Table of Contents
Amounts lost to hacks and scams totaled 685 million USD in Q3 2023. This brings the damage to 1.4 billion USD so far this year.
The quarterly report from Immunefi, the bug bounty platform for Web3, shows that few areas of cryptocurrency are spared from attacks. While personal wallet security is an issue, most attacks occur at the platform level.
The majority of the amount in Q3 was allocated to two specific projects: Mixin Networka digital asset transaction network, and Multichaina cross-chain router protocol.
The two incidents caused losses of 200 million USD and 126 million USD, respectively, representing 47.5% of all losses incurred in the third quarter.
Compared to Q2’s 428.7 million USD, Q3 losses increased 59.9%.
The number of claims reported also increased to 76 from 30 in Q3 last year, representing 153% year-on-year growth.
Between decentralized finance (DeFi) and centralized finance (CeFi), DeFi was still the main target of the most successful attacks at 72.9%, compared to 27.1% of total losses for CeFi.
Immunefi also noted that state-sponsored perpetrators are believed to have played a key role in several cases this quarter. Their particular focus on CeFi led to a sharp increase in losses in this sector.
The one sponsored by the North Korean state Lazarus Group is said to have carried out many major attacks on various platforms during the quarter, including CoinExwhere they stole 70 million USD, and Alphapowhere 60 million USD was stolen.
The group should too Stake for 41.3 million USD and CoinsPaid for 37.3 million USD. In total, the group is charged $208.6 million, or 30% of Q3 losses.
On the subject: North Korea steals 2 billion USD in cryptocurrencies: What do the legal experts say?
The Impact of Crypto Hacks on Web3 Adoption
Despite the growing number of crypto hacks and scams, Web3 and crypto are inherently very convenient technologies that allow users to take control of their assets and access borderless and secure transactions.
This vision is positive and has attracted many users and investors. However, the pace at which the public adopts Web3 is limited and is severely impacted by the reports and well-founded fears of crypto hacks.
These vulnerabilities include, among other things, errors in the code of smart contracts, compromised decentralized storage systems and targeted attacks on individual users and people with privileged access through phishing and social engineering.
In most cases, the security of a user’s investments is viewed primarily from the perspective of the owner, who should know how to protect his funds.
However, most attacks occur on the platform that manages user funds, and less often at the individual level.
Therefore, security on platforms must be prioritized and addressed from the outset before an owner makes additional efforts to protect their assets.
What can crypto projects do better?
Platforms can take several steps to increase the security of their users’ assets. This, in turn, will promote customer and investor trust and adoption of cryptocurrencies and Web3.
The basis of checks is usually the smart contract or any code on which the platform’s infrastructure is built. This code is prone to bugs and loopholes that can be exploited to access users’ funds.
Crypto projects and platforms should ensure that their code is free of bugs and vulnerabilities from the start.
This can be ensured through audits in which every single line of code, its function and workarounds are examined, thereby uncovering possible security gaps.
After a thorough review, it is important that the transparent results are published so that users, community and investors can evaluate them.
This information should also include any vulnerabilities found and the measures taken to resolve them. This strengthens users’ trust in the industry.
However, as the numerous audits of DeFi platforms that were subsequently compromised have shown, a single security audit is not sufficient.
Therefore, new checks should be carried out every time the code is changed.
This can ensure that no new problems arise. A more security-focused approach is crucial when creating and implementing smart contracts, as even a minor change to the code can have unforeseen consequences.
Bug bounty programs
Bug bounty programs and responsible disclosure are essential to Web3 security.
Ethical hackers are encouraged to find vulnerabilities so that developers can proactively fix them.
However, in the past, crypto platforms have declined the opportunity to pay bug bounties and later suffered losses from exploiting vulnerabilities identified by white hats.
Collaborating with ethical hackers through bug bounty programs is a strategic move that helps uncover vulnerabilities and demonstrates the project’s commitment to protecting its users’ assets at all costs.
Despite frequent and regular audits, all project participants must develop ongoing security and operational awareness in order to detect suspicious activities in a timely manner.
Such events could include a sudden increase in the use of a particular account, the system’s interaction with blacklisted addresses, or suggestions for management using flash loans.
By monitoring the privileged accounts and the relationship between the platform systems and the blockchain, early signs of an attack can be detected, such as: B. unusually large transactions or many transfers to a specific address.
In addition, in the event of an attack, the project can mitigate potential losses by rescuing the remaining assets.
Strengthening the crypto community and investors’ trust in crypto platforms and their ability to safely store customer funds also includes the assurance that those with privileged access to their funds know how to protect them.
Therefore, employees need to be trained on how to identify potential fraud methods such as phishing and social engineering.
This can ensure that they do not fall into such traps. Crypto platforms should also ensure that their employees are up to date on the latest hacking techniques. They also need to increase their vigilance.
If we want to achieve widespread adoption of Web3 and the use of cryptocurrencies in retail or as a store of value, the security of funds must be guaranteed.
Cryptocurrency advocates regularly point out the advantages of cryptocurrencies over conventional financial institutions, and it’s a compelling argument with a lot of truth to it.
But until wallets, exchanges and DeFi platforms offer the same level of security and trust as you would expect from a bank account, we cannot assume that everyone will rush to these new means of payment.
Only when quarterly hacker reports contain fewer incidents will there be a chance that the new technology will be adopted. Until then, hacks will continue to make headlines.