
Facing the Dark Forest: The Top 10 Web3 Thefts of 2023
TechFlow Selected TechFlow Selected

Facing the Dark Forest: The Top 10 Web3 Thefts of 2023
In 2023, crypto assets lost due to hacking attacks dropped to $1.7 billion, a more than 50% decrease year-on-year.
Author: Tyler Pearson, DL News Researcher
Translation: Web3CN
The good news is: the value of crypto assets lost to hacks in 2023 dropped by more than 50%, falling to $1.7 billion.
The bad news is: it's still a very large number, and the frequency of attacks (160 major hacks) was roughly the same as in 2022.

Smaller "Harvests" for Hackers
Ari Redbord, head of global policy and government affairs at TRM Labs—which provided data to DL News—said cybercriminals' smaller hauls were “likely due to law enforcement actions and better compliance controls, not a downturn in the crypto market.”
According to DefiLlama data, despite intensified efforts against hackers, security breaches continued into year-end, with OKX DEX suffering an attack on December 13, 2023, losing around $2.7 million.
Since we published our list of hacks following the $43 million Stake.com hack in September last year, five additional major hacks have occurred—each large enough to push the Stake.com breach from fifth to tenth place on the list.
Read on to see the top 10 largest cryptocurrency hacks of 2023 (note: all months referenced are in 2023).
1. Mixin Network: $200 million
In September, hackers stole $200 million from user accounts on Hong Kong-based exchange Mixin.
After the attack, DL News reported scrutiny from several industry insiders who found the incident suspicious, partly because Mixin lacked a cold wallet to secure customer funds.
Mixin founder Feng Xiaodong pledged to reimburse customers for half their losses. Some token deposits and withdrawals have resumed, but Mixin’s full compensation plan remains unclear.
2. Euler Finance: $197 million
Lending protocol Euler Finance was attacked in March, with attackers stealing nearly $197 million by exploiting a vulnerability in Euler’s donation function contract. However, most of the stolen funds were later returned.
3. Multichain: $126 million
Cross-chain bridge protocol Multichain was hacked in July when the project’s private keys were compromised. At the time, blockchain research firm Chainalysis called it “one of the largest cryptocurrency hacks in history.”
4. Poloniex: $126 million
In November, hackers stole $126 million from cryptocurrency exchange Poloniex. Withdrawals were frozen immediately after the theft.
DL News reported that Justin Sun, the actual owner of Poloniex, planned to provide victims with an “epic airdrop” of tokens as compensation for the hack.
Poloniex resumed deposit and withdrawal services for multiple assets on December 5.
5. Atomic Wallet: $100 million
In June, Atomic Wallet users suffered a hack resulting in $100 million in losses.
Analysts blamed the Lazarus Group, linked to North Korea, for the attack. Angry investors subsequently filed a class-action lawsuit against Atomic Wallet.
6. Heco Chain: $87 million
Similar to the November Poloniex hack, attackers compromised the hot wallet on Heco Chain.
Due to its relationship with HTX, which itself lost $12 million in the hack, HTX investor Justin Sun included Heco Chain in his compensation pledge to hack victims.
7. Curve Finance: $62 million
DeFi protocol Curve Finance suffered multiple attacks, with hackers stealing nearly $62 million from various liquidity pools.
The attacks originated from an initial vulnerability that allowed several seemingly unrelated hackers to drain funds from multiple Curve pools.
8. CoinEx: $55 million
In September, CoinEx lost $55 million to a hack, which the exchange attributed to “abnormal withdrawals” on its platform.
CoinEx froze withdrawals for several weeks and promised customer reimbursements. The exchange later blamed the breach on a leaked private key that gave attackers access to its hot wallet.
9. KyberSwap Elastic: $48 million
In November, while HTX and Poloniex were being hacked, an attacker carried out an unusually sophisticated assault on the multi-chain aggregator KyberSwap Elastic.
The attacker then posted a bizarre ultimatum on the Etherscan block explorer, demanding control over the protocol.
10. Stake.com: $41 million
Online crypto casino and sports betting platform Stake.com was hacked in September. “The financial loss is certainly not negligible, but the attack did not significantly impact Stake’s operations,” co-founder Edward Craven said after the incident.
The U.S. Federal Bureau of Investigation (FBI) later attributed the attack to Lazarus, a North Korea-linked cybercrime group.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














