Yesterday, TRM Labs released a report on crypto hacks in Q1 2023. The Web3 analytics company, which specializes in detecting and investigating financial crimes related to cryptocurrency, claims there were about forty cryptocurrency attacks in Q1 2023, resulting in a total loss of about $400 million.
The company compared this result with statistics from the first three months of 2022 and found a 70% decrease. Moreover, TRM Labs claims that victims of crypto exploits recovered more than half of all stolen funds during the studied period.
TRM Labs analyzed the situation in the cryptocurrency industry to find a possible explanation for the Q1 2023 statistics. Although the firm admits that there is no obvious reason for the dramatic decrease in attacks on cryptocurrency owners, it assumes that there might be certain connections to two major events from 2022.
The first occurred in August when a popular cryptocurrency mixer Tornado Cash was sanctioned by the US Treasury Department for its active involvement in laundering over 7 billion worth of cryptocurrency since its inception in 2019. Interestingly, Tornado Cash itself was hacked on May 21 by an attacker who gained 1,200,000 votes which gave the hacker full control over the crypto mixer’s tokens in the governance contract.
Another major event cited by TRM Labs as a possible factor that may be suppressing crypto exploiters' activity is the arrest of Avraham Eisenberg in December 2022. According to US authorities, Eisenberg was responsible for a $116 attack based on price manipulation which targeted Mango Markets, a Solana-based decentralized exchange.
Eisenberg, who returned some of the loot to avoid legal consequences, was nevertheless accused of violating provisions of security laws by the US Security and Exchange Commission (SEC). In addition, Mango Markets was not content with the funds it was able to recover from the exploiter and also sued him for the damages, estimated at $47 million plus interest.
"The industry has also seen the continued implementation of anti-money laundering standards by virtual asset service providers (VASPs), increased efforts by law enforcement and regulators to go after bad actors, and the growing sophistication of blockchain intelligence tools," TRM Labs mentions more factors that may have led to a fairly modest number of exploits in Q1 2023 compared to Q1 2022.
Although the Q1 2023 trend might seem optimistic, TRM Labs warns that "individual quarters offer poor predictions of how much money will be lost to hacks during the whole year," explaining that "the amount stolen and number of incidents in the first quarter of 2023 mirrors that of the third quarter of 2022. That was followed by a record-setting number of hacks that turned 2022 into a record year."
CertiK’s overview of crypto exploits in Q1 2023
CertiK, a leading smart-contract auditor and on-chain data analyst, released its quarterly Web3 security report, HACK3D, in early April.
The statistics provided by CertiK slightly differ from those provided by TRM Labs, as the company claims that the total amount of stolen funds in the first quarter of 2023 was $320,332,058. CertiK highlighted that the $197 million Euler Finance exploit was the largest incident in the first quarter of 2023 and accounted for more than 60% of all funds stolen during the first three months of 2023.
According to CertiK, the difference between the total amount of stolen funds in Q1 2022 and Q1 2023 is even greater, as $320.3 million is only a quarter of the $1.3 billion drained from victims in Q1 2022. CertiK also stressed that the last quarter of 2022 was much more profitable for hackers who were able to steal $950 million.
"90 exit scams stole $31,043,335 from their investors, while 52 flash loan/oracle manipulation exploits netted their exponents $222,963,863. The Euler incident pushed the average loss of flash loan exploits to $4,287,767, while exit scams averaged smaller per-incident losses of $344,925," CertiK provided detailed statistics on particular types of exploits.
Hacking dynamics in Q2 2023
Meanwhile, CoolWallet, the brand that provides a crypto hardware wallet for several cryptocurrencies including Bitcoin, Ethereum, and Litecoin, published an estimate of the largest crypto exploits that had happened by May 7, the day the report was published.
CoolWallet mentions the $23 million hack of The Bitrue Exchange, a security breach of Deus Finance that resulted in a $6 million loss, and the social engineering attack draining Trust Wallet of $4 million. In addition, CoolWallet notes a mysterious hacking attack in April that targeted early cryptocurrency investors and whales on Ethereum and ten other blockchains. The incident resulted in a total loss of $10 million.
Unfortunately, there have been more exploits since the publication of CoolWallet’s report, including the crypto exchange HitBTC impersonating scam, which helped attackers obtain over $15 million, as well as the attacks by scam vendor Inferno Drainer, which stole $5.9 million.