For this article, I analyzed 120 crypto hacks to see how they impacted the price performance of the cryptocurrencies affected. Some of the answers might surprise you.
The results of this research are relevant for investors who hold a cryptocurrency that was affected by a hack or who are considering buying a cryptocurrency after a hack has happened.
Please note that this is not an academic study.
At the time of my analysis, DefiLlama’s dataset contained data on 124 crypto hacks in the period from January 2020 to October 2022.
Crypto Hack Classifications & Techniques
In the period under review, the crypto hacks caused the loss of $5176,05 million.
In their dataset, DefiLlama classified whether the hack targeted a weakness in infrastructure, smart contract language, protocol logic, or the interaction between multiple protocols (ecosystem). The results are visualized in the following chart.
- As the data shows, faults in the protocol logic offer the greatest attack surface for potential attackers, 37 protocol logic hacks resulted in more than $2 billion in loss.
- Likewise, the infrastructure and the ecosystem of crypto platforms often offer gaps that hackers can penetrate.
- On the other hand, rug pulls, i.e. project developers giving up a project and running away with the investors’ money, are relatively rare.
The next chart shows a selection of the techniques most commonly used by the attackers and how much money was stolen with them.
- What is striking is how often hackers succeeded by compromising the private keys of project members and investors.
- Access control exploits allowed attackers to access certain features and perform actions they shouldn’t have had access to.
- Price oracle manipulation means that hackers found a way to manipulate data provided to a smart contract by third parties in order to make the smart contract perform a specific action.
The Impact of Hacks on Cryptocurrency Prices
Unsurprisingly, the news of a hack has a disastrous impact on the price of the affected cryptocurrencies. On average, hacked crypto projects lost around 50% of their value in the first few days after the hack became public.
The following chart visualizes when the prices reached a local bottom a few days after the hacks using a selection of representative projects. The amount of lost funds does not seem to correlate with the price decreases.
To get a better understanding of how hacked cryptocurrency prices behave over a longer period of time, let’s now look at the timeline below. It shows the percentage change in value at different time stamps.
- As the previous chart showed, the affected cryptocurrencies lost massively in value in the first few days after the hack.
- What is surprising is that a hack does not automatically mean the immediate total collapse of a project. A large part of the analyzed cases saw a relative price recovery after the hack — shown as ‘peak after hack’ in the above chart. It is not possible to generalize the time took to reach the peak and how much these price increases were. In some cases, it was the well-known ‘dead cat bounce’, in other cases the underlying bull market seemed to be an important driver.
- However, a large majority of projects never reached the same or higher price level compared to the price before the hack (blue colored lines). This means that once the trust is gone, in most cases it will never come back.
- For the few cryptocurrencies, where a higher price was achieved after the hack (yellow lines), this happened during the 2021 bull market. However, none of these projects could sustain profits in the long term.
- In the long term, hacked projects massively lose value — on average they saw a loss of 80% compared to the price levels just before the hack happened.
- The main conclusion I draw from this analysis is the following: if you own a cryptocurrency that just got hacked — sell it. With the exception of a bull market, you should NOT expect a long-lasting positive price development in the future. If you are considering buying a cryptocurrency after it got hacked, you should probably look for a better alternative.
- The data on hack classifications and techniques discussed above shows that many crypto projects have serious vulnerabilities. As a retail investor, it is difficult to review and evaluate crypto projects in this regard. For me, this underlines the importance of audits of reliable 3rd parties.
- You should also carefully examine potential investments and look for information on how the respective projects are arming themselves against the challenges described above.