BlockSec spoke about the main crypto-attacks in 2023

BlockSec researchers named the top 10 security incidents in the cryptocurrency industry in 2023. They noted that they had identified the top largest problems for the entire period. The researchers are confident that this blog topic “will help the community learn from the past and not repeat mistakes again.”

To begin with, experts recalled how an unnamed attacker “sophisticatedly assembled MEV bots using the “zero-day vulnerability” of Flashbots. He created decoy transactions for victims and used tactics to avoid detection.». According to experts, this is the smartest attack on the underlying blockchain infrastructure with a leveraged strategy.

A record amount of $197 million was stolen as part of the attack on Euler Finance. However, the funds were later returned to the Treasury address. About $200 thousand were “unwittingly” sent to hackers from the Lazarus Group

“The incident with KyberSwap stood out for its complexity,” experts emphasized. According to analysts, it included detailed calculations by the attackers. Curve Finance hack — compiler error led to the creation of erroneous bytecode from the source. Huge financial losses followed.

The Platypus GInance platform suffered as many as 3 times. Each of the exploits targeted different vulnerabilities. BlockSec's actions helped the project save $2.4 million.

The first fork of Compound V2 Hundred Finance was hacked and this was the beginning of similar security incidents in the DeFi sector. The attack on ParaSpace turned out to be important for BlockSec. Actions of BlockSec Phalcon Block System saved $5 million.

The hacker attack on SushiSwap failed, but led to several similar attacks on other protocols. The researchers also talked about the MEV 0xd61492 bot. According to experts, “this is a real use case of interaction between a bot and a flash loan provider.”

Finally, the ThirdWeb incident is mentioned. In this case, an incompatibility issue occurred due to the interaction of two untrusted modules. The conflict arose due to the joint work of ERC-2771 and Multicall. According to analysts, third-party libraries play a decisive role in software security.