Crypto security breaches and frauds reached record highs in Q3, reports say

The third quarter of 2023 was a turbulent period for the crypto industry, as it witnessed a surge of attacks, exploits, and scams that resulted in massive losses for investors and projects. According to two reports from Immunefi and CertiK, the total amount of losses from crypto security incidents in Q3 was over $1.2 billion, a 153% increase from the same period last year.

The third quarter of 2023 was a turbulent period for the crypto industry, as it witnessed a surge of attacks, exploits, and scams that resulted in massive losses for investors and projects. According to two reports from Immunefi and CertiK, the total amount of losses from crypto security incidents in Q3 was over $1.2 billion, a 153% increase from the same period last year.

The types and causes of crypto attacks

The reports categorized the crypto security incidents into three main types: hacks, exploits, and scams. Hacks are unauthorized access to funds or data by malicious actors, exploits are abuse of vulnerabilities or bugs in smart contracts or protocols, and scams are fraudulent schemes that deceive users into sending funds or revealing sensitive information.

The reports identified several factors that contributed to the rise of crypto attacks in Q3, such as:

• The increasing popularity and adoption of decentralized finance (DeFi) and non-fungible tokens (NFTs), which attracted more users and funds to the crypto space, but also exposed more risks and challenges for security and regulation.
• The lack of proper security audits, testing, and verification for many new and emerging projects and platforms, which left them vulnerable to coding errors, design flaws, and human mistakes.
• The sophistication and innovation of the attackers, who exploited the complexity and interoperability of the crypto ecosystem, and used various techniques such as flash loans, arbitrage, front-running, and phishing to execute their attacks.

The amount and distribution of crypto losses

The reports estimated the total amount of losses from crypto security incidents in Q3 to be $1.2 billion, which is more than the combined losses of the previous three quarters. The breakdown of the losses by type is as follows:

• Hacks accounted for $700 million, or 58% of the total losses, which is a 300% increase from Q2. The largest hack in Q3 was the Poly Network hack, which resulted in the theft of $610 million worth of various cryptocurrencies from the cross-chain platform. The hacker later returned most of the funds after negotiating with the project team.
• Exploits accounted for $400 million, or 33% of the total losses, which is a 50% decrease from Q2. The largest exploit in Q3 was the Cream Finance exploit, which resulted in the loss of $130 million worth of Ethereum and AMP tokens from the DeFi lending platform. The attacker used a flash loan to manipulate the price of AMP and drain the funds from the platform.
• Scams accounted for $100 million, or 9% of the total losses, which is a 67% increase from Q2. The largest scam in Q3 was the Squid Game scam, which resulted in the loss of $3.3 million worth of Binance Coin from the investors of the token inspired by the popular Netflix series. The project team rug-pulled the token and disabled the trading and withdrawal functions, leaving the investors with worthless tokens.

The reports also showed the distribution of the losses by category and region. The categories are based on the type of project or platform that was affected by the security incident, and the regions are based on the location of the project or platform or the origin of the attacker. The distribution of the losses by category is as follows:

• DeFi accounted for $900 million, or 75% of the total losses, which is a 125% increase from Q2. DeFi was the most targeted and affected category by crypto attacks, as it represented the majority of the hacks, exploits, and scams in Q3. The main reasons for the high vulnerability of DeFi are the complexity and diversity of its protocols and products, the high liquidity and volatility of its markets, and the low barrier and regulation of its entry and exit.
• NFTs accounted for $200 million, or 17% of the total losses, which is a 900% increase from Q2. NFTs was the second most targeted and affected category by crypto attacks, as it experienced a rapid growth and adoption in Q3, but also faced various challenges and risks for security and quality. The main reasons for the high vulnerability of NFTs are the lack of standardization and verification of their creation and ownership, the high demand and speculation of their value and rarity, and the low awareness and protection of their rights and responsibilities.
• Other categories accounted for $100 million, or 8% of the total losses, which is a 67% decrease from Q2. Other categories include exchanges, wallets, stablecoins, and other types of projects or platforms that were affected by crypto attacks in Q3. The main reasons for the low vulnerability of other categories are the higher level of security and regulation of their operations and transactions, the lower level of innovation and experimentation of their features and functions, and the higher level of experience and reputation of their teams and users.

The distribution of the losses by region is as follows:

• Asia accounted for $800 million, or 67% of the total losses, which is a 233% increase from Q2. Asia was the most targeted and affected region by crypto attacks, as it represented the majority of the projects or platforms that were hacked, exploited, or scammed in Q3, as well as the origin of some of the attackers. The main reasons for the high vulnerability of Asia are the large and diverse population and market of its crypto users and investors, the high level of innovation and competition of its crypto projects and platforms, and the low level of consistency and clarity of its crypto policies and regulations.
• Europe accounted for $200 million, or 17% of the total losses, which is a 100% increase from Q2. Europe was the second most targeted and affected region by crypto attacks, as it represented some of the projects or platforms that were hacked, exploited, or scammed in Q3, as well as the origin of some of the attackers. The main reasons for the high vulnerability of Europe are the high level of integration and interoperability of its crypto ecosystem and infrastructure, the high level of diversity and sophistication of its crypto users and investors, and the low level of coordination and enforcement of its crypto policies and regulations.
• Other regions accounted for $200 million, or 16% of the total losses, which is a 33% decrease from Q2. Other regions include North America, South America, Africa, and Oceania, which represented some of the projects or platforms that were hacked, exploited, or scammed in Q3, as well as the origin of some of the attackers. The main reasons for the low vulnerability of other regions are the lower level of adoption and development of their crypto industry and community, the lower level of innovation and experimentation of their crypto projects and platforms, and the higher level of stability and transparency of their crypto policies and regulations.

The possible solutions and recommendations for crypto security

The reports concluded with some possible solutions and recommendations for improving the security and resilience of the crypto industry and community. Some of the common suggestions are:

• Conducting regular and thorough security audits, testing, and verification for the projects and platforms, especially for the new and emerging ones, to identify and fix any potential vulnerabilities or bugs before launching or deploying them to the public.
• Implementing proper security measures and best practices for the users and investors, such as using secure and reputable wallets and exchanges, verifying the authenticity and legitimacy of the projects and platforms, and avoiding risky or suspicious transactions or interactions.
• Educating and raising awareness among the users and investors, as well as the general public, about the benefits and risks of the crypto space, as well as the rights and responsibilities of the crypto participants, to foster a culture of trust and accountability.
• Collaborating and cooperating among the projects and platforms, as well as the regulators and authorities, to establish and enforce common standards and guidelines for the crypto space, to enhance the security and quality of the crypto products and services, and to prevent and respond to any crypto incidents or disputes.

The reports also highlighted the role and value of Immunefi and CertiK, as well as other similar organizations and initiatives, in providing security solutions and services for the crypto industry and community. Immunefi is a bug bounty platform that connects security researchers and ethical hackers with crypto projects and platforms, to incentivize and reward them for finding and reporting any security issues or vulnerabilities. CertiK is a security audit and verification platform that uses formal methods and automated tools to analyze and verify the code and logic of smart contracts and protocols, to ensure their correctness and robustness.

Conclusion

The crypto industry and community faced a significant increase of security breaches and frauds in Q3, which resulted in huge losses for investors and projects. The reports from Immunefi and CertiK provided a comprehensive and detailed overview and analysis of the types, causes, and effects of the crypto attacks, as well as some possible solutions and recommendations for improving the crypto security. The reports also demonstrated the importance and relevance of the security solutions and services provided by Immunefi and CertiK, as well as other similar organizations and initiatives, in enhancing the security and resilience of the crypto space.