Skip to content

Web3 loses $1.7 billion from hacker attacks in 2023, says Salus report

Web3 loses $1.7 billion from hacker attacks in 2023, says Salus report

2023 marked a pivotal moment in the security dynamics of Web3, highlighting advancements in resilience alongside enduring challenges. 

Despite this, the Web3 sector continued to experience cyberattacks, resulting in losses surpassing $1.7 billion in 2023, encompassing around 453 reported incidents, according to a report from Salus shared with Finbold on January 2. 

These incidents, despite being less than the figures recorded in 2022, revealed diverse threats, emphasizing the imperative for ongoing vigilance within the Web3 community.

Decline in losses, but bigger individual ones

Although 2023 saw significantly reduced overall losses, prominent exploits garnered attention. September witnessed the highest loss, with $360 million, followed by a $350 million loss in November and $303 million in July, highlighting ongoing threats against bridges and DeFi protocols.

A detailed analysis of monthly losses unveils an interesting pattern. While September, November, and July experienced the most substantial losses, October and December witnessed a noteworthy decline, suggesting a growing emphasis on security awareness and implementing robust safeguards.

Monthly losses in 2023.  Source: Salus
Monthly losses in 2023. Source: Salus

Biggest hacks in 2023 in the Web3 industry

In 2023, the top 10 cyber incidents, accounting for nearly 70% of the year’s total losses of approximately $1.2 billion, exposed a common vulnerability: access control issues, particularly private key thefts. These incidents were prevalent in the latter half of the year, with the Lazarus Group playing a significant role in multiple breaches.

Mixin Network faced a substantial breach, resulting in a $200 million loss, highlighting concerns about cloud service providers’ security. Euler Finance suffered a $197 million loss due to a vulnerability in the donateToReserves function, emphasizing the importance of rigorous smart contract auditing in DeFi protocols.

Biggest hacks in 2023 by timeline. Source: Salus
Biggest hacks in 2023 by timeline. Source: Salus

Multichain witnessed an abnormal movement of lockup assets, raising questions about its security practices. Poloniex fell victim to a hack by the Lazarus Group, resulting in a $126 million loss and prompting enhanced security measures. BonqDAO, Atomic Wallet, and HECO Bridge also experienced significant losses due to attacks exploiting various vulnerabilities.

Curve faced a $69.3 million loss due to a 0-day compiler bug, highlighting risks associated with language-specific vulnerabilities. AlphaPo lost $60 million to a sophisticated phishing attack, while CoinEx suffered a $54.3 million loss due to a compromised hot wallet private key.

Types of attacks that brought the biggest losses

Furthermore, the report highlighted various threats, such as ‘exit scams,’ constituting 12.24% of attacks, resulting in a $208 million loss across 276 incidents. Notable cases involve projects promising high returns that abruptly disappeared with investors‘ funds. 

Access control issues constituted 39.18% of attacks, resulting in a $666 million loss across 29 incidents. Noteworthy vulnerabilities were exploited in Multichain, Poloniex, and Atomic Wallet

Phishing accounted for 3.98% of attacks, resulting in a $67.6 million loss across 13 incidents. The Lazarus Group’s attack on AlphaPo exemplified evolving phishing techniques. 

Attack types variety. Source: Salus
Attack types variety. Source: Salus

Flash loan attacks constituted 16.12% of incidents, resulting in a $274 million loss across 37 cases. Precision flash loan attacks targeted Euler Finance, KyberSwap, and Yearn Finance. 

Reentrancy vulnerabilities, contributing to 4.35% of attacks, led to a $74 million loss in 15 incidents, notably highlighted by the Vyper bug and the Exactly Protocol exploit. 

Oracle issues constituted 7.88% of attacks, causing a $134 million loss in 7 incidents, exemplified by the BonqDAO attack manipulating token prices. Other vulnerabilities accounted for 16.47% of attacks, resulting in a $280 million loss across 76 incidents. 

2024, a year of increased cybersecurity

As 2023 concluded, reduced overall losses highlight the need for improved security measures, especially with concentrated losses in the top 10 hacks. Safeguarding the Web3 ecosystem demands a comprehensive approach due to diverse vulnerabilities. 

Given emerging infiltration methods like Lazarus Group attacks, rigorous auditing and heightened awareness of Web3 penetration testing are crucial. Users and stakeholders are urged to prioritize platforms and services that fulfill functional needs while adhering to the highest security standards for a secure Web3 future.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.