Salus, a leading cybersecurity vendor in the Web3 segment, analyzed trends that dominated the cryptocurrency attacks scene in 2023. It looks like the losses became more “concentrated,” with 10 largest attacks responsible for over 70% in assets lost.
$1.7 billion lost, 453 incidents, September as worst month: Salus’ year in review
In 2023, cyberattacks on the cryptocurrency and blockchain industry led to losses exceeding $1.7 billion in equivalent. The net number of major incidents reported totals 453. Such statistics were shared by ML-powered cybersecurity vendor Salus in its latest 2023 Web3 Security Landscape Report.
First of all, it should be noted that the year was way more forgiving for the industry compared to 2022 with its devastating attacks on Ronin Network ($560 million lost), the Wormhole bridge and so on.
The worst hack affected a niche blockchain protocol Mixin Network and resulted in $200 million lost in September.
As covered by U.Today previously, the Mixin Network team explained its collapse by “issues with a cloud database provider.”
In Salus’ ranking, the Mixin hack is followed by Euler Finance ($197 million in March) and Multichain ($126.36 million in July) exploits.
A closer inspection of monthly losses reveals an intriguing trend. While September, November and July stood out with substantial losses, October and December marked a notable downturn, hinting at an emergent focus on security awareness and implementing robust safeguards.
Access control issues and exit scams responsible for over 50% of losses
Speaking about the most dangerous attack vectors, the analysts indicated access control exploits, exit scams, flash loan attacks, reentrancy issues and oracle issues as the “hottest trends” in 2023.
Access control issues represented 39.18% of attacks, with 29 incidents leading to a substantial loss of $666 million. Notable examples include vulnerabilities exploited in Multichain, Poloniex and Atomic Wallet.
Exit scams accounted for 12.24% of attacks, with 276 incidents resulting in a loss of $208 million.
Also, phishing attacks by DPRK-linked hacker group Lazarus drained cryptocurrency wallets of almost $70 million due to more sophisticated phishing techniques used.
Salus experts highlighted the lethal importance of rigorous auditing and heightened awareness of Web3 penetration testing for all Web3 protocols across various types of blockchains.