The year 2023 marked a tumultuous period for the crypto world, as it weathered an unrelenting storm of cyberattacks that exposed the vulnerabilities within various protocols and platforms. A staggering $1.35 billion was reported stolen in approximately 600 incidents from the Web 3 protocol by the end of Q3. Ethereum bore the brunt, losing $417 million, while the Lazarus Group continued its reign of terror, contributing to hacks amounting to ~ $292 million. The crypto landscape became a battleground where cybercriminals deployed sophisticated techniques, leaving a trail of financial devastation.
In this blog, we will delve into the intricate landscape of crypto vulnerabilities and exploits that unfolded in 2023 along with the future outlook for this space.
Key Statistics
- Number of Incidents and Funds stolen
A staggering $1.35 billion was reported stolen in ~ 600 incidents from the Web 3 protocol until Q3’23. The months of March, July, and September saw the highest losses, highlighting the vulnerability of smart contracts to hacks and exploits.
- Type of Hacks
Private key compromise and Flash loan attacks emerged as the most prominent types of hacks, resulting in gigantic losses of $204 million and $223 million respectively. Further, Exit scams accounted for $156.6 million and oracle manipulation accounted for $40.3 million.
- Hacks by Chains
Protocols built on Ethereum suffered significant losses, totaling $417 million, followed by BNB at $110.8 million, while Arbitrum experienced a loss of $24.1 million. Other smaller chains and off-chain entities accounted for a substantial $667.4 million in hacks, underscoring the diverse range of vulnerabilities across multiple chains and off-chain systems.
Top 3 Hacks
Mixin Network
Mixin Network fell victim to cybercriminals in the month of September wherein $200 million in crypto assets were stolen. The breach was linked to a compromise of a third-party cloud service provider’s database. They offered a $20 million bug bounty to incentivize return of funds, however there has been no confirmation of the progress.
Euler Finance
In March, Euler Finance, a DeFi protocol running on Ethereum, encountered a flash loan attack resulting in the loss of more than $195 million in digital assets. The attacker exploited a loophole in Euler Finance’s smart contracts, permitting simultaneous borrowing and lending in a flash loan transaction. The platform offered a 10% bounty to the attacker, following which the entire amount was returned back to the network.
Multichain
Multichain, a cross-chain bridge, suffered a substantial setback, losing around $126 million in crypto assets in July. The exploit stemmed from “compromised administrator keys”. Security experts and analysts leaned towards the notion that this exploit was an internal matter or a deliberate rug-pull, especially considering the challenges faced by Multichain. No amount was recovered from this exploit. Nonetheless, operations resumed after a 117-day halt following the hack.
Future Outlook
The events reported in 2023 necessitate a collective reevaluation of security protocols and strategic measures to fortify the resilience of crypto ecosystems against ever-evolving cyber risks. Efforts towards enhancing security infrastructure and regulatory frameworks are imperative to safeguard investor assets and bolster trust within the rapidly evolving crypto sphere.
In 2024, the crypto landscape is likely to witness enhanced security measures, regulatory adaptations, and technological innovations. We can also expect greater emphasis on user education, collaborative efforts, and advanced defense strategies to curb cyber threats.
Expert Opinion
Igor Bershadsky, Director of Partnerships, Hacken
While strides in technology might bolster bridges’ defenses, access control breaches remain a lucrative avenue for attackers. Centralized services remain alluring targets due to their substantial asset pools for Access control hacks. Moreover, rugpull incidents are likely to escalate, with decreasing costs and ease of execution. Education might mitigate some risks, but the lure of exploiting FOMO periods remains strong. Another emerging threat is the rise of profitable Front-End attacks targeting dApps, fueled by the neglect of website penetration testing by many services.
Crypto Outlook 2024
2023 was a roller-coaster ride for the crypto sphere, marked by dynamic shifts, innovative advancements, and transformative trends that reshaped the industry’s landscape. Our Crypto Outlook Report for 2024 reflects on the highs, lows, and pivotal moments that defined the past year, while also peering into the horizon to forecast the exciting potential and emerging patterns set to influence the year ahead, with insights from industry leaders at Stepn, Enjin, Hacken, SuperScrypt, and more.
Click here to read the full report!
