Crypto Hacks And Security Breaches Down 51% In 2023

Updater face
Last updated Jan 16, 2024 | 10:38 AM UTC

Blockchain security firm CertiK has this week revealed that in 2023, overall financial losses due to hacks, exploits, exit scams, and vulnerabilities, were down by 51%.

In a report for last year titled 'Hack3d: The Web3 Security Report' published yesterday, the firm's researchers reveal that:

  • A total of $1.8billion was lost due to 751 security incidents in 2023.
  • Network breaches affecting multiple chains came to $799m.
  • Private key breaches totaled $880m.
  • Binance Chain suffered the most number of hacks/scams/exploits with 387 incidents.
  • Ethereum experienced 224 incidents and lost $686m.

Losses down, but vulnerabilities remain

The newly published paper dives into the many trends and events that result in costly losses. Interestingly, it found that, in spite of the $1.8bn lost to 751 security incidents throughout 2023, the number was still down from $3.7bn in 2022. 

Private keys

The report highlights some interesting disparities between the types of incidents and the amounts stolen. As you can see in the graph below, losses related to private keys make up approximately 6.3% of all cases but account for almost half the year’s total losses. Within 47 incidents, almost a billion dollars was lost to due to private key breaches.

Blockchain networks

Troubles with coding, smart contracts, exit scams, and other vulnerabilities have been a constant issue for blockchain networks, especially those that are interoperable/cross-chain. 

Having suffered just 35 incidents, breaches affecting multiple chains are another reminder that cross-chain interoperability may still have a way to go before being secure above all else.

As per data from Certik, BNB Chain was frequently recording incidents, more so than any other major chain. Despite this, BNB Chain losses remain lower than other networks. Losses on Ethereum far outpace other networks, which is unsurprising due to its widespread adoption and high total-value locked (TVL). In 2023, Ethereum was recorded to have lost $686m over 224 happenings, costing an average of $3m per incident.

The value in DeFi

CertiK questions whether or not there is a correlation between TVL in DeFi and losses due to security incidents. It notes that the declines in security incidents somewhat mirror the time-weighted average TVL in 2023 compared with 2022 as a result of a bear market.

Whilst this is true to some degree, CertiK finds that around “31% of the variability in monthly losses can be statistically attributed to changes in DeFi’s TVL”, indicating that a majority are related to factors outside of the total cryptocurrency market capitalization as a whole.

It is worth pointing out that when the overall markets are bullish, this is a more lucrative time for attackers as targets become more plentiful. Conversely, bear markets can result in more aggressive and desperate attacks from hackers.

CertiK writes: “Looking ahead, the real test of DeFi's improved security protocols awaits in the resurgence of a bull market. The expectation isn't to eliminate losses entirely — an unrealistic goal in an industry that prides itself on cutting-edge innovation — but to continue reducing the correlation between TVL and losses to hacks and scams.”
 

Written by

Eddie is a seasoned crypto writer and Bitcoin maximalist.