- A majority of the $901 million stolen from crypto projects since July were taken due to private key leakage, according to cybersecurity company Cyvers’ new report.
- The amount stolen has surged since the first half of the year when criminals stole $433 million.
- Several crypto projects linked to Justin Sun have been breached over the past two months.
Crypto hackers have so far stolen $901 million from exchanges, bridges, and DeFi protocols in the second half of 2023, but that number could increase unless protocols sort out a major security problem — private key leakage.
That is according to research from cybersecurity firm Cyvers, which suggests that the bulk of these thefts have come from compromised private keys.
“A staggering $773 million of $901 million lost was due to wallet access control issues,” Meir Dolev, co-founder and chief technology officer of crypto security firm Cyvers, said.
Private keys are like passwords that control access to crypto wallets. If they fall into the wrong hands, hackers can use them to access victims’ wallets and steal funds.
The news comes after Poloniex and HTX, two exchange platforms linked to Chinese crypto mogul Justin Sun, had $152 million stolen from them in the last two months — the latest of 14 heists linked to private key leakage by several security experts since July.
Heco, an HTX-linked bridge protocol, also suffered an $87 million heist last week, which security experts also attributed to compromised private keys.
Bridge protocols allow users to send crypto across different blockchains.
In total, these three crypto projects linked to Sun have lost $239 million to hacking incidents that occurred due to suspected private key leakages.
Neither Sun nor his affiliated crypto companies responded to requests for comment.
Crypto exchange CoinEx attributed the $55 million September hack to private key leakage, which gave attackers access to its hot wallet.
Ronghui Gu, co-founder of crypto auditing firm CertiK, told DL News that private key management has to become “top priority” for crypto companies.
“Systems like multi-signature protocols and multi-party computation, when well implemented, can distribute key control, mitigating the risk of single-point failures,” Gu said.
“This, combined with the periodic review of privileged keyholders, real-time monitoring tools, and timelocks, can help put the ‘De’ back in DeFi.”
Crypto hacks surge
Cybercriminals have stolen $901 million across 22 incidents since July, compared to the 25 incidents recorded in the first six months of 2023 when criminals stole $433 million, according to DefiLlama data.
Cyvers’ results align with data from DefiLlama, which shows that $1.3 billion have been stolen so far this year, down from the $3.2 billion recorded last year.
Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. To share tips or information about stories, please contact him at osato@dlnews.com.