Rob Behnke
October 3rd, 2023
September 2023 saw several hacks of blockchain protocols with values of over $1 million. However, this month was dominated by security incidents involving compromised private keys rather than exploits of vulnerable smart contracts and other attacks.
Most of the smart contract hacks with over $1 million in value in September 2023 involved the theft of private keys. With control over these keys, an attacker could transfer assets out of the project’s wallets to attacker-controlled addresses.
Some of the major DeFi thefts involving private keys include:
CoinEx: CoinEx suffered a hot wallet hack in which the attacker was able to steal an estimated $54 million from the exchange.
HTX: Huobi Global, now HTX, suffered a hot wallet hack in which the attacker stole nearly 5k ETH worth $7.9 million.
Mixin Network: The largest DeFi hack of 2023 to date involved the theft of an estimated $200 million, likely due to compromised private keys exposed when the project’s cloud provider was hacked.
Remitano: A $1.4 million hack of Remitano was caused by a third-party data breach that enabled the attacker to steal cryptocurrency from the protocol.
Stake.com: A hack likely caused by compromised private keys enabled $41 million to be stolen from the crypto-based betting platform.
The Milady protocol suffered a $1 million hack in September 2023. This attack was performed by a malicious insider — a former developer — who took advantage of the Bonkler experimental finance art project managed by the protocol’s DAO. By using this protocol, the attacker was able to steal $1 million from the protocol. They also took over many of the project’s social media accounts.
September 2023 was a lesson in private key management. Several large-scale hacks — including the most expensive hack of 2023 to date — were performed by attackers who stole private keys and used them to steal value from a protocol.
Storing cryptocurrency in a hot wallet — especially one managed by a single private key — places it at risk. To learn more about protecting digital assets, check out our blog article on Hot Wallets vs. Cold Wallets.