Summary # On December 31, 2023, Orbit Chain, a South Korean cross-chain project, experienced a significant security breach involving their Orbit Bridge. The attacker exploited the Orbit Bridge through a private key compromise and drained approximately $81.54 million worth of assets from the Orbit Bridge’s ETH Vault. The stolen funds were converted into ETH and DAI and then distributed across several addresses.
Attackers # The identity of the attacker remains unknown.
...
Summary # On November 10, 2023, Poloniex, a custodial centralized exchange, experienced a security breach due to a private key compromise. The attacker exploited Poloniex’s hot wallets and withdrew funds across three chains: Bitcoin, Ethereum, and Tron. The total losses amounted to approximately $122.98 million, including BTC, USDT, USDC, ETH, TRX, and other assets. The stolen assets were exchanged for native tokens and transferred to sereval addresses.
Attackers # The attackers believed to be the Lazarus Group, North Korean cybercrime group.
...
Summary # On September 12, 2023, CoinEx, a crypto trading platform operating on various chains, experienced a massive security breach due to a private key compromise. The attacker exploited CoinEx’s hot wallets and extracted approximately $52.8 million worth of assets across 9 different chains. The stolen funds were transferred to the attacker’s addresses and then laundered via distribution between multiple addresses and smart contracts. Lazarus Group is suspected to be behind the theft, as multiple sources have confirmed an onchain connection between Stake.
...
Summary # AlphaPo, a crypto payment platform that processes payments for various gambling services, suffered a loss of more than $60 million due to a private key compromise that affected their hot wallets across Bitcoin, Tron, and Ethereum. The stolen funds were transferred to other blockchains, including Avalanche and Bitcoin. The funds on Bitcoin were deposited into the crypto mixer service Sinbad. The loss also includes the losses suffered by CoinsPaid, an entity related to AlphaPo.
...
Summary # On June 2, 2023, Atomic Wallet, a non-custodial multichain DeFi wallet, experienced an exploit resulting in the loss of over $100 million worth of various assets from its users. The largest affected wallet lost a total of 7,950,000 USDT. The suspected perpetrator of this attack is the Lazarus Group, a known North Korean hacking group. The hackers moved the stolen funds to Ethereum and TRON addresses. The part of the stolen assets were laundered through Sinbad mixer and Russia-based exchange Garantex.
...
Summary # On June 23, 2022, the Harmony Protocol team discovered a malicious attack on their Horizon Bridge, a blockchain bridge enabling asset transfers between Ethereum, Binance Smart Chain, and Harmony blockchains. In the morning, several transactions compromised the bridge. The hackers were able to steal the following assets: Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC).
...
Summary # On March 23, 2022, Ronin Network, a blockchain that powers the popular game Axie Infinity, suffered a 51% attack. This allows the attacker to control the network via compromising validators private keys and perform malicious actions, such as double-spending transactions or preventing new blocks from being mined. The attack resulted in the theft of $625 million worth of Ethereum and USDC. The hackers were able to reorganize over 100 blocks, which allowed them to double-spend large amount of assets.
...
Summary # On September 26, 2020, KuCoin, a Singapore-based cryptocurrency exchange, experienced a significant security breach, resulting in the theft of approximately $281 million worth of cryptocurrencies. The hackers obtained the private keys to the exchange’s hot wallets. The hackers sold the stolen cryptocurrency from their addresses on decentralized exchanges and anonymized the stolen cryptocurrencies through the mixing services. The incident caused a temporary drop in the price of KuCoin’s exchange token KCS by 14%, to $0.
...