Latest News

No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm

The industry can expect “further attempts from hackers targeting bridges in 2023,” while users are advised to be more cautious with their private keys.

According to CertiK, the new year represents a fresh start for malicious actors in the crypto space, and scams, exploits, and hacks are unlikely to slow down in 2023.

The blockchain security firm told Cointelegraph about its expectations for the coming year in terms of bad actors in the space, saying:

“Despite the crypto bear market, we saw a large number of incidents last year, so we do not expect a drop in exploits, flash loans, or exit scams.”

Concerning other nefarious incidents that the crypto community may face, the company cited the “devastating” exploits that occurred on cross-chain bridges in 2022. Six of the top ten largest exploits this year were bridge exploits, which stole approximately $1.4 billion.

CertiK predicted “further attempts from hackers targeting bridges in 2023” as a result of these historically high returns.

CertiK, on the other hand, predicted “fewer brute force attacks” on crypto wallets now that the Profanity tool vulnerability — which has previously been used to attack a number of crypto wallets — is widely known.

Users can generate personalised “vanity” crypto addresses using the Profanity tool. According to CertiK, a vulnerability in the tool was used to steal $160 million in cryptocurrency during the September hack of algorithmic crypto market maker Wintermute.

Instead, wallet compromises this year will most likely be the result of poor user security, according to CertiK, who added: “It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, barring any future vulnerability discovered in wallet generators.”

The company also stated that it will be monitoring phishing techniques that may proliferate in the coming year. It mentioned a slew of Discord group hacks in mid-2022 that duped participants into clicking phishing links, such as the June Bored Ape Yacht Club (BAYC) Discord hack, which resulted in the theft of 145 Ether (ETH).

According to peer security firm Immunefi, $2.1 billion in cryptocurrency was stolen in just the ten largest incidents last year, with a total of $10.2 billion stolen from Decentralized Finance (DeFi) protocols by 2021.

The Ronin bridge exploit, which netted attackers $612 million, was the biggest incident in 2022 — and of all time. The $76 million Beanstalk Farms exploit was the largest flash loan attack, and the $79.3 million stolen from Rari Capital was the largest DeFi protocol exploit.


Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.