Join ACCESS EU, the first-of-its-kind digital assets security and DLT summit
JUNE 7TH, 2024 @ EURONEXT AMSTERDAM ⟶
Halborn Logo

// Blog

Month in Review

Month in Review: Top DeFi Hacks of September 2023


profile

Rob Behnke

October 3rd, 2023


September 2023 saw several hacks of blockchain protocols with values of over $1 million. However, this month was dominated by security incidents involving compromised private keys rather than exploits of vulnerable smart contracts and other attacks.

Compromised Private Keys

Most of the smart contract hacks with over $1 million in value in September 2023 involved the theft of private keys. With control over these keys, an attacker could transfer assets out of the project’s wallets to attacker-controlled addresses. 

Some of the major DeFi thefts involving private keys include:

  • CoinEx: CoinEx suffered a hot wallet hack in which the attacker was able to steal an estimated $54 million from the exchange.

  • HTX: Huobi Global, now HTX, suffered a hot wallet hack in which the attacker stole nearly 5k ETH worth $7.9 million.

  • Mixin Network: The largest DeFi hack of 2023 to date involved the theft of an estimated $200 million, likely due to compromised private keys exposed when the project’s cloud provider was hacked.

  • Remitano: A $1.4 million hack of Remitano was caused by a third-party data breach that enabled the attacker to steal cryptocurrency from the protocol.

  • Stake.com: A hack likely caused by compromised private keys enabled $41 million to be stolen from the crypto-based betting platform.

The Milady Hack

The Milady protocol suffered a $1 million hack in September 2023. This attack was performed by a malicious insider — a former developer — who took advantage of the Bonkler experimental finance art project managed by the protocol’s DAO. By using this protocol, the attacker was able to steal $1 million from the protocol. They also took over many of the project’s social media accounts.

Lessons Learned from the Attacks

September 2023 was a lesson in private key management. Several large-scale hacks — including the most expensive hack of 2023 to date — were performed by attackers who stole private keys and used them to steal value from a protocol.

Storing cryptocurrency in a hot wallet — especially one managed by a single private key — places it at risk. To learn more about protecting digital assets, check out our blog article on Hot Wallets vs. Cold Wallets.