve Finance experienced a series of breaches that resulted in hackers making off with $61 million from numerous trading pools. The hacker used reentrancy attacks to target stable pools running vulnerable versions of the Vyper programming language. 

Following an initial exploit on July 30, news of the vulnerability quickly spread, leading to multiple seemingly unrelated hackers exploiting various Curve trading pools in the following hours.

As a result of this exploit, vulnerabilities within various DeFi projects were exposed.

In June, a cybercriminal siphoned off a staggering $100 million in cryptocurrency from users of Atomic Wallet, a non-custodial crypto wallet. The breach impacted a minimum of 5,500 cryptocurrency accounts on the platform. 

Crypto analytics firms, including Elliptic, later traced the theft to the Lazarus Group, a North Korean cybercriminal organization notorious for stealing billions in cryptocurrency through multiple incidents.

Despite initial attributions of the attack to Lazarus, recent assertions have raised the possibility of another perpetrator being involved. In the aftermath of the attack, the company faced a class-action lawsuit for handling the incident.

On July 6, the cross-chain bridge protocol Multichain encountered a major incident that bore the hallmarks of a hack or rug pull. The total cryptocurrency withdrawal from Multichain exceeded $125 million, with a significant portion of approximately $120 million stemming from the Fantom bridge on Multichain.

The assailant executed a withdrawal of $666,000 from the Dogecoin bridge, causing an 85% depletion of the overall deposits. Simultaneously, $6.8 million was withdrawn from the Moon River bridge, comprising assets in USDC and Tether. 

This prompted crypto research firm Chainalysis to label it one of the biggest crypto thefts in recorded history.

Euler Finance, a lending protocol, experienced a cryptocurrency flash loan attack last Sunday, resulting in the theft of $197 million across various digital assets.

This cryptocurrency heist encompassed a range of tokens, including $8.75 million worth of DAI, $33.85 million in USDC, $18.5 million in WBTC, and a substantial $135.8 million in stETH.

Notably, the attacker later returned a significant portion of the stolen assets. In a curious twist, DL News interviewed an individual who claimed to be the hacker in July, alleging imprisonment in a Parisian prison.

The bitcoin market may appear like a risky investment if you are inexperienced. Securing assets from thieves without a standard and regulatory authority on these new blockchain platforms can be complex.

Furthermore, given the frequency of new ecosystems, anyone could become a target of a crypto theft from a network that has rushed its product to market without plugging any known flaws in its smart contracts. But regrettably, scams and hacks will continue to occur.

This article was written in cooperation with fortismedia