Original author: Poopman, Original translation: Kxp, BlockBeats
Every year, the crypto field suffers from over 100 hacker attacks, resulting in personal losses exceeding $200 million. This number has made us more alert and given us a valuable lesson. To better understand these incidents, I have compiled a list called “The Five Biggest Attacks and Hacks of 2023,” and I will introduce each of the victims below.
1. Euler Finance – $197 million
In March of this year, Euler Finance suffered a hacker attack, becoming the largest attack event of 2023, with losses as high as $197 million. The attack was caused by defects in the donation and settlement logic. The attacker borrowed a large amount of eDAI/dDAI from Euler through a flash loan, and used these borrowed eDAI to donate to Euler for settlement, greatly affecting the exchange rate, resulting in a hacker attack. PeckShield Inc. has made a detailed analysis of this attack process. Be sure to read his tweet.
- Midas Capital suffers another attack, with losses exceeding $600,000.
- Understanding SCAC: The Ultimate Conflict of Smart Contracts
- AC Capital: Comparison Analysis of RWA On-Chain Lending Projects
2. Atomic Wallet – $35 million
Just 11 days ago, Atomic Wallet suffered a hacker attack worth $35 million. The stolen funds were converted to Bitcoin and sent to a mixer called “http://Sinbad.io,” which is often used by the notorious North Korean hacker organization “Lazarus Group.” Although the exact attack method is not yet clear, I still recommend Tay’s investigation.
3. Yearn Finance – $11.54 million
Two months ago, Yearn Finance also suffered a hacker attack worth $11.54 million due to an error in the configuration of the flash loan. The attacker used flash loans to change the balance and monopolize the Curve pool, exchanging stable coins at an obviously imbalanced price. If you want to learn more details, you can check out OtterSec’s tweet for more detailed investigation results.
4. MyAlgo – $9.2 million
Due to an attacked Cloudflare key, MyAlgo users’ encrypted assets lost more than $9.2 million. The root cause is not yet clear, but ZachXBT has provided a good overview of the general situation in his tweet.
5. Safemoon – $8.9 million
Due to an obvious error in the smart contract, a cryptocurrency worth over $8.9 million was attacked by hackers. The attacker took advantage of the burn function in the Safemoon contract to destroy SFM tokens and increase their price as the supply decreased. The attacker then dumped all the SFM at a high price into the WBNB-SFM LP pool, draining the entire WBNB pool. DeFi Mark provided a good explanation of the situation.
In summary, many attacks over $10 million in 2023 were caused by oracle and smart contract vulnerabilities. Interestingly, zkSync experienced the most exit scams in 2023.