2023 was a year of significant challenges and developments in the world of crypto security. From sophisticated attack techniques to substantial financial losses, the landscape of digital asset security has faced critical tests – and our report delves into the patterns and trends that shaped the turbulent year. Importantly, the 2023 Hacken Security Report gathers key expert insights, equipping Web3 businesses with evidence-based practices and strategic measures for navigating the evolving landscape of cyber threats.
Some Key Takeaways
Total losses in 2023 reached a staggering $1.9B
Access control issues accounted for 50% of these losses
$275M drained from protocols in flash loan attacks
20% of the stolen funds were recovered
Detailed Takeaways from the Report:
Total Value Lost
$1.9 billion was the total yearly losses reached. Compared with the $52.3B loss of 2022, seems like a good dynamic. But a closer look paints a dimmer picture, with the number of attacks growing in numbers and complexity.
The most affected sector was Lending and Borrowing, primarily smart contract-based money markets, followed by bridges and exchanges.
More (Sophisticated) Attacks
2023 recorded a 14% increase in the number of attacks over 2023.
Access control issues were at the heart of 50% of all losses.
Hotspots For Hackers
Singapore and the USA emerged as significant hotspots for cyber exploits, possibly due to the highest fintech activity there – a detailed analysis is included in the full report.
The number of rug pulls was higher than all other registered exploits combined. It is expected to observe a surge of rug pulls on networks like Solana. An indicator of this trend is the creation of approximately 100,000 new tokens on Solana in just December. Investment in public security measures was a strong predictor of an exit scam risk, as notably, only 6% of all rug-pulled projects had any form of audit.
Protocols recovered 20% of stolen assets, or $400M, first in the industry.
Only 10% of exploited contracts underwent any form of audit, and merely half of these were relevant, matching the deployed blockchain code.
Only 15% of hacked companies had any bug bounty program. Among these, just 7% had an ongoing bug bounty program covering the exploited smart contracts when the hack occurred.
What to Expect in 2024 and Beyond?
Access control breaches and flash loan attacks will remain key concerns.
Rug pulls to continue as standard risk, with a surge on fast-rising networks like Solana.
Growth in token factories leading to rampant pump-and-dump schemes.
A potential rise in vulnerabilities due to neglecting audits on new networks as risk-seeking liquidity and experimentation attention shifts from Ethereum to Layer 2 solutions.
To improve security in 2024, businesses should invest in:
On Jan. 30, there was a significant security alert at Ripple. About 213 million XRP tokens, worth roughly $112.5 million, were illicitly siphoned off from wallets believed to be associated with Chris Larsen, Ripple’s Co-founder & Executive Chairman. Ripple Incident Update Our investigation into this event reveals a tangled web of transactions linking back to
In a startling turn of events, the Web3 community was shaken by a significant security breach. Users of popular dApps like SushiSwap, Zapper.fi, and RevokeCash reported suspicious activities, signaling a potential compromise in a widely-used Web3 connector. This breach serves as a stark reminder of the ever-present vulnerabilities in the DeFi space. Inside the Attack