$119M in Stolen Crypto So Far in 2023, NFT Rug Pulls on the Rise: Crystal Blockchain

The year is young but so far in 2023 hackers have stolen $119 million in crypto in 19 breaches, Crystal Blockchain says in a new report, which includes data ranging from the Mt. Gox crypto exchange hack in 2011 to Feb. 18, 2023.

The biggest DeFi hack so far this year was February's of Bonq DAO, a decentralized borrowing protocol. Hackers compromised the protocols’ smart contract and manipulated the price of allianceBlock tokens, draining about $88 million of crypto out of the protocol.

The second-largest DeFi-related attack was on the Platypus Finance protocol, which issues the stablecoin USP. A flash loan attack in February led to the stablecoin depegging and a loss of about $9 million in funds by users. However, unlike many similar incidents, this one ended relatively well: The protocol was able to partly refund users and the investigators tracked down the hackers’ wallets to the Binance exchange, found out who they were and arrested two people in France.

Read more: Anna Baydakova - Coins of War: How Crypto Keeps Feeding Russia's War Despite Sanctions

The report noted that in the single biggest phishing attack so far this year, non-fungible token (NFT) collector Kevin Rose lost about $1 million worth of NFTs after his personal wallet was compromised in late January.

Most of the attacks have targeted vulnerabilities in the code and design of decentralized protocols, which reflects a larger trend in play since 2021: Decentralized finance (DeFi) has been much more popular among hackers than centralized exchanges (CEX).

DeFi protocols were hacked 13 times more than centralized ones in 2022, according to Crystal. The biggest was an attack on the Ronin cross-chain bridge in March 2022, in which $625 million worth of tokens were stolen.

Last year, $4.17 billion were stolen in 199 incidents, the firm said, a higher estimate than Chainalysis' data showing $3.8 billion stolen in 2022. With time, as more information about criminal activity emerges, these estimates may grow, Chainalysis said when it released the data in February.

Crystal also found a growing trend of NFT rug pull scams, when project founders disappear with users’ funds. In 2022, 48 such scams occurred, 41 of them pulled off in the second half of the year, the report says.

Since 2011, more than $16.7 billion worth of cryptocurrency has gone missing in various hacks and scams. U.S.-based companies and projects appear to be targeted most often. But China is home to the most value lost to scams, with $2.25 billion stolen in 2019 from investors in the infamous PlusToken Ponzi scheme and $1.1 billion swindled by the WoToken scam in 2020, Crystal says.