The 3 Latest Crypto Attacks and Hacks You Must Know

GDAC Hack

In what may be the first attack on a centralized crypto exchange in 2023, GDAC, a South Korean CEX, was hacked for nearly $14 million on April 9 after the culprit gained control of the exchange’s hot wallets. Unlike cold wallets, which are offline, hot wallets are always connected online and allow users to transfer and receive tokens. Because they are easier to access, most crypto exchanges keep their customers’ cash in warm wallets.

In GDAC’s case, the hacker took 61 BTC, approximately 350.5 ETH, 10 million WEMIX and 220,000 USDT from the exchange’s hot wallet and proceeded to transfer them to an unidentified wallet. The company stated that it will try to retrieve the stolen funds.

Because hot wallets are linked to the internet, they are quite vulnerable to theft. Hot wallets of major cryptocurrency exchanges have been compromised for millions of dollars over the years. In 2019, a hacker gained access to Binance’s hot wallet and stole $41 million worth of goods. Similarly, in 2019, hackers broke into South Korean exchange Bithumb’s hot wallet and stole $13.4 million.

Terraform Hack

Hacks are nothing new for DeFi projects. The financial vertical of the crypto sector is teeming with hundreds of thousands of apps worth billions of dollars. However, the sector is tainted by error codes, network failures and lax security, which hackers often exploit.

Recently, Terraport Finance, a decentralized exchange that allows token exchange on the Terra Classic blockchain, became the latest DeFi project to be hacked. On April 10, Terraport said a hacker gained access to the protocol and drained all liquidity pools, stealing around $2 million in virtual assets.

Using on-chain trackers, many social media outlets claimed that the stolen funds were transferred to Binance and MEXC Global. Meanwhile, the aforementioned exchanges have been notified to freeze the assets before the attacker can withdraw the funds.

SushiSwap exploit

In another unrelated DeFi exploit, SushiSwap, on 26^th largest decentralized exchange by market capitalization, suffered a loss of $3.3 million due to a glitch in the smart contract. According to blockchain security firm PeckShield, the flaw appeared on the Route Processor2 smart contract, which is used to route trade orders. Meanwhile, according to other reports, the smart contract was launched by a hacker and did not perform authentication checks, allowing the hacker to steal $1,800 in ETH from a single SushiSwap user. It is currently unclear whether the contract error was intentional.

This is not the first time that a lapse in a smart contract has led to large losses. In 2016, a hacker discovered a flaw in The DAO, a smart contract on the Ethereum blockchain. The flaw allowed the attacker to continuously request that the smart contract deliver money to them, resulting in the theft of 3.6 million ETH, which was then worth over $70 million.

Conclusion

Hacks and network exploits continue to plague the crypto sector. By 2022, hackers stole almost $4 billion worth of virtual assets. In it, DeFi projects accounted for about 82 percent, or $3.1 billion. Until security measures are improved, those investing in crypto projects must carry out extensive checks to secure their investments. It is also recommended that one sets up a cold storage wallet to park crypto-assets instead of parking them in centralized exchanges.