Since the emergence of blockchain technologies, the number of thefts, scams, and breaches of popular exchanges has been increasing year by year. Despite the improvement of methods to combat fraudsters and hackers, and the enhancement of payment security systems, cybercriminals are relentless. In response, they come up with new schemes for phishing and hacking crypto wallets and exchange accounts.
In this article, we'll discuss significant and interesting incidents in the cryptocurrency sphere in 2023.
Stay up-to-date with the latest affiliate marketing news, articles, guides, and case studies. Subscribe to our Telegram Channel today!
Overall figures for losses from hacks and fraud in the crypto industry in 2023
According to data from the analytical platform Chainalysis, in 2023, hackers stole over $1 billion using malware installed on users' PCs. This is almost twice the amount stolen compared to the previous year when the total damage from such actions amounted to $567 million.
Experts from the analytical platform Immunefi estimated that last year, hackers stole various tokens worth $1.8 billion. The monitoring by experts was based on counting all more or less noticeable hacks and scams in the crypto industry. Of these, 219 hacker attacks netted criminals $1.69 billion, with $103 thousand stolen from people's accounts by scammers in the process of another 100 incidents.
The most alarming month for crypto users was November, when major platforms lost $316.4 million due to exploits, and another $45.5 million was lost in the crypto lending sphere. Scam projects' activities brought their owners $1.1 million.
As statistics show, during platform hacks, 77.3% of attacks occurred in the decentralized finance sector (DeFi), while centralized platforms (CeFi) accounted for 22.7% of the total losses.
Top 5 crypto exchange hacks in 2023
Analyzing the blockchain-related criminal sphere, experts recall dozens of incidents. Let's look at major cases of exchange hacks by the amount of stolen funds.
Mixin Network
In September 2023, an announcement appeared on the official account of the Japanese instant transaction service Mixin Network on the X platform, reporting an attack on the project's database. As a result of the exploit, approximately $200 million was stolen.
During the investigation, conducted promptly by analysts from the PeckShield and Lookonchain projects, the fate of approximately $141 million of the stolen assets was traced. Of these, $93.5 million was withdrawn from the platform in ETH, $23.5 million in DAI, and $23.3 million in BTC.
Euler Finance
The second-largest case by the amount of stolen funds is related to the hack of the DeFi protocol of the Euler Finance platform, which operates in the cryptocurrency lending sphere. The amount of stolen assets totaled $197 million. During the investigation, it was revealed that USDC worth $33.6 million, WBTC worth $18.5 million, DAI worth $8.7 million, and stETH worth $116 million were stolen.
After the hack, the Euler (EUL) token's price dropped by 46% — from $6.14 to $3.29, and the project's market capitalization decreased from $98 million to $52 million.
PeckShield experts speculated that the theft became possible due to a flaw in the donation and liquidation system. Analysts from the blockchain project Elliptic later reported that the hackers laundered the stolen crypto through the sanctioned cryptocurrency mixer Tornado Cash.
Multichain
Another major hacked crypto platform is the cross-chain protocol Multichain. Capital outflows from the platform's inter-network router were first noticed by PeckShield specialists, and later Multichain owners announced that the project had been subjected to a hacker attack. The attack was successful, resulting in the theft of $126.3 million. This included 63.28 million USDC, 1.03 thousand wBTC, 7.21 thousand wETH, 4.95 million DAI, and 910.65 thousand UNIDX.
Technically, the hack appeared as a transfer of funds from the Fantom and Moonriver bridges. Therefore, the project's leaders appealed to users to revoke all permissions and confirmations associated with the protocol. Interestingly, in the first transaction, the perpetrator withdrew just $2 from Multichain Fantom, testing the vulnerability. Then, they transferred over $30 million to their account.
Poloniex
The popular exchange Poloniex was also hacked in November 2023. The incident resulted in a loss of $126 million, with a total of 19,314 ETH, 288M TRX, and 865 BTC being withdrawn.
This case is notable because immediately after the hack, the company's management reached out to the perpetrators with an offer to return the stolen funds, leaving 5% as a reward for themselves. However, they received no response.
BonqDAO
Last year, hackers breached the decentralized crypto lending protocol BonqDAO, using an unusual scheme. The perpetrators gained access to the project's price blockchain oracle and inflated the price of the AllianceBlock (ALBT) token. Subsequently, the crypto thieves minted a large number of Bonq Euro (BEUR) tokens and exchanged them for other tokens via the Uniswap exchange.
The losses amounted to $120 million. The day before the hack, the total value locked (TVL) in the protocol was $12.9 million; afterward, it plummeted to $201 thousand, and the ALBT price collapsed by 56%. Later, it was revealed that a portion of the stolen funds was laundered using the popular Ethereum mixer, Tornado Cash.
High-profile cryptocurrency scams in 2023
At the end of last year, the Internal Revenue Service (IRS) published a report detailing notorious cases of financial scams. Among them were fraudulent crypto projects whose schemes were thoroughly investigated in 2023.
OneCoin by Crypto Queen Ruja Ignatova
The story of this legendary crypto scam is somewhat typical for the entire blockchain-related scam sphere. The founder of the cryptocurrency company, Ruja Ignatova, launched OneCoin in 2014. A vibrant, charismatic, and strikingly beautiful woman from Bulgaria, Ignatova moved to Germany in the early 2000s and, after completing her studies at the University of Konstanz, defended her doctoral dissertation in legal studies. During that time, Ruja also worked at the renowned company McKinsey.
Before launching OneCoin, Ignatova had already been involved in another MLM project called BigCoin, where she essentially honed all fraudulent schemes. It was there, perhaps, that she met her future accomplice and likely lover, the Swede Sebastian Greenwood.
The happy Ruja together with her brother Alexander
In official statements, OneCoin always positioned itself as an educational project aimed at helping people improve their financial literacy and learn to earn with cryptocurrency. Its participants gained access to courses with general information about OneCoin along with a gift book, "Think and Grow Rich." Additionally, course buyers became owners of a virtual wallet with a small amount of digital units called "OneCoins."
The courses themselves were structured like typical pyramid schemes with multiple levels of involvement in the "treasure trove of knowledge." The cheapest level was priced at €110, while the highest level required a much more significant investment of €118 000. The more money a person spent, the more OneCoins they received in their wallet. OneCoin also had its own affiliate program, allowing participants to attract thousands of cryptocurrency-hungry individuals to the project. Referral rewards amounted to 10% of the newcomer's investment, and there were other network bonuses.
Moreover, Ignatova presented her own token as a tangible aid. From a legal standpoint, such presentation was bulletproof — the company was not liable for the actions of its participants with the calculation unit. However, this did not hinder the development of the "trading system" of OneCoin: the coin's price soared from €0.5 to €29.95 at its peak.
According to later FBI investigations, the project had over 3 million participants from 170 countries. From 2014 to 2016 alone, OneCoin Ltd earned €3.3 billion from its scheme. According to IRS estimates, the total amount of stolen funds may exceed €4 billion.
Surprisingly, the scam was not quickly exposed. In 2016, the charming, smiling Ruja, who called herself the Crypto Queen, gathered enthusiastic crowds of "investor" fans in stadiums across European cities. It was only in 2017 that law enforcement authorities seriously went after Ignatova and her accomplice Greenwood. And despite this, the pyramid scheme shifted to the Middle East, Africa, and India.
Only in 2023, after a thorough investigation of the activities of OneCoin Ltd, did the police apprehend and sentence Sebastian Greenwood to 20 years in prison, while the Crypto Queen remains in hiding to this day — some analysts believe Ignatova is hiding under a false name in Russia.
New Hampshire Satanic Syndrome or Crypto Six Project
The peculiar attraction of adherents of the non-traditional satanic "religion" to cryptocurrency operations has intrigued curious minds for several years in the case of the so-called Crypto Six project.
Communities such as the "Reformist Church of Satan," "Invisible Hand Church," "Church of Peace of New Hampshire," and "Crypto Church of New Hampshire" have thrived since 2016 in one of the American states. The activity of these diabolical religious cults is directly linked to the financial activities of their founders, who are closely connected: Ari DiMezzo, Ian Freeman, Andrew and Rene Spinella, as well as Richard Paul.
Transgender Satanist and crypto money launderer Ari DiMezzo
The project Crypto Six they created was not a classic cryptocurrency pyramid scheme, as the "devilish reformists" simply engaged in illegal business by exchanging bitcoins for fiat currency for a percentage. Essentially, Crypto Six was a typical money laundering scam that helped scammers, criminals, and drug dealers cash out crypto assets.
In 2021, all members of the satanic counterfeiting gang were arrested. After the investigation, it was revealed that during their activities, they laundered crypto assets totaling $10 million. The Spinellos and Richard Paul, a confessing couple, received minor punishments within the framework of the criminal case - supervised release for several years and fines.
The case of Ari DiMezzo and Ian Freeman, who stubbornly refused to confess, lasted longer. However, in April 2023, an American court sentenced DiMezzo to 18 months in prison, one year of early conditional release, and a fine of $5 000. Freeman's trial lasted even longer: as the leader of the entire project, he was sentenced to 96 months in prison and two years of probation.
Oyster Pearl — a cryptocurrency scam by an Invisible Man
The history of the Oyster Pearl cryptocurrency scam began in 2017 when a young American, Amir Bruno Elmaani, under the pseudonym Bruno Block, launched the sale of tokens bearing the same name. The Oyster Protocol was promoted as an online platform on the Ethereum blockchain for data storage and raised funds through an ICO, which took place in the fall of 2017.
Publicly, Bruno Block assured investors that the number of tokens on the market would remain fixed because the smart contract for their issuance was blocked. However, he secretly "minted" and released a new batch of coins later on.
The value of Oyster Pearl immediately plummeted, and the exchange that supported the project's operations soon ceased its support for Oyster Pearl.
It's noteworthy that for most of his time in the cryptocurrency business, Amir Bruno Elmaani kept a low profile, avoiding public appearances and meetings with investors and colleagues in person. His company was registered under a fake identity. Additionally, in 2017, Bruno Block declared an annual income of $15,000 unrelated to cryptocurrency, and the following year, he failed to report to the tax authorities at all.
Nevertheless, the enterprising crypto enthusiast lived lavishly. He spent over $10 million on purchasing yachts where he kept gold bars, and several luxurious homes cost Bruno around $700 000. Bruno also did not forget about himself, spending hundreds of thousands of dollars monthly on "pocket expenses."
The police arrested Amir Bruno Elmaani only in 2021. During the investigation, it was found that the total tax losses from the Oyster Pearl's activities amounted to $5.5 million. In the spring of 2023, Bruno fully admitted his guilt and was soon sentenced to 48 months of imprisonment and a fine of $5.5 million.
Impulse Project — a crypto scam with a Russian hacker trace
Among the top five significant cryptocurrency scams of 2023 is a case that appears to be linked to an anonymous group of Russian hackers. The anonymous group of criminals was discovered by Japanese software developer Trend Micro in the field of cybersecurity.
During the investigation conducted by Trend Micro specialists, it was found that the scammers used 150 websites, forums, and applications in their scheme. Through them, they attracted victims to register on pseudo-cryptocurrency platforms and lured deposits that then leaked into the pockets of the criminals.
One of the "solid" websites that crypto scams mimic:
At the same time, all the websites are designed to resemble pages of reputable, officially operating projects. The first page of the scam platforms displays a lot of content, including a section where prices for popular cryptocurrencies are displayed in real time. All the websites promote the Impulse Project affiliate program, which belongs to the Impulse Team and is advertised on Russian-speaking criminal forums.
Impulse Project began its operation in 2021. According to Trend Micro data, only from December 24, 2022, to March 8, 2023, hackers earned over $5 million. The group of criminals continues its dirty work to this day — no official information about the capture of those involved in the Impulse Project activities has appeared.
Conclusions
It may seem that the figures of stolen sums by hackers and scammers in each specific case are not so large. However, we have examined the most vivid, typical cases of crypto breaches and scams of 2023, while dozens, if not hundreds, of smaller incidents remain in the shadows. In aggregate, the damage inflicted on the crypto industry by criminal activity is quite significant — one should not forget about the reputational risks.
When analyzing significant crypto scam cases, it is worth noting that their activities are not limited to one year. This is understandable: any scam must grow, and strengthen before it catches the vigilant eye of law enforcement agencies. And catching criminals, investigating all the nuances takes more than just one year.