September 2023 Marks Record-High Crypto Exploits with $329 Million Stolen: Report

Hassan Shittu
Last updated: | 2 min read
Source: Pixabay

On September 30, CertiK confirmed that a total of approximately $332 million had been lost to various exploits, hacks, and scams throughout September.

September 2023 has emerged as the most concerning month for crypto-related exploits, as reported by CertiK. In September, the crypto space witnessed various types of incidents. Exit scams accounted for around $1.9 million in losses, while flash loans led to losses of approximately $400,000. The most significant contributor to the month’s total, however, was exploits, which amounted to roughly $329.8 million in losses.

One notable event was the Mixin Network attack on September 23. The Hong Kong-based decentralized cross-chain transfer protocol suffered a substantial breach, resulting in a loss of $200 million due to a breach of its cloud service provider.

Another major incident occurred on September 12, when CoinEx, a cryptocurrency exchange, experienced a suspected attack following a substantial outflow from four of its hot wallets. This breach led to losses exceeding $53.1 million across the hot wallets.

Additionally, on September 4, stake.com experienced an attack resulting in a loss of $41 million. During this incident, different cryptocurrencies worth that amount were received by an account before being distributed to multiple addresses.

September Records Several Crypto Incidents, Contributing to Yearly Losses of Over $1.34 Billion

September also saw several other major incidents in the crypto space. A phishing incident resulted in a loss of $24.2 million, while HTX Global experienced a loss of $7.9 million. Additionally, entrepreneur Mark Cuban reported a personal loss of $900,000 during the month.

In August, losses amounted to $45 million in digital assets, bringing the year-to-date total to $997 million. Notably, July was the second-highest month for exploit losses, accounting for $285.8 million pilfered. This brings the total lost in 2023 to exploits, scams, and hacks to a staggering $1.34 billion.

Additionally, a report from BeosinAlert highlights that losses stemming from hacks, phishing scams, and rug pulls in the Web3 sector reached an alarming total of $889.26 million in Q3 2023. This quarterly figure surpasses the combined losses from the initial two quarters, amounting to $330 million in Q1 and $333 million in Q2.

Lazarus Group, Linked to North Korea, Blamed for Multiple High-Value Crypto Attacks in 2023

Reports indicate that the Lazarus Group, a North Korean hacking collective, has been responsible for most of the recent crypto-related attacks in 2023, including the stake.com attack and the CoinEx exchange hack. Other attacks attributed to the group include the $620 million theft from Sky Mavis’ Ronin Bridge, a $100 million theft from Harmony’s Horizon Bridge, and a $100 million theft from Atomic Wallet.

According to the US government, approximately half of North Korea’s funding for its missile program comes from cybercrime and crypto theft. Efforts are ongoing to understand how a nation like North Korea is so adept at cybercrime and crypto-related activities.

Data from Dune Analytics suggests that the group currently holds approximately $45.6 million in crypto assets. Additionally, a report from institutional crypto platform provider 21.co reveals that wallets linked to the Lazarus Group contain around 1,600 Bitcoin, 10,810 Ether (ETH), and 64,490 Binance Coin (BNB), totaling $47 million in cryptocurrency. This data was compiled from a Dune Analytics dashboard tracking 295 wallets identified by the US government as belonging to the Lazarus Group.

Notably, the amount of crypto held by the group has decreased from the $86 million it held on September 6, shortly after the Stake.com hack in which Lazarus was implicated.