Private Key Compromise attacks in 2023

OKX DEX aggregator users lost $2.7M after a deprecated proxy-admin key was compromised, upgrading the contract to a malicious version that swept approvals.

Single-operator compromise drained $87M from HECO's cross-chain bridge plus $12M from HTX hot wallets, hitting both Justin Sun platforms in 24 hours.

$114M+ swept from Poloniex's Ethereum and Tron hot wallets after private keys were extracted from internal systems; Justin Sun pledged full reimbursement.

$200M drained from Mixin Network hot wallets after attackers compromised the cloud provider hosting Mixin's centralised database — an infrastructure wake-up.

$2.7M drained from P2P exchange Remitano's hot wallets in USDT, ANK, USDC and ETH via private-key compromise; TTPs consistent with Lazarus.

Lazarus drained $54M from CoinEx hot wallets across Ethereum, Tron, BSC and seven other chains, reusing infrastructure from the prior week's Stake.com hit.

Stake.com lost $41M from hot wallets on Ethereum, BSC and Polygon in 90 minutes; the FBI formally attributed the heist to Lazarus and listed 40 addresses.

$869K drained from RocketSwap on Base after a server breach yielded both the encrypted private keys and the automation script's decryption logic.

$1.14M drained from Steadefi on Arbitrum and Avalanche after a deployer private-key compromise let the attacker seize ownership of leveraged vaults.

A private-key compromise drained $60M from AlphaPo's hot wallets across Tron, Bitcoin and Ethereum. The FBI attributed the payment-processor breach to Lazarus.

$125M drained from Multichain bridge contracts a month after CEO Zhaojun's arrest; the team had lost MPC key access and evidence pointed to an inside job.

A Lazarus operation targeted Atomic Wallet's software, not individual seeds, draining $100M+ from roughly 5,500 users and bypassing self-custody guarantees.

A single signing-key compromise swept $23M in ETH, QNT, GALA, SHIB, HOT and MATIC from Bitrue's hot wallet, under 5% of exchange balances, before any pause.