Web3 encountered a turbulent year in 2023, marked by a staggering $1.84bn drain due to cyber-attacks across 751 incidents, as exposed by Certik’s Hack3d: The Web3 Security Report. Each attack cost an average of $2.45m, with the top 10 alone contributing to a colossal $1.11bn in losses.
Notably, Q3 bore the brunt with $686.5m lost in 183 hacks. Despite a 51% decline in losses from the previous year, the drop is attributed, in part, to the devaluation of decentralized finance (DeFi). Web3, designed to empower users through decentralized blockchains, faced a prominent risk in private key compromises, constituting $880.9m in losses across 47 incidents. Six of the most expensive attacks were a result of compromised private keys, emphasizing the critical need for secure key management practices.
Exit scams, code vulnerabilities, and phishing were prevalent attack vectors, collectively causing substantial losses. The persistent threat of wallet drainers and security breaches across multiple chains underscored challenges in cross-chain interoperability, with BNB Chain and Ethereum leading in incidents and losses.
A noteworthy trend in 2023 was the emergence of “retroactive bug bounties,” where $219m was returned across 36 events. Instances like Euler Finance’s exploit, resulting in a $197m theft, demonstrated a new approach, as the attacker returned a significant sum after the victim offered a bounty and demanded the stolen funds’ return.
Reference:
