News

$890M Lost to Web3 Hacks and Scams in Q3 2023: Report

Jim Haastrup

Key Insights

  • Web3 losses to security breaches, phishing scams, and rug pull reached $890 million in Q3 2023.
  • This is more than twice the losses of the first and second quarters combined.
  • Private key compromises are the most favoured kind of scam among hackers and scammers.
  • DeFi and Ethereum are the most attacked blockchain sector and blockchain, respectively, with DeFi protocols seeing thefts of 227 million dollars in Q3 2023.
  • Only $54.4 million in assets were recovered this quarter, amounting to about 10% of the total amount stolen.

The crypto market is no stranger to rug-pulls, outright theft and a dozen other ways of draining the wallets of unsuspecting victims.

However, do you know how severe thefts have been in 2023?

Just a few weeks ago, a hacker found a way to gain control of Ethereum founder, Vitalik Buterin's Twitter account and somehow used a phishing link to drain the wallets of several victims of almost $1 million in crypto and NFTs.

Things are deeper than this though.

According to a recent report from Beosin.com, Q3 of 2023 saw scams and theft of crypto and NFTs, worth almost a Billion dollars.

2023 Has Been Tough for Web3

Beosin is a web3 security and auditing company that focuses on protecting crypto assets through multi-dimensional project security assessment, continuous smart contract security scanning, real-time risk transaction identification, and crypto address monitoring.

And in a recent publication, they have made some shocking revelations.

According to this report, Beosin stated that Web3 and the crypto industry have lost almost $890 million in the third quarter of 2023 due to different security breaches, phishing scams, and rug pulls.

It is even crazier how this figure is more than twice that of the first and second quarters of the year combined.

Q3 of 2023 is twice that of Q1 and Q2 combined

For context, the losses were about $330 million in Q1 of 2023 (January to March) and about $333 million in Q2 of 2023 (April to June).

From July to September, however, we are now facing as much as $889.26 million in total thefts.

Why? Why are hackers more proactive as the year comes to a close?

What the Hack Is Going On in Web3?

Again, it gets deeper than this.

When the losses were broken down, it was found that private key compromises were the most favoured kinds of scams among hackers and scammers.

In Q3 alone, we saw 9 private key incidents, resulting in losses reaching a whopping $223 million.

Losses by Vulnerability Types

This makes compromised private keys the most common way hackers have been able to steal funds, and some of these hacks have been identified:

CoinEx ($70 million stolen), Alphapo ($60 million stolen), Stake.com ($41.3 million), CoinsPaid ($37.3 million), Polynetwork ($10.1 million).

Ranking second, was cloud database attacks, with $200 million lost in the Mixin Network incident only last week.

Ranking third is contract vulnerability exploits, where 22 smart contracts were hacked, leading to the theft of $93.27 million.

Losses by hack types

In all, we have all kinds of hacks claiming $540 million from victims, phishing scams claiming $66.15 million, and 81 incidents of rug pulls claiming $280 million.

Defi and Ethereum Take the Hardest Hits

The most attacked blockchain sector, according to Beosin, is Decentralized Finance (or DeFi), while the most targeted blockchain was Ethereum (despite being the most secure smart-contract-enabled platform).

There is a catch though.

DeFi was actually ranked second, because of last week's Mixin attack that claimed about $200 million from victims.

Blockchain, DeFi the most attacked

As regards the blockchain types, Ethereum has been under severe attack from hackers, with DeFi protocols seeing thefts of an insane 227 million dollars.

Ethereum was the most attacked public blockchain

Mixin came in second with a $200 million loss, while others like BNB, Tron and Bitcoin itself came next.

How Much of the Stolen Funds Are Recovered?

According to Beosin, around $360 million of stolen funds remain in hacker addresses and have not been recovered.

$99.27 million (18.4%) of these funds was sent to mixers, $9.17 million was sent to Tornado Cash, and $90.1 million was sent to other mixers like FixedFloat, Sinbad etc.

Overall, only $ 54.4 million in assets were recovered this quarter, amounting to about 10% of the total amount stolen.

Where did all that money go

The asset recovery rate also fell sharply this quarter, in comparison to the first half of the year.

Beosin says that the Lazarus group from North Korea, which stole $208 million in total during this quarter, is majorly to blame for most of these attacks because it is skilled at using a variety of sophisticated money laundering tactics to hide the stolen money with little to no consequences.

In all, blockchain technology is transforming many industries, but the constant threat of cyberattacks and scams is a major concern.

However, the blockchain space is still relatively new and evolving, and as such, it is a target for cyberattacks and scams. Because of this, being security conscious might be the way to go.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.