Cointime

Download App
iOS & Android

A Recap of Defi Hacks in Jan 2023

Validated Individual Expert

As far as DeFi hacks go, January 2023 was a pretty calm beginning to the year. A few significant attacks on DeFi protocols did occur, although the majority of the most important hackers targeted specific people.

Media attention is typically drawn to attacks on important DeFi projects. However, people were the main targets of the majority of the most serious attacks in 2023 rather than projects. The following people working in the cryptocurrency sector were targeted in January 2023:

  • NFT God
  • CryptoNovo
  • Luke Dashjr
  • Nikhil Gopalani
  • Kevin Rose

Major DeFi hacks were less common in January 2023, but they were still there. When a deprecated IBSC token contract was replaced, it was not disabled, which led to two versions of the token being operational at once. This vulnerability was exploited by an attack against LendHub. The attacker stole around $6 million from the project by taking advantage of inconsistencies in the liability calculations of the two tokens.

Smart contract weaknesses are frequently used in the most common DeFi attacks. But every notable attack that occurred in January 2023 either went after the privacy and security of a user’s digital wallet or exploited weak security measures when upgrading smart contracts.

An effective cybersecurity strategy is one that considers all potential areas of risk to a project and its users. If you’re planning to release or upgrade a DeFi project, reach out to our Web3 security experts at [email protected] for help with ensuring a secure rollout.

Why Are Smart Contracts Prey to Cyberattacks?

Transparent, autonomous, distributed, immutable, and trustless are among the key characteristics of smart contracts. Ironically, it’s because of these characteristics that hackers are so interested in hacking smart contracts.

Smart contracts with flaws are like low-hanging fruit that are just waiting to be picked since they can carry so much value at any given moment. Hackers have recently focused their attention on cross-chain bridges, which are protocols that let users exchange tokens from other blockchains. In just 2022, these cross-bridge attacks cost hackers over $1 billion in revenue.

Upgradability

There are numerous methods for attaining “upgradability” even though smart contracts are immutable. A new smart contract is deployed, and dependents are directed to the newly deployed contract, which is how it operates. Numerous smart contracts, the bulk of which may be modified, make up a standard DeFi protocol.

This type of decentralized protocol is vulnerable to a number of threats because it has the capacity to be upgraded, which hackers may use against it. In the event that a hacker succeeds in attacking one of the protocol contracts, they may be able to modify the protocol code in some way, either entirely or partially, to meet their requirements. And as long as there is money to be gained, hackers will keep developing new strategies to take advantage of smart contract loopholes.

Bugs

The existence of defects in the codes of smart contracts creates a vulnerability that can be exploited even in the absence of intentional attacks. Additionally, because the majority of these protocols are open source, it is easier for an attacker to look through the source code for potential security holes. It won’t take long for someone to identify a flaw in the code that will allow them to gain access to the system.

Code: Garbage In, Garbage Out

Coding errors in smart contracts are one of the main reasons for hacking. Smart contract audits are frequently conducted quickly, and the audit teams may not even have a complete understanding of the source code at the outset. It does not offer any security guarantees, despite the fact that smart contracts must go through several rounds of auditing.

Incompetence

Hackers may also use team ineptitude, or egregiously careless use of secret keys, as an attack vector. Most likely, you’ve heard of private key hacks or breaches. But how, in the first place, can a private key be “hacked”?

It is recommended as good security practice to save private keys, access keys, passwords, and other sensitive information in a secrets manager rather than in environment variables if you’re talking about programmatically signing transactions using a private key. A poorly constructed application will willingly reveal all application secrets, even when a secrets manager is used. There have been costly breaches that could have been easily prevented if only “basic cybersecurity hygiene” had been followed.

The “principle of least privilege” should be followed when it comes to access in smart contracts, and RBAC (role-based access control) should be used to establish them. When using your signer key in a “hosted” environment that isn’t secure, make sure the wallet has very little access to your application.

Comments

All Comments

Recommended for you

  • A Total of 37,212.18 DMD Permanently Burned Over the Past 7 Days

    July 9, 2026 — According to the latest on-chain data released by DMDAO, a total of 37,212.18 DMD has been permanently burned over the past seven calendar days through the protocol's predefined trading and wealth management burn mechanisms.

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.