Cyber-attacks targeting Web3 cost organizations $1.84bn in 2023 across 751 incidents, according to Certik's Hack3d: The Web3 Security Report 2023.
The average cost per incident was $2.45m in 2023.
There was a wide disparity between the losses suffered, with the 10 most costly attacks alone accounting for $1.11bn. The highest costs occurred in Q3, where $686.5m was lost from 183 hacks.
The report, which examined hacks, scams, and exploits in the entire Web3 industry, found there was a 51% decline in losses from incidents in 2023 compared to 2022, when the total was $3.7bn. However, a major factor for the reduction in losses is the fall in the value of decentralized finance, with the time-weighted average value down by approximately 46% in 2023 compared to 2022.
Web3 is an internet service built using decentralized blockchains, designed to put control in the hands of the users.
This ecosystem comes with significant cyber-risks, with threat actors frequently stealing cryptocurrency from DeFi platforms.
The Certik report found that the attack vector that caused the highest losses was private key compromise, which accounted for $880.9m in costs across just 47 incidents.
Six of the 10 most costly Web3 security incidents were due to private key compromises.
Exit scams, when the developers of a cryptocurrency pull their funds and abandon the project to profit from investors, were the most common vector used to target Web3, at 308 incidents.
Code vulnerability and phishing also accounted for a large amount of losses across Web3, at $291m and $207m, respectively.
The report noted that wallet drainers continued to be a persistent threat in Web3 throughout the year.
Security breaches affecting multiple chains accounted for $799m of losses in just 35 incidents, which Certik said highlights the persistent pain-point that is cross-chain interoperability.
BNB Chain experienced the highest number of security incidents, at 387, which led to $134m in losses.
This was followed by Ethereum, with 224 incidents and $686.9m in losses.
The report cited the case of Euler Finance, in which an exploit enabled an attacker to steal $197m in March 2023.
Euler offered a $1m bounty for information leading to the arrest of the attackers and demanded the return of the stolen funds.
The hacker ultimately returned approximately $147.8m and expressed remorse for the attack, leading to Euler withdrawing the $1m bounty.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Fri, 05 Jan 2024 15:15:21 +0000