- 1 Nearly a couple of Billion dollars were swiped from Web3 last year.
- 2 A majority of exploits were a result of a private key compromise with $880 Million.
A new report by security-focused company CertiK dubbed Hack3d: The Web3 Security report sheds light on the sum lost to security incidents in 2023. $1.8 Billion were lost across 751 events throughout the year, representing a 51 percent downfall in contrast to the previous year. In 2022, attackers swiped $3.7 Billion across a variety of ecosystems in the market.
Exit Scams Dominated The Year
While November 2023 remained the worst month for web3 in contrast to total money lost, losing $364 Million, October was the safest with $33.3 Million lost. In context to incident count, March and July stayed on top with 78 and 79 incidents occurring in the months respectively. $799.6 Million were stolen from the Ethereum (ETH) blockchain.
A majority of exploits were a result of a private key compromise with $880 Million. Meanwhile, the study shows exit scams were on the rise with the year witnessing 306 incidents in total. Attacks on Mixin Kernel and Euler Finance conjointly make $397 Million dragged from the ecosystems. Other ecosystems with $100 Million or more lost from the network include Atomic Wallet, HECO Bridge, Poloniex, and more.
The report breaks down the losses quarter-wise, which indicates that Q1 2023 saw a monthly increase until the end. Ethereum lost $227.5 Million during this period. However, the numbers on the ETH blockchain declined in the following quarter which was dominated by phishing attacks.
Although exit scams dominated Q3 2023, the amount stolen remained low at $42 Million. The amount stolen declined drastically between July and August 2023 from $308.2 Million to $46.3 Million. However, it accelerated again to $332.1 Million in September.
Ethereum became the apple of hackers’ eye again during the final quarter, where they stole $278.2 Million from the blockchain. Furthermore, most of the incidents happened on this network only during this time. Although the amount stolen fell during November and December, the total number of incidents increased.
CertiK also highlights a correlation between losses and the total value locked (TVL) in decentralized finance (DeFi) protocols. “31% of the variability in monthly losses can be statistically attributed to changes in DeFi’s TVL,” highlights the report.
It notes that an increase in TVL ‘also leads to a rise in malicious attempts to exploit ecosystems to some extent.
A similar report was released recently by the bug bounty platform ImmuneFi. “In 2023, despite a reduction in overall losses compared to the previous year, the Web3 sector experienced a substantial surge in hacking attempts and fraud incidents, with the frequency of such cases nearly doubling,” the CEO and founder of the platform wrote in that report.
Furthermore, the study pointed out the fact that 2024 may witness more projects entering the market which may attract more exploiters. Moreover, events like Bitcoin (BTC) halving are due in April 2024 which, according to many experts, may significantly increase the asset’s price. Bad actors may leverage it to exploit investors too.
Anurag is working as a fundamental writer for The Coin Republic since 2021. He likes to exercise his curious muscles and research deep into a topic. Though he covers various aspects of the crypto industry, he is quite passionate about the Web3, NFTs, Gaming, and Metaverse, and envisions them as the future of the (digital) economy. A reader & writer at heart, he calls himself an “average guitar player” and a fun footballer.