September 2023 Marks Record-High Crypto Exploits with $329 Million Stolen: Report
On September 30, CertiK confirmed that a total of approximately $332 million had been lost to various exploits, hacks, and scams throughout September.
#CertiKStatsAlert 🚨
— CertiK Alert (@CertiKAlert) September 30, 2023
Combining all the incidents in September we’ve confirmed ~$332M lost to exploits, hacks and scams.
Exit scams were ~$1.9M
Flash loans were ~$0.4M
Exploits were ~$329.8M
See more details below 👇 pic.twitter.com/DMFN9LWU8V
September 2023 has emerged as the most concerning month for crypto-related exploits, as reported by CertiK. In September, the crypto space witnessed various types of incidents. Exit scams accounted for around $1.9 million in losses, while flash loans led to losses of approximately $400,000. The most significant contributor to the month’s total, however, was exploits, which amounted to roughly $329.8 million in losses.
One notable event was the Mixin Network attack on September 23. The Hong Kong-based decentralized cross-chain transfer protocol suffered a substantial breach, resulting in a loss of $200 million due to a breach of its cloud service provider.
Another major incident occurred on September 12, when CoinEx, a cryptocurrency exchange, experienced a suspected attack following a substantial outflow from four of its hot wallets. This breach led to losses exceeding $53.1 million across the hot wallets.
Additionally, on September 4, stake.com experienced an attack resulting in a loss of $41 million. During this incident, different cryptocurrencies worth that amount were received by an account before being distributed to multiple addresses.
September Records Several Crypto Incidents, Contributing to Yearly Losses of Over $1.34 Billion
September also saw several other major incidents in the crypto space. A phishing incident resulted in a loss of $24.2 million, while HTX Global experienced a loss of $7.9 million. Additionally, entrepreneur Mark Cuban reported a personal loss of $900,000 during the month.
In August, losses amounted to $45 million in digital assets, bringing the year-to-date total to $997 million. Notably, July was the second-highest month for exploit losses, accounting for $285.8 million pilfered. This brings the total lost in 2023 to exploits, scams, and hacks to a staggering $1.34 billion.
The total losses from hacks, phishing scams, and rug pulls in Web3 reached $889.26 million in Q3 2023.
— Beosin Alert (@BeosinAlert) September 27, 2023
Losses in Q3 even exceeded the combined sum of the first two quarters ($330 million in Q1 and $333 million in Q2).
Read the full pdf version of Q3 2023 Global Web3 Security… https://t.co/aoPWOrRBeZ pic.twitter.com/5f3uYpG27e
Additionally, a report from BeosinAlert highlights that losses stemming from hacks, phishing scams, and rug pulls in the Web3 sector reached an alarming total of $889.26 million in Q3 2023. This quarterly figure surpasses the combined losses from the initial two quarters, amounting to $330 million in Q1 and $333 million in Q2.
Lazarus Group, Linked to North Korea, Blamed for Multiple High-Value Crypto Attacks in 2023
Reports indicate that the Lazarus Group, a North Korean hacking collective, has been responsible for most of the recent crypto-related attacks in 2023, including the stake.com attack and the CoinEx exchange hack. Other attacks attributed to the group include the $620 million theft from Sky Mavis’ Ronin Bridge, a $100 million theft from Harmony’s Horizon Bridge, and a $100 million theft from Atomic Wallet.
According to the US government, approximately half of North Korea’s funding for its missile program comes from cybercrime and crypto theft. Efforts are ongoing to understand how a nation like North Korea is so adept at cybercrime and crypto-related activities.
Data from Dune Analytics suggests that the group currently holds approximately $45.6 million in crypto assets. Additionally, a report from institutional crypto platform provider 21.co reveals that wallets linked to the Lazarus Group contain around 1,600 Bitcoin, 10,810 Ether (ETH), and 64,490 Binance Coin (BNB), totaling $47 million in cryptocurrency. This data was compiled from a Dune Analytics dashboard tracking 295 wallets identified by the US government as belonging to the Lazarus Group.
Notably, the amount of crypto held by the group has decreased from the $86 million it held on September 6, shortly after the Stake.com hack in which Lazarus was implicated.