Major bug bounty and security services platform Immunefi published a report detailing the loss of funds due to hacks and fraud in the Web3 ecosystem this year – and what might await in the next.
The team looked into the volume of crypto funds the community lost in 2023, finding it to be lower, but still substantial. And it may rise.
In its ‘Crypto Losses in 2023’ report, Immunefi warned that,
“With the persistent rise in cryptocurrency prices, next year may see the most substantial losses in Web3 ever.”
The ongoing challenges related to projects’ infrastructure will remain a major source of vulnerabilities next year as well. The “general approach within the industry is not changing fast enough.”
According to Mitchell Amador, Founder and CEO at Immunefi, despite a reduction in overall losses in 2023 compared to 2022, Web3 still saw “a substantial surge in hacking attempts and fraud incidents” this year.
The frequency of such cases, he said, nearly doubled.
Amador argued that,
“Unfortunately, more projects are becoming susceptible to attacks. While decentralized finance remained the primary target of successful exploits, this year marked a significant shift as CeFi began to draw more attention from hacker groups, including the notorious Lazarus.”
And speaking of the Lazarus Group…
Lazarus is Responsible for a Fifth of the Total Losses
The North Korea-affiliated hacker group Lazarus was responsible for $308.6 million stolen in 2023, Immunefi found. This is a whopping 17% of the total year losses, nearly a fifth.
The group was allegedly behind the high-profile attacks on Atomic Wallet, CoinEx, Alphapo, Stake, CoinsPaid, and the massive Ronin Network attack, resulting in a $625 million loss.
The Immunefi team recently published a report focusing specifically on the Lazarus Group.
It found that, between 2021 and 2023, the group stole $1,903,600,000 across the Web3 ecosystem.
Decentralized finance (DeFi) represented 83.8% of the total attacks carried out by Lazarus. In these two years, $1.595 billion was stolen in DeFi across five incidents. The majority of the sum comes from the Ronin Network and Poly Network attacks.
Centralized finance (CeFi) represented 16.2% of the total attacks between 2021 and 2023. Lazarus stole $308.6 million across five incidents.
That said, Amador noted that, in 2023, Lazarus exclusively targeted CeFi projects. He added,
“As we approach 2024, their escalating sophistication is concerning. Their proficiency in exploiting infrastructure vulnerabilities, smart contract weaknesses, as well as their meticulous social engineering operations, underscores their emergence as perhaps the most pressing threat to web3 today.”
$1.8 Billion Lost in 2023
According to the latest ‘Crypto Losses in 2023’ report, the global Web3 space was valued at over $934 billion in 2022.
“That capital represents an unparalleled and attractive opportunity for blackhat hackers.”
Immunefi looked at all instances where blackhat hackers exploited crypto protocols in 2023, as well as protocols allegedly performing a rug pull. They found 319 cases.
In total, Web3 saw a loss of $1,803,050,600 this year. Specifically,
- $1,699,632,321 was lost to hacks across 247 incidents,
- $103,418,279 was lost to fraud across 110 incidents.
Transactional network Mixin Network and DeFi protocol Euler Finance lost most of the total sum, totaling $397 million (22%).
That said, the $1.8 billion total loss still represents a 54.2% decrease compared to last year’s $3.948 billion.
In 2023, Q3 was the most ‘busy’ period, with $685.5 million in losses across 75 incidents, representing 38% of the total loss.
In the meantime, $241.7 million – or 13.4% of the 2023 losses – has been recovered from stolen funds in 19 situations.
BNB Chain and Ethereum Are Most Targeted
The two most targeted chains this year were, perhaps unsurprisingly, were BNB Chain and Ethereum.
BNB Chain suffered the most individual attacks, with 133 incidents, representing 41.6% of the total loss across targeted chains.
Ethereum saw 95 incidents, representing 29.8%.
Per the report,
“Ethereum and BNB Chain represent more than half of the chain losses in 2023.”
Polygon came in third with ten incidents (3.1%), while Avalanche followed with six.
DeFi vs CeFi
The report said DeFi suffered far more losses than CeFI, representing 77.3% of the total loss in 2023. Meanwhile, CeFi represented 22.7%.
That said, DeFi lost $1.394 billion across 306 incidents – a 56.1% decrease compared to 2022.
CeFi, meanwhile, lost $408,9 million this year across 13 incidents. This is a 46.8% decrease compared to 2022.
The focus, as said, seems to be shifting to CeFi. Per Immunefi’s prediction for 2024,
“While the DeFi sector may experience an increase in individual attacks, organized groups are expected to focus on CeFi projects due to their potential of outsized returns.”
Meanwhile, hacks remained the main reason for the loss of funds in 2023, compared to frauds, scams, and rug pulls.
Hacks accounted for 94.3% of the losses this year, while fraud accounted for 5.7%.
Nearly $1.7 billion was lost to hacks in 2023 – a 54.9% decrease compared to 2022.
Meanwhile, $103.4 million was lost to fraud – a 40.9% increase compared to 2022.
____
Read more: Are Hackers Two Steps Ahead of Security in a Cat-and-Mouse Game? Experts Answer
This news is republished from another source. You can check the original article here