$119M in Stolen Crypto So Far in 2023, NFT Rug Pulls on the Rise: Crystal Blockchain

DeFi protocols have been hackers’ favorite targets since 2021. Now hackers are preying on NFT projects, a blockchain intelligence firm says.

AccessTimeIconMar 24, 2023 at 2:49 p.m. UTC
Updated Mar 24, 2023 at 5:30 p.m. UTC

The year is young but so far in 2023 hackers have stolen $119 million in crypto in 19 breaches, Crystal Blockchain says in a new report, which includes data ranging from the Mt. Gox crypto exchange hack in 2011 to Feb. 18, 2023.

The biggest DeFi hack so far this year was February's of Bonq DAO, a decentralized borrowing protocol. Hackers compromised the protocols’ smart contract and manipulated the price of allianceBlock tokens, draining about $88 million of crypto out of the protocol.

The second-largest DeFi-related attack was on the Platypus Finance protocol, which issues the stablecoin USP. A flash loan attack in February led to the stablecoin depegging and a loss of about $9 million in funds by users. However, unlike many similar incidents, this one ended relatively well: The protocol was able to partly refund users and the investigators tracked down the hackers’ wallets to the Binance exchange, found out who they were and arrested two people in France.

The report noted that in the single biggest phishing attack so far this year, non-fungible token (NFT) collector Kevin Rose lost about $1 million worth of NFTs after his personal wallet was compromised in late January.

Most of the attacks have targeted vulnerabilities in the code and design of decentralized protocols, which reflects a larger trend in play since 2021: Decentralized finance (DeFi) has been much more popular among hackers than centralized exchanges (CEX).

DeFi protocols were hacked 13 times more than centralized ones in 2022, according to Crystal. The biggest was an attack on the Ronin cross-chain bridge in March 2022, in which $625 million worth of tokens were stolen.

Last year, $4.17 billion were stolen in 199 incidents, the firm said, a higher estimate than Chainalysis' data showing $3.8 billion stolen in 2022. With time, as more information about criminal activity emerges, these estimates may grow, Chainalysis said when it released the data in February.

Crystal also found a growing trend of NFT rug pull scams, when project founders disappear with users’ funds. In 2022, 48 such scams occurred, 41 of them pulled off in the second half of the year, the report says.

Since 2011, more than $16.7 billion worth of cryptocurrency has gone missing in various hacks and scams. U.S.-based companies and projects appear to be targeted most often. But China is home to the most value lost to scams, with $2.25 billion stolen in 2019 from investors in the infamous PlusToken Ponzi scheme and $1.1 billion swindled by the WoToken scam in 2020, Crystal says.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Anna Baydakova

Anna Baydakova was CoinDesk's investigative reporter with a special focus on Eastern Europe and Russia. Anna owns BTC and an NFT.