Last Updated on 2 months by cryptoevent
Crypto users faced losses amounting to nearly $2 billion in 2023 due to scams, rug pulls, and hacks, marking a significant decrease from the previous year’s staggering $4.2 billion. Despite this reduction, the industry’s vulnerability to security risks remains a concern, as highlighted in the annual report from security app De.Fi released on Wednesday.
The decline in losses is primarily attributed to the implementation of enhanced security protocols, heightened community awareness, and an overall decrease in market activity. Notably, this improvement becomes even more apparent when factoring in the $40 billion lost in the collapses of Terraform Labs, Celsius, and the FTX exchange.
This decrease aligns with a bear market period where major alternative tokens experienced significant declines, only to recover in recent months as market conditions turned more favorable. Additionally, De.Fi reported a notable increase in the recovery rate of funds, rising from a mere 2% in 2022 to around 10%.
Examining losses across various blockchains, Ethereum, the largest in terms of active users and locked value, suffered the most substantial losses, totaling around $1.35 billion across approximately 170 incidents. Ethereum’s expansive ecosystem and high-profile projects make it an attractive target for malicious actors. Noteworthy incidents included the $230 million attack on the Multichain platform in July.
BNB Chain also emerged as a target, witnessing losses of $110.12 million in 213 incidents. Other networks, such as zkSync Era and Solana, experienced losses of $5.2 million and $1 million, respectively.
Centralized platforms, including exchanges and trading platforms, accounted for losses totaling $256 million across seven cases. The largest incident occurred in November when Poloniex suffered an attack resulting in a net loss of $122 million.
Analyzing popular methods of attacks, access control exploits proved the most damaging, resulting in losses of over $852 million across 29 instances. These exploits take advantage of weaknesses in how permissions and access rights are managed within smart contracts or platforms, granting unauthorized access to funds or critical functionalities.
Flash-loan attacks ranked as the second-most cash-generative method, leading to losses of $275 million over 36 cases. These attacks exploit the uncollateralized loan feature in decentralized finance (DeFi), enabling attackers to manipulate market prices by borrowing significant amounts of cryptocurrency without upfront capital.
Exit scams represented another significant threat, resulting in losses of $136 million across 263 cases. In these exploits, rogue developers drain liquidity from tokens they issued or disappear from online platforms after raising funds from unsuspecting market participants.