All Articles
All Articles

De.Fi Rekt Report: Over $758m Lost in Q3 2023

Table of Contents

  • The total of lost funds in 2023 has reached $1.3b with $758m lost in Q3 
  • Recovered funds YTD stand at $14m, suggesting a recovery rate of just 1.04%
  • Three of the largest cases of lost funds this quarter were: Multichain, which experienced a loss of $231.1 million, Mixin network which faced a setback of $200 million, and CoinEx reported a loss of $52.8 million.

The decentralized finance (DeFi) landscape faced severe turbulence in Q3 2023, with a significant loss of $758,983,260. This figure, when combined with the losses from the previous quarters, brings the total funds lost in 2023 to an astounding $1.3 billion.

Recovered funds for the year to date stand at a modest $14m, which is a mere 1.04% of the total lost funds, underscoring the challenges in recovering stolen or misplaced assets in the crypto world.

When compared with Q2 2023, which saw losses of $204,308,280, the Q3 figures represent an alarming increase of 271.49%. Recovery efforts also intensified, with a 78.09% increase in recovered amounts compared to the previous quarter.

Meanwhile, if we look at the same period last year, While Q3 2022 saw significant losses totaling $564.7 million, Q3 2023 surpassed this with losses amassing to $758.9 million, marking a 34.40% increase year-over-year.

DeFi Exploit Trends

In Q3 2023, the DeFi landscape witnessed a staggering 116 cases of scams, exploits, or unintended losses, showing the persistent risks in the sector – this is 6 more than last quarter.

Among the vast number of cases, three particular instances drew significant attention due to the sheer magnitude of their losses. Multichain experienced a loss of $231.1 million, Mixin network faced a setback of $200 million, and CoinEx reported a loss of $52.8 million. Together, these three incidents accounted for a loss of around $484 million.

Diving deeper into the types of issues, Access Control once again emerged as a critical vulnerability with losses amounting to $319 million. 

Ethereum, being the dominant platform in the space, reported the highest losses, totaling a staggering $369.6 million across 72 cases. While Ethereum’s losses dwarfed other chains, the “Other” category also reported significant losses amounting to $323.4 million driven by the large loss from Mixin. 

Other platforms such as Binance’s BNB Chain experienced losses of $13.5 million, and Centralized platforms reported $37 million in losses. 

Emerging chains and Layer 2 solutions, like Optimism and Arbitrum, also faced exploits, albeit with relatively lower losses. The data underscores the vulnerabilities inherent across the DeFi landscape, regardless of the platform’s prominence or maturity.

Types of Exploit

The most frequent exploit was the “Rugpull“, with 78 cases resulting in losses of nearly $49.8 million. However, in terms of monetary impact, Access control issues were the most damaging, with only 6 cases accounting for a colossal loss of $319 million. Other significant exploits included Reentrancy attacks causing $65.8 million in losses across 8 cases, and general Exploits resulting in $82.2 million lost in 12 incidents. Less frequent but still impactful threats included Flash Loan Attacks, Phishing, Honeypot, and Oracle Issues, each contributing to the challenges in the crypto space.

Attack Vectors

Regarding attack vectors in Q3 2023, Tokens continued to be the primary target, with a staggering 80 cases. Exchanges, specifically DEXes, followed suit with 8 incidents, while Borrowing and Lending platforms saw 4 cases. The emerging Gaming/Metaverse sector was not immune, experiencing a significant loss in a single case. 

In Q3, recovery of funds remains an area for improvement. The recovered amount of $8 million is dwarfed by the total losses, indicating the need for stronger measures to trace and recover stolen funds.

Top Cases This Quarter

On that note, let’s take a brief look at the top cases this quarter. 

1. Multichain — $231m Lost

Multichain, a pivotal player in the realm of crosschain bridges, became the focal point of one of 2023’s most significant exploits, leading to a substantial loss of $231 million. The intricacies of the breach are alarming; nearly $130 million was siphoned off from multiple token bridges. Notably, the assets that were securely locked in the Multichain MPC address were abnormally transferred to an EOA address. This unauthorized movement of funds resulted in the complete depletion of Multichain’s Fantom Bridge, which lost its entire holdings of prominent tokens such as wBTC, USDC, USDT, and a selection of altcoins, amounting to over $130 million. Other affected areas included Multichain’s Moonriver and Dogecoin bridge contracts. 

Block Data Reference

Suspicious Addresses:


2. Mixin — $200m Lost

Mixin Network, an decentralized wallet service, faced a breach on September 23, reporting a monumental loss of $200 million. The attack was not random; it specifically targeted Mixin Network’s cloud service provider database, revealing vulnerabilities that many within the crypto community might have overlooked. 

The ramifications were immediate and far-reaching, with Mixin suspending both deposit and withdrawal services to contain the situation. Beyond the direct financial impact, the breach sent ripples across the market. Mixin’s native token, $XIN, experienced an 8% decline, settling at $195. 

Mixin Network’s founder, Feng Xiaodong, took an immediate and transparent approach, announcing a live stream to discuss the exploit’s details. While the situation remains fluid, with investigations ongoing, the incident emphasizes the need for enhanced security even within established crypto entities.

Block Data Reference

Affected Addresses:
0x52E86988bd07447C596e9B0C7765F8500113104c 0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e 0xB5d631A74AD9c9efcF96d6e9e2fAbcB75C67Eafa bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes

3. Coinex — $52.8m Lost 

CoinEx, a crypto trading platform, fell victim to a sophisticated exploit on September 12, 2023.

The attackers demonstrated a deep understanding of the platform’s security infrastructure, compromising the private keys of CoinEx’s hot wallets.

This breach wasn’t restricted to a single chain; the exploiters were able to steal funds across 9 distinct chains, deftly transferring them to their addresses. The total monetary loss was pegged at a significant $52.8 million. 

The aftermath of the exploit saw the stolen funds remaining, at least for a time, in the attacker’s addresses, raising questions about potential recovery efforts and the future security protocols of the platform.

Block Data Reference


Funds Holders as of Sep 13, 2023:

Funds Draining Transactions:

4. Vyper — $50.5m Lost

The Vyper Compiler is a vital tool for writing smart contracts. A vulnerability in certain versions of the compiler facilitated an exploit, impacting several projects and resulting in losses of over $50 million. Notably, some of these funds, approximately $6.8 million, were eventually returned.

Block Data Reference

Curve Pools:


Malicious Transactions:



Malicious Transaction:



Malicious Transaction:



Malicious Transaction:

Funds Returning Transaction:

5. Stake — $41.4m Lost, a renowned crypto gambling protocol, reported a significant breach early in September 2023. This exploit wasn’t confined to a single vulnerability but spanned across multiple blockchain networks, including Ethereum, Polygon, and Binance Smart Chain. Specifically, attackers exhibited expertise by compromising the private keys of’s hot wallets. 

This enabled them to drain a diverse range of tokens, with the cumulative losses reaching an alarming sum of $41.4 million.

Currently, the exploiter addresses still held a significant sum of over $13 million across the three chains.

Block Data Reference


Attacker Address:

Funds Holders as of Sep 07, 2023:


Binance Smart Chain

Attacker Address:

Funds Holders as of Sep 07, 2023:



Attacker Address:

Funds Holders as of Sep 07, 2023:



To conclude, Q3 showcased considerable financial setbacks, underscoring the ever-present and evolving risks within the crypto sector. Despite the growth and advancements in DeFi, the quarter was a testament to the intricate challenges that lie ahead in terms of security. As the landscape continues to expand, it becomes imperative for stakeholders to bolster their security infrastructure and prioritize rapid responses to emerging threats.

The substantial losses witnessed this quarter serve as a stark reminder of the inherent vulnerabilities in DeFi engagements. Investors are urged to be vigilant, taking the time to understand the nuances of the platforms they engage with and to implement robust safeguards for their assets. At De.Fi, we understand the complexities of the current DeFi environment. In line with this, we remain steadfast in our mission to equip our users with the necessary insights and tools to navigate this dynamic industry with confidence and foresight.

About De.Fi

De.Fi is an all-in-one Web3 Super App featuring an Asset Management Dashboard, Opportunity Explorer, and home of the world’s first Crypto Antivirus powered by the largest compilation of hacks and exploits, the Rekt Database. Trusted by 850K users globally, De.Fi aims to drive DeFi adoption by making the self-custody transition as simple and secure as possible. Backed by Okx, Huobi, former Coinbase M&A, and used by large companies worldwide, including University College London and Coingecko.

Website | Twitter | De.Fi Security | Rekt Database

More from De.Fi Security

© De.Fi. All rights reserved.