Ad
Markets
Share this article

Crypto Hacks and Exploits Cost Traders $303M in July; Worst Month of 2023

Some $52 million of assets were siphoned from Curve Finance just this weekend.

Updated Aug 2, 2023, 3:19 p.m. Published Jul 31, 2023, 1:44 p.m.
Computer Hacking Hackers (Shutterstock)
Computer Hacking Hackers (Shutterstock)
  • Crypto investors suffered $303 million of losses from exploits and hacks in July, the worst month of the year.
  • Exploits of Curve Finance and Multichain were the latest reminders of vulnerabilities in decentralized finance.

Crypto traders have lost $303 million worth of digital assets in cryptocurrency exploits and hacker attacks this month, security audit firm CertiK tweeted, putting July on track to be the worst month this year so far in terms of stolen value.

The report comes as decentralized finance (DeFi) investors are still reeling from this weekend’s exploit of decentralized exchange Curve Finance, a key infrastructure in the DeFi ecosystem. Since Sunday, Certik confirmed some $52 million in digital assets as having been siphoned from the protocol using a vulnerability in some versions of the popular smart contract coding language Vyper.

Earlier this month, roughly $125 million of assets were drained from blockchain bridging protocol Multichain. The platform then shuttered operations and said that Chinese authorities had detained chief executive Zhaojun in May.

Ari Redbord, head of legal and government affairs of blockchain intelligence firm TRM Labs, said in a CoinDesk TV interview in May that DeFi protocols are the most vulnerable parts of the crypto ecosystem, adding that exploits are still happening at an "unprecedented" speed and scale.

Read more: 6 Kinds of Crypto Scams and How to Avoid Them

Of the $303 million this month, investors lost about $285 million in exploit attempts and hacks including the Multichain and Curve attacks, per CertiK’s data. Roughly $8.7 million of assets were drained abusing flash loans. This is a sophisticated exploit venue that lets traders borrow unsecured funds using smart contracts instead of third parties. These types of loans are legal, but attackers sometimes use them to manipulate the price of smaller, less liquid tokens for gains. The most notable example was DeFi protocol Conic Finance being drained of 1,700 ether (ETH), worth $3.26 million at the time, using flash loans.

Exit scams cost investors about $8.6 million. Otherwise known as “rug pulls,” these cons consist of developers hyping up a new project to raise money then draining liquidity.

Krisztian Sandor

Krisztian Sandor recently graduated from NYU's business and economic reporter program as a Fulbright fellow and worked with Reuters and Forbes previously. Originally from Budapest, Hungary, he is now based in New York. He holds BTC and ETH.

picture of Krisztian  Sandor