Since the start of 2023, a disheartening tally of 49 crypto theft cases has been reported. Leading the trend are the cunning culprits behind smart contract exploits, leaving a trail of chaos and destruction behind them – an astonishing 17 attacks have been reported so far.
BonqDAO is a decentralized, non-custodial platform that lets users take out a loan against their own tokens. Hackers compromised the Bonq protocols’ smart contracts to change the price of AllianceBlock’s $ALBT tokens. The attack led to a loss of around $120 million. This kind of attack is known as an oracle manipulation attack; they’re used to rapidly increase the price of a token by growing the trading volume of low-liquidity tokens.
Again, in February this year, LianGoPay fell victim to a smart contract attack but this time the scammer gained access using a private key. The attack started a month before the money was stolen by using two addresses with similar numbers to confuse traders. The attacker was able to take $1.6 million. The cause of this attack was likely due to private keys being leaked. It isn’t the first time crypto has been stolen from losing a private key, and it won’t be the last. It points to the need for private key security and using a third party can help you safely store your private keys, preventing them from attacks.
Amongst the many audacious strategies employed by fraudsters, flash loan attacks have emerged as a fearsome weapon in the first quarter of 2023. A flash loan allows users to borrow crypto without providing collateral or credit score, provided they pay back the loan within the same blockchain transaction. When a flash loan attack happens, the attacker manipulates the price of a cryptocurrency by taking out a large sum of crypto using a flash loan. Unfortunately, lending platforms are vulnerable to these attacks and can have a hard time protecting themselves.
In February, Platypus Finance fell victim to a flash loan attack causing a loss of $8.5 million worth of assets. In a rare turn of events, however, this incident ended with some hope in all the chaos. The protocol successfully managed to partially reimburse victims, while investigators diligently traced the hackers' wallets back to the Binance exchange. Subsequently, the identities of the perpetrators were revealed, leading to the arrest of two individuals in France.
The largest flash loan attack ever recorded happened in March 2023 against Euler Finance. The attacker managed to steal $197 million and which also resulted in losses for another 11 additional DeFi protocols. Fortunately, Euler Finance was able to convince the attacker to return 90% of the stolen funds by tempting them with a deal of $19.6 million.
Not all attacks in 2023 have been as sophisticated as flash loan attacks. In a rug pull attack, also known as an exit scam, fraudsters use social media as a powerful marketing tool for pumping a particular cryptocurrency. Then, once the currency has reached a certain value, scammers drain the currency's liquidity pool, investors then lose their funds. These attacks can be ruthless as social media influencers who have little to no knowledge of how the DeFi space works can easily manipulate trusting followers.
In May alone, over $45 million has been lost to rug pull attacks in six separate incidents. Scams like this show why investors should always do their due diligence before investing. The largest rug pull scam to happen in May 2023 was on a lending protocol called Fintoch. The team behind the attack were able to vanish with $31.6 million worth of investor funds. By exploiting the trust of their victims, scammers tempted investors with a false promise of a daily one percent return on investment. Another false endorsement claimed that the scheme was backed by a trusted financial service firm, Morgan Stanley.
These stories of crypto scams already in 2023 serve as stark reminders of the ever-present risks in the digital landscape. The proof is in the past, investors must exercise due diligence, conduct thorough research before investing and always remain vigilant to protect themselves from fraudsters. If you’d like to learn more about how you can protect your and your customers’ digital assets from hacks and scams, contact our team today.