In a surprising turn of events, a recent report from blockchain intelligence firm TRM Labs has indicated a significant decline in cryptocurrency hacks during the first quarter of 2023. The report reveals that hackers managed to steal approximately $400 million from various crypto projects, marking a 70% decrease compared to the same period in 2022. Moreover, the average hack size has substantially decreased from $30 million to $10.5 million for the corresponding timeframe.

What’s even more intriguing is the increasing trend of hackers returning the stolen funds, opting instead for “white hat” rewards from the exploited projects. TRM Labs estimates that hack victims received nearly half of the stolen funds in 2023. This shift in behavior is exemplified by the case of the TenderFi protocol, where an attacker returned half of the $1.6 million obtained in the attack in exchange for an $850,000 bounty.
The possible explanation behind these developments lies in the growing regulatory attention surrounding crypto hacks and the subsequent enforcement actions. Crypto exchanges are bolstering their know-your-customer (KYC) and anti-money laundering (AML) policies, making it increasingly difficult for hackers to cash out stolen coins. Additionally, the popular Ethereum mixing protocol, Tornado Cash, has been subject to U.S. sanctions since August 2022, effectively blacklisting all Tornado-related funds on regulated exchanges.
The case of Avraham Eisenberg serves as a cautionary tale within the crypto community. Eisenberg, the first person known to be arrested for a decentralized finance (DeFi) exploit, was apprehended in Puerto Rico after exploiting the Mango Markets protocol and publicly admitting his actions. This incident shed light on the vulnerability of DeFi protocols and their potential exploitation.
“The ability to trace and track stolen funds has just gotten better and better,” affirms Ari Redbord, Head of Legal and Government Affairs at TRM Labs. He emphasizes the role of blockchain intelligence firms and the wider community, including Twitter sleuths armed with open-source tools, in publicly tracking hacked funds in real time. This heightened transparency has created an environment where hackers are finding it increasingly challenging to off-ramp their ill-gotten gains, ultimately leading them to settle for bug bounties.
The emergence of “white hat” hackers, who play a pivotal role in strengthening cybersecurity measures, is another positive development within the ecosystem. Redbord suggests that DeFi services should embrace these ethical hackers, as they can contribute to bolstering cyber controls and fortifying the security of decentralized finance platforms.
Another case of a “white hat” hacker was when DeFi protocol Euler finance was hacked. The attacker stole around $200 million dollars and was offered around ten percent of the entire stolen amount if they would return the stolen funds. Within days the matter was resolved since Euler vowed to find the hacker and take legal action against them.
While the decline in hacking incidents and the return of stolen funds may bring temporary relief to the crypto sector, the industry must remain vigilant in the face of ever-evolving threats. DeFi protocols continue to be the primary target for hackers, given the complexity of smart contracts and their susceptibility to manipulation. According to Chainalysis, DeFi exploits accounted for a staggering 82% of all crypto stolen in 2022.
As the crypto industry navigates the dynamic landscape of security and regulation, stakeholders must maintain a proactive approach to protect user funds and maintain the trust of participants. While progress has been made, it is clear that continued collaboration between regulators, blockchain intelligence firms, and the wider community is essential to safeguarding the future of cryptocurrencies and decentralized finance.