$119M in Stolen Crypto So Far in 2023, NFT Rug Pulls on the Rise: Crystal Blockchain

DeFi protocols have been hackers’ favorite targets since 2021. Now hackers are preying on NFT projects, a blockchain intelligence firm says.

AccessTimeIconMar 24, 2023 at 2:49 p.m. UTC
Updated Mar 24, 2023 at 5:30 p.m. UTC

The year is young but so far in 2023 hackers have stolen $119 million in crypto in 19 breaches, Crystal Blockchain says in a new report, which includes data ranging from the Mt. Gox crypto exchange hack in 2011 to Feb. 18, 2023.

The biggest DeFi hack so far this year was February's of Bonq DAO, a decentralized borrowing protocol. Hackers compromised the protocols’ smart contract and manipulated the price of allianceBlock tokens, draining about $88 million of crypto out of the protocol.

The second-largest DeFi-related attack was on the Platypus Finance protocol, which issues the stablecoin USP. A flash loan attack in February led to the stablecoin depegging and a loss of about $9 million in funds by users. However, unlike many similar incidents, this one ended relatively well: The protocol was able to partly refund users and the investigators tracked down the hackers’ wallets to the Binance exchange, found out who they were and arrested two people in France.

The report noted that in the single biggest phishing attack so far this year, non-fungible token (NFT) collector Kevin Rose lost about $1 million worth of NFTs after his personal wallet was compromised in late January.

Most of the attacks have targeted vulnerabilities in the code and design of decentralized protocols, which reflects a larger trend in play since 2021: Decentralized finance (DeFi) has been much more popular among hackers than centralized exchanges (CEX).

DeFi protocols were hacked 13 times more than centralized ones in 2022, according to Crystal. The biggest was an attack on the Ronin cross-chain bridge in March 2022, in which $625 million worth of tokens were stolen.

Last year, $4.17 billion were stolen in 199 incidents, the firm said, a higher estimate than Chainalysis' data showing $3.8 billion stolen in 2022. With time, as more information about criminal activity emerges, these estimates may grow, Chainalysis said when it released the data in February.

Crystal also found a growing trend of NFT rug pull scams, when project founders disappear with users’ funds. In 2022, 48 such scams occurred, 41 of them pulled off in the second half of the year, the report says.

Since 2011, more than $16.7 billion worth of cryptocurrency has gone missing in various hacks and scams. U.S.-based companies and projects appear to be targeted most often. But China is home to the most value lost to scams, with $2.25 billion stolen in 2019 from investors in the infamous PlusToken Ponzi scheme and $1.1 billion swindled by the WoToken scam in 2020, Crystal says.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Anna Baydakova is an investigative reporter with a special focus on Eastern Europe and Russia. Anna owns BTC and an NFT.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.