On 18 November 2023, Kronos Research announced, via social media platform X, that unauthorized access to their API resulted in a loss of approximately $26 million. The incident isn’t a typical private key compromise which often refers to the private key of a victims wallet, but instead was due to a API private key compromise. Whilst there are differences between the two, this incident resulted in the victim losing control of their funds. Since the API keys belonging to Kronos Research were compromised, we are classifying this incident as a private key compromise, which have seen $134 million lost in November alone.

On 10th November, Poloniex wallets on Ethereum, Tron and BTC were compromised leading to an overall loss of approximately $132 million. In total, the stolen funds have passed through at least 681 wallets as assets are being laundered. This is the second largest private key compromise that CertiK has detected in 2023. Just 40 incidents involving private key compromises have accounted for 57% of the overall losses in 2023, demonstrating how devastating private key compromises can be.

The October Stats Graphic shows data from hacks, scams, and incidents in October 2023