Crypto heists increased in volume by 42% in 2023, with 283 incidents, according to an analysis by consumer awareness firm Comparitech.
This compares to 199 crypto theft incidents in 2022. However, the total monetary value stolen in 2023 fell by 51% in 2022, from $3.55bn to $1.75bn.
Worryingly, $16.93m of crypto has already been stolen in 2024 as of January 15. This is double the $8.37m stolen throughout January 2023.
The Comparitech research also found that the number of rug pulls and scams carried out in 2023 declined by 25% compared to 2022, from 365 to 273. The value of cryptocurrency lost in these scams also fell by half in the same period, from $1.2bn in 2022 to $656m in 2023.
Rug pulls are incidents where the founders of new crypto tokens or non-fungible tokens (NFTs) pull out before the project is fully built. Exit scams from longer running and more established projects. Scams cover incidents like Ponzi schemes, honeypots and impersonations of other coins.
One factor that may explain the significant reduction in crypto money stolen is the fall in the value of decentralized finance (DeFi) last year.
Crypto Heists and Scam Trends
The three biggest crypto heists and rug pulls/scams in 2023 were the following:
- Mixin Network - $200m: This followed a compromise of Mixin’s cloud service provider database in September 2023.
- Euler Finance - $197m: Threat actors stole the funds from Euler’s DeFi lending protocol after exploiting a vulnerability in its code in March 2023.
- JPEX - $192m: This theft occurred following a crypto scam involving an unlicensed platform in Hong Kong.
The researchers noted that attacks on DeFi platforms made up 51% of crypto heists last year. This was followed by hacks on individual cryptocurrencies (30%).
Overall, a total of $27bn has been lost in crypto heists, rug pulls and scams to date across all years.
Rebecca Moody, Head of Data Research at Comparitech, noted that some of the biggest crypto thefts have occurred via private key compromises.
“This highlights the ongoing vulnerabilities of crypto platforms and how some platforms that advertise themselves as being ‘decentralized’ do in fact have a centralized storage system for private keys,” she said.
Separate research published by Comparitech on January 15 found that ransomware attacks on US government organizations cost over $860m in downtime, with potentially more than 250 million people impacted during the period January 2018 to December 2023.