I Analyzed 120 Crypto Hacks. Here Is What I Learned

Validated Individual Expert

For this article, I analyzed 120 crypto hacks to see how they impacted the price performance of the cryptocurrencies affected. Some of the answers might surprise you.

The results of this research are relevant for investors who hold a cryptocurrency that was affected by a hack or who are considering buying a cryptocurrency after a hack has happened.

Please note that this is not an academic study.

The Dataset

All data used about the hacks come from this dataset from DefiLlama. Historical price data is from Coingecko.

At the time of my analysis, DefiLlama’s dataset contained data on 124 crypto hacks in the period from January 2020 to October 2022.

Crypto Hack Classifications & Techniques

In the period under review, the crypto hacks caused the loss of $5176,05 million.

In their dataset, DefiLlama classified whether the hack targeted a weakness in infrastructure, smart contract language, protocol logic, or the interaction between multiple protocols (ecosystem). The results are visualized in the following chart.

  • As the data shows, faults in the protocol logic offer the greatest attack surface for potential attackers, 37 protocol logic hacks resulted in more than $2 billion in loss.
  • Likewise, the infrastructure and the ecosystem of crypto platforms often offer gaps that hackers can penetrate.
  • On the other hand, rug pulls, i.e. project developers giving up a project and running away with the investors’ money, are relatively rare. 

The next chart shows a selection of the techniques most commonly used by the attackers and how much money was stolen with them.

  • What is striking is how often hackers succeeded by compromising the private keys of project members and investors.
  • Access control exploits allowed attackers to access certain features and perform actions they shouldn’t have had access to.
  • Price oracle manipulation means that hackers found a way to manipulate data provided to a smart contract by third parties in order to make the smart contract perform a specific action.

The Impact of Hacks on Cryptocurrency Prices

Unsurprisingly, the news of a hack has a disastrous impact on the price of the affected cryptocurrencies. On average, hacked crypto projects lost around 50% of their value in the first few days after the hack became public.

The following chart visualizes when the prices reached a local bottom a few days after the hacks using a selection of representative projects. The amount of lost funds does not seem to correlate with the price decreases.

To get a better understanding of how hacked cryptocurrency prices behave over a longer period of time, let’s now look at the timeline below. It shows the percentage change in value at different time stamps.

  • As the previous chart showed, the affected cryptocurrencies lost massively in value in the first few days after the hack.
  • What is surprising is that a hack does not automatically mean the immediate total collapse of a project. A large part of the analyzed cases saw a relative price recovery after the hack — shown as ‘peak after hack’ in the above chart. It is not possible to generalize the time took to reach the peak and how much these price increases were. In some cases, it was the well-known ‘dead cat bounce’, in other cases the underlying bull market seemed to be an important driver.
  • However, a large majority of projects never reached the same or higher price level compared to the price before the hack (blue colored lines). This means that once the trust is gone, in most cases it will never come back.
  • For the few cryptocurrencies, where a higher price was achieved after the hack (yellow lines), this happened during the 2021 bull market. However, none of these projects could sustain profits in the long term.
  • In the long term, hacked projects massively lose value — on average they saw a loss of 80% compared to the price levels just before the hack happened.
  • The main conclusion I draw from this analysis is the following: if you own a cryptocurrency that just got hacked — sell it. With the exception of a bull market, you should NOT expect a long-lasting positive price development in the future. If you are considering buying a cryptocurrency after it got hacked, you should probably look for a better alternative.
  • The data on hack classifications and techniques discussed above shows that many crypto projects have serious vulnerabilities. As a retail investor, it is difficult to review and evaluate crypto projects in this regard. For me, this underlines the importance of audits of reliable 3rd parties.
  • You should also carefully examine potential investments and look for information on how the respective projects are arming themselves against the challenges described above.

All Comments

Recommended for you

  • Valkyrie Ethereum Futures ETF Receives U.S. SEC Approval

    The US SEC has approved Valkyrie to convert its existing Bitcoin futures ETF to a Bitcoin and Ethereum futures ETF. The new fund will be renamed "Valkyrie Bitcoin and Ethereum Strategy ETF" and will take effect on October 3, with the code still being BTF.

  • AlphaSense Raises $150M in Series E Funding Round Led by BOND and Alphabet's CapitalG

    AlphaSense, a B2B AI platform focused on business intelligence and search, has completed a successful Series E funding round, raising $150 million. The round was led by BOND and included investments from Alphabet's CapitalG, Goldman Sachs, and Viking Global. AlphaSense's valuation has grown from $1.7 billion to $2.5 billion since its Series D funding round in June 2023. The platform uses machine learning to provide deep insights into business and finance analytics, offering "insights-as-a-service." The latest investment will allow AlphaSense to continue leading the generative AI revolution in the B2B sector.

  • web3 startup IYK raises $16.8 million in seed funding, led by A16z Crypto

    Web3 startup IYK has raised $16.8 million in seed funding, with A16z Crypto leading the way and other investors including 1kx, Collabcurrency, Lattice Capital, and gmoney. According to its website, IYK is a participant in the a16z Crypto Startup School, which is an accelerator program from the venture capital giant that typically invests $500,000 in participating startups in exchange for 7% equity. IYK says that it has recruited over 100 creators from industries such as fashion, music, and art since its founding in 2021. To attract more brands and creators, it is launching a self-service platform to help create digital physical experiences.

  • Oracle project Supra completed over US$24 million in financing, with participation from Animoca Brands and Coinbase Ventures.

    On September 28th, Supra, a provider of oracle and VRF services, announced that it had completed a funding round of over $24 million. Investors in this round include Animoca Brands, BCW, Coinbase Ventures, FiveT Fintech (formerly Avaloq Ventures), Galaxy Interactive, Hashed, HashKey, Huobi Ventures, No Limit Holdings, Prosus Ventures,, Republic Crypto, Shima Capital, Signum Capital, SMO Capital, Sound Ventures, Sublime Ventures, UOB Venture Management (Dahua Bank), and Valor Equity Partners.

  • Hong Kong police arrested three people again in connection with the JPEX case, bringing the total number of arrests to 15

    Hong Kong police arrested three more people related to the JPEX case, including one director and one employee of the overseas exchange Lupin, and one popular analyst from a foreign currency exchange shop. The total number of arrests is now 15. The police have received a total of 2,392 reports, involving a total amount of nearly 1.5 billion yuan, and have frozen 77 million yuan in assets. 

  • The EU will collect data proving that cryptocurrency PoW mechanisms "seriously" harm the environment and plans to develop sustainability standards

    On September 28th, the European Commission released a tender contract worth 800,000 euros (approximately $842,000) aimed at mitigating the "significant harm" that cryptocurrency poses to the environment. The research, which will end on November 10th, will establish standards that will be incorporated into potential future EU policies to curb the impact of cryptocurrency on climate change and develop new energy efficiency labels for blockchain. The European Commission stated in the tender document that "there is evidence that crypto-assets can cause significant damage to the climate and the environment," which could undermine the EU's greenhouse gas reduction targets, indicating that new sustainable development standards may be adopted in the future. EU legislators are concerned about the energy-intensive PoW consensus mechanism that supports blockchain such as Bitcoin. The EU's research will be completed within a year and will study green issues related to the use of water, waste, natural resources, and energy by cryptocurrencies. (CoinDesk)

  • Brazil’s cryptocurrency trading volume in July was US$3.7 billion, with USDT trading accounting for 81.6%

    According to data from the Federal Tax Authority, cryptocurrency transactions in Brazil reached 18.8 billion Brazilian real (approximately 3.7 billion US dollars) in July, a decrease of 11.4% compared to the previous month. The three highest transaction volumes were stablecoins, with USDT accounting for 15.3 billion Brazilian real, or 81.6% of the total transaction volume, followed by USDC (838 million Brazilian real) and Brazilian real stablecoin BRZ (641 million Brazilian real). 

  • The National Blockchain Industry Industry-Education Integration Community was established in Xiongan New Area

    National Blockchain Industry Production-Education Integration Community Establishment Conference was held in Xiong'an New Area on September 27. The National Blockchain Industry Production-Education Integration Community is jointly formed by Xiong'an Guochuang Center Technology Co., Ltd., Southwest University of Finance and Economics, Hebei Software Vocational and Technical College, and other units under the guidance of the Vocational and Adult Education Department of the Ministry of Education, the Education and Examination Center of the Ministry of Industry and Information Technology, and the China Association of Small and Medium Enterprises, together with relevant industry associations, enterprises, undergraduate colleges, vocational colleges, scientific research institutes and other units. The establishment of the National Blockchain Industry Production-Education Integration Community aims to gather high-quality production-education resources and establish a new type of production-education integration organization to support the development of the blockchain industry, promote industrial development and talent cultivation, effectively promote the deep integration of industry and education, improve the quality of talent cultivation, better meet the development needs of the blockchain industry, and effectively promote economic and social development.

  • DeFi Revenue Aggregator Gro Protocol Will Cease Operations and Dissolve Gro Dao

    On September 20th, according to the Snapshot governance page, DeFi yield aggregator Gro DAO passed a proposal to dissolve the DAO and cease operations with a support rate of 70.95%, and provided a clear exit strategy for stakeholders. The steps to be taken afterwards are to extend Groda for 3 months (October 3rd to January 3rd) to focus on dissolving the DAO and stopping operations with a budget of 180,000 USDC.

  • Cme Global Head of Crypto: DeFi Will Replace Traditional Finance, but They Should Coexist

    Giovanni Vicioso, the global head of CME Group's cryptocurrency products, stated at the Singapore Token2049 "Institutionalization of Digital Assets" roundtable discussion: I believe that DeFi will replace traditional finance, but they should coexist. Some institutions have truly adapted to DeFi, but I think more work needs to be done, especially in regulatory agencies. There needs to be relevant regulations and clear definitions of how these developers design these protocols to ensure that they can operate normally and attract institutional participation.