Hackers siphoned $1.7 billion from cryptocurrency platforms in 2023 — down by about $2 billion from a record high set the previous year, according to data collected by blockchain research firm Chainalysis.

Despite the drop in total money lost, the number of individual incidents targeting these platforms grew from 219 in 2022 to 231 in 2023 — due in no small part to the collapse of several popular exchanges and the overall precipitous decline in value of cryptocurrencies.

Chainalysis experts also attributed the drop to a decrease in the number of cyber thefts targeting decentralized finance (DeFi) platforms — which allow customers to borrow funds, speculate on prices and trade coins.

“Hacks of DeFi protocols largely drove the huge increase in stolen crypto that we saw in 2021 and 2022, with cybercriminals stealing more than $3.1 billion in DeFi hacks in 2022. But in 2023, hackers stole just $1.1 billion from DeFi protocols,” the researchers said.

“This amounts to a 63.7% drop in the total value stolen from DeFi platforms year-over-year. There was also a significant drop in the share of all funds stolen accounted for by DeFi protocol victims in 2023.”

In spite of the drop, several incidents drew headlines throughout 2023, including:

• Euler Finance — $197 million loss;
• Curve Finance — $73.5 million loss;
• Mixin Network — $200 million loss;
• CoinEx — $43 million loss;
• Poloniex Exchange — $130 million loss;
• Kyber Network — $54.7 million loss;
• HTX — $113.3 million loss.

July 2023 alone saw 33 different hacks, the most of any month, the researchers explained.

Cybersecurity experts who spoke to Chainalysis said many of the hacks occurred because platforms are poorly built, prioritizing growth over robust security systems.

“Historically, the majority of DeFi hacks have stemmed from vulnerabilities in smart contract design and implementation — a large proportion of the affected contracts we examined had either not undergone any audit or had been audited inadequately,” said Mar Gimenez-Aguilar, lead security architect and researcher at blockchain cybersecurity firm Halborn.

But Gimenez-Aguilar noted that things are improving, with many DeFi protocols increasing security measures.

Chainalysis said it is likely a mix of lower overall DeFi activity and better security practices that contributed to the decline in losses last year.

“Although the total amount stolen from crypto platforms in 2023 was down significantly from prior years, it is clear that attackers are becoming increasingly sophisticated and diverse in their exploits,” Chainalysis said.

“Over time, as these processes improve, it is likely that funds stolen from crypto hacks will continue to decline.”

$1 billion for North Korea

One important part of the crypto hacking ecosystem is the activity of threat actors from North Korea, which have pilfered billions from crypto platforms to help fund their government and its nuclear weapons program.

In 2022, North Korean cyber espionage groups like Kimsuky and Lazarus Group stole about $1.7 billion worth of cryptocurrency. That figure fell to $1 billion in 2023 but the number of incidents attributed to the nation grew to 20, the highest ever recorded.

About $428 million was stolen from DeFi platforms while exchanges, wallet providers and centralized services also saw hundreds of millions worth of losses.

Attacks on Atomic Wallet, Alphapo and Coinspaid were all attributed to North Korean hackers, according to U.S. law enforcement agencies.

Chainalysis said the hackers behind the attacks took great effort to obfuscate the funds, sending them to centralized exchanges and then to other platforms where they could be mixed with other funds and converted into other cryptocurrency.

The hackers used the now-sanctioned mixing service Sinbad to obscure the on-chain transactions. Several other platforms and services, like the Tron blockchain and Avalanche bridge, were used to further launder the money.

The United Nations Security Council recently asked researchers at cybersecurity firm Phylum to provide them with information on North Korea’s efforts to use cryptocurrency thefts as a way to circumvent sanctions.

Louis Lang, co-founder of Phylum, told Recorded Future News that the UN was particularly interested in Lazarus Group’s attacks and noted that they have seen multiple campaigns from the group.

“DPRK cyberattacks account for nearly 45% of their military budget. If memory serves, $3.7 billion in cryptocurrency was stolen in 2023, nearly half of that was the result of DPRK cyberattacks,” Lang said.

“In the campaigns we’ve been monitoring, [Lazarus Group] is just different because the motivations are different. The group wants to obtain cryptocurrency, so they target financial and cryptocurrency institutions directly. They’ve been very successful in this case.”