January 2023 started off the new year relatively quietly in terms of DeFi hacks. While a few large hacks occurred against DeFi protocols, many of the most significant hacks targeted individuals.
January 2023 DeFi Hacks Recap
Normally, attacks against major DeFi projects are the ones that make headlines. However, in 2023, many of the biggest attacks were against individuals instead of projects. Some of the people in the crypto space that were targeted in January 2023 include the following:
- Kevin Rose
- NFT God
- Nikhil Gopalani
- CryptoNovo
- Luke Dashjr
In January 2023, MetaMask also reported a new attack vector in which cybercriminals take advantage of laziness when copy-pasting addresses. Learn more about these address poisoning attacks in our blog.
The LendHub Hack
While major DeFi hacks were rarer in January 2023, they were not non-existent. An attack against LendHub exploited a failure to disable a deprecated IBSC token contract when replacing it, which caused two versions of the token to be live at once. The attacker exploited discrepancies between the two tokens’ liability calculations to steal about $6 million from the project.
Protecting Against DeFi Attacks
Most months, the leading DeFi hacks exploit vulnerabilities in smart contracts. However, in January 2023, all of the major hacks involved either personal wallet security or the exploitation of poor security practices when upgrading smart contracts.
An effective cybersecurity strategy is one that considers all potential areas of risk to a project and its users. If you’re planning to release or upgrade a DeFi project, reach out to our Web3 security experts at halborn@protonmail.com for help with ensuring a secure rollout.