In a recent report released by security app De.Fi,
researchers revealed that cryptocurrency users lost nearly $2 billion to scams,
rug pulls, and hacks in 2023. Although this represents a significant reduction
from the previous year, it underscores the ongoing vulnerability of the
industry to security risks.
The decrease in losses is largely attributed to the
implementation of enhanced security protocols, increased awareness within the
community, and an overall decline in market activity. Notably, this reduction
becomes even more substantial when factoring in the $40 billion lost to the
collapses of stablecoin issuer Terraform Labs, crypto lender Celsius, and the
FTX exchange.
This positive trend coincides with a bear market, where
major alternative tokens experienced significant slumps before recovering in
recent months amid more bullish conditions. Additionally, the recovery rate of
funds saw a significant improvement, rising to around 10%, up from a mere 2% in
2022, according to De.Fi.
“This amount, though dispersed across various incidents,
underscores the persistent vulnerabilities and challenges within the DeFi
ecosystem,” De.Fi wrote in its report, which the firm shared with TechCrunch.
“2023 stood as a testament to both the ongoing vulnerabilities and the strides
made in addressing them, even as interest in the space was relatively muted by
the ongoing bear market in the first half of the year.”
Ethereum, the largest blockchain by active users and value
locked, bore the highest losses, with approximately $1.35 billion erased in an
estimated 170 incidents. This highlights Ethereum’s attractiveness to malicious
actors due to its extensive ecosystem and high-profile projects, with the most
substantial exploit being the $230 million attack on the cross-chain platform
Multichain in July.
BNB Chain also emerged as a target, witnessing a loss of
$110.12 million across 213 incidents. The zkSync Era network lost $5.2 million
in two incidents, while Solana experienced a $1 million loss in a single
attack.
🚨 ~$2B WAS STOLEN in 2023 🚨
Since 2020, the hackers tend to grab significantly less in various incidents
The biggest hack – Multichain, with $231M stolen due to unauthorized access to the system, according to @DeFi – security leader by @TechCrunch https://t.co/0IMARz9Sjn
— De.Fi Antivirus Web3 🛡️ (@DeDotFiSecurity) December 26, 2023
Losses on centralized platforms, including exchanges and
trading platforms, totaled around $256 million across seven cases. The largest
of these incidents occurred in November when an attack on Poloniex resulted in
a net loss of $122 million.
Access control exploits proved to be the most damaging, with
attackers exploiting weaknesses in how permissions and access rights are
managed within smart contracts or platforms. Such exploits, totaling more than
$852 million in losses from 29 instances, often grant unauthorized access to
funds or critical functionalities.
While the cryptocurrency
industry has made strides in bolstering security measures, the report
highlights the persistent challenges and underscores the importance of ongoing
vigilance and innovation to safeguard users and their assets.
Vulnerabilities Exposed: Implications for Traditional Cold
Wallet Security
Earlier, Finance
Magnates reported that in
a cyberattack on Ledger, $484,000 in digital currencies was stolen,
exposing vulnerabilities in the traditionally secure storage method. The
breach, attributed to a former employee falling victim to a phishing attack,
has broader implications for the safety of cold wallets.
Ledger confirmed that hackers inserted malicious code into
the GitHub library for Connect Kit, a widely used javascript library enabling
decentralized finance (DeFi) protocols to connect with hardware wallets. This
has put several DeFi platforms, including Sushi, Lido, Metamask, and Coinbase,
at security risk.
While Ledger swiftly removed the malicious code, users
remain at risk. All protocols using Connect Kit must manually update their
versions to address the security threat. Ledger’s CEO emphasized the need for
continuous security improvement, acknowledging the incident as a reminder of
the dynamic nature of security.
The attack questions the previously perceived safety of cold
wallets, typically considered secure due to their offline nature. Ledger is
actively cooperating with authorities, vowing to support affected users and aid
in the investigation to apprehend the hacker and recover stolen assets.
In a recent report released by security app De.Fi,
researchers revealed that cryptocurrency users lost nearly $2 billion to scams,
rug pulls, and hacks in 2023. Although this represents a significant reduction
from the previous year, it underscores the ongoing vulnerability of the
industry to security risks.
The decrease in losses is largely attributed to the
implementation of enhanced security protocols, increased awareness within the
community, and an overall decline in market activity. Notably, this reduction
becomes even more substantial when factoring in the $40 billion lost to the
collapses of stablecoin issuer Terraform Labs, crypto lender Celsius, and the
FTX exchange.
This positive trend coincides with a bear market, where
major alternative tokens experienced significant slumps before recovering in
recent months amid more bullish conditions. Additionally, the recovery rate of
funds saw a significant improvement, rising to around 10%, up from a mere 2% in
2022, according to De.Fi.
“This amount, though dispersed across various incidents,
underscores the persistent vulnerabilities and challenges within the DeFi
ecosystem,” De.Fi wrote in its report, which the firm shared with TechCrunch.
“2023 stood as a testament to both the ongoing vulnerabilities and the strides
made in addressing them, even as interest in the space was relatively muted by
the ongoing bear market in the first half of the year.”
Ethereum, the largest blockchain by active users and value
locked, bore the highest losses, with approximately $1.35 billion erased in an
estimated 170 incidents. This highlights Ethereum’s attractiveness to malicious
actors due to its extensive ecosystem and high-profile projects, with the most
substantial exploit being the $230 million attack on the cross-chain platform
Multichain in July.
BNB Chain also emerged as a target, witnessing a loss of
$110.12 million across 213 incidents. The zkSync Era network lost $5.2 million
in two incidents, while Solana experienced a $1 million loss in a single
attack.
🚨 ~$2B WAS STOLEN in 2023 🚨
Since 2020, the hackers tend to grab significantly less in various incidents
The biggest hack – Multichain, with $231M stolen due to unauthorized access to the system, according to @DeFi – security leader by @TechCrunch https://t.co/0IMARz9Sjn
— De.Fi Antivirus Web3 🛡️ (@DeDotFiSecurity) December 26, 2023
Losses on centralized platforms, including exchanges and
trading platforms, totaled around $256 million across seven cases. The largest
of these incidents occurred in November when an attack on Poloniex resulted in
a net loss of $122 million.
Access control exploits proved to be the most damaging, with
attackers exploiting weaknesses in how permissions and access rights are
managed within smart contracts or platforms. Such exploits, totaling more than
$852 million in losses from 29 instances, often grant unauthorized access to
funds or critical functionalities.
While the cryptocurrency
industry has made strides in bolstering security measures, the report
highlights the persistent challenges and underscores the importance of ongoing
vigilance and innovation to safeguard users and their assets.
Vulnerabilities Exposed: Implications for Traditional Cold
Wallet Security
Earlier, Finance
Magnates reported that in
a cyberattack on Ledger, $484,000 in digital currencies was stolen,
exposing vulnerabilities in the traditionally secure storage method. The
breach, attributed to a former employee falling victim to a phishing attack,
has broader implications for the safety of cold wallets.
Ledger confirmed that hackers inserted malicious code into
the GitHub library for Connect Kit, a widely used javascript library enabling
decentralized finance (DeFi) protocols to connect with hardware wallets. This
has put several DeFi platforms, including Sushi, Lido, Metamask, and Coinbase,
at security risk.
While Ledger swiftly removed the malicious code, users
remain at risk. All protocols using Connect Kit must manually update their
versions to address the security threat. Ledger’s CEO emphasized the need for
continuous security improvement, acknowledging the incident as a reminder of
the dynamic nature of security.
The attack questions the previously perceived safety of cold
wallets, typically considered secure due to their offline nature. Ledger is
actively cooperating with authorities, vowing to support affected users and aid
in the investigation to apprehend the hacker and recover stolen assets.
