Ethereum Leads in Crypto Hacks as Industry Sees $413M Loss in Q3 2023

• The cryptocurrency sector recorded $413 million in losses due to hacks and scams during Q3, according to a recent report from Immunefi.
• This represents a 28% drop from the $573 million lost in Q2, and a 40% decrease from Q3 last year, which saw $686 million in losses.
• Immunefi data shows over $1.3 billion has been stolen in crypto-related incidents year-to-date, marking a 4% decline from the same period last year.

The cryptocurrency landscape suffered significant financial setbacks in Q3, with losses from hacks and scams amounting to $413 million — a notable decrease from previous quarters.

Decentralized Finance (DeFi): A Primary Target

Immunefi’s report highlights that DeFi remains a significant target for cybercriminals, with 31 out of the 34 recorded incidents in Q3 specifically targeting decentralized finance protocols. The total value locked in web3 protocols is approximately $90 billion, according to DeFiLlama data, making them lucrative targets.

Centralized Finance Faces Severe Financial Hits

Despite fewer incidents, centralized finance (CeFi) suffered more substantial financial losses, accounting for 74.8% ($309 million) of the total. This disproportionate financial impact stems from significant vulnerabilities in private key management, which is crucial for maintaining self-custody of crypto assets. Mitchell Amador, CEO of Immunefi, underscores the need for stringent key management policies and emergency procedures to mitigate these risks.

Major Exploits and Monthly Trends

The majority of the losses were attributed to two significant exploits, amounting to $287 million combined—about 69.5% of the total. The largest breach was the $235 million exploit of the Indian crypto exchange WazirX on July 18, followed by a $52 million theft from Singapore-based exchange BingX on September 20. July tops the list with the highest monthly losses at $282 million, while August witnessed a sharp decline to $15 million, and September saw an uptick with $116 million in losses.

Recovery and Incident Breakdown

Efforts to recover stolen funds yielded $14.9 million, equivalent to 3.6% of the total, from incidents involving the Ronin Network and ShezmuTech. The prevalence of hacks continues to dominate, constituting 99.3% ($409.9 million) of the total, compared to minimal losses from fraud, scams, and rug pulls, which amounted to only 0.7% ($3.1 million).

Network-Specific Attack Trends

Ethereum and BNB Chain emerged as the most targeted networks, similar to trends observed in Q2. Ethereum experienced 15 incidents, accounting for 44.1% of the losses, while BNB Chain witnessed eight incidents, representing 23.5% of the total breaches. Other networks like Base, Blast, Solana, and Arbitrum were also affected, albeit to a lesser extent.

Conclusion

The third quarter’s data underscores the ongoing vulnerabilities and challenges within both decentralized and centralized finance sectors. While the overall financial damage has decreased compared to previous quarters, the need for enhanced security measures and rigorous management policies remains critical. As the industry evolves, continuous efforts to fortify infrastructure will be essential in mitigating future losses.