Private keys getting compromised took over $204 million across 14 security incidents in the third quarter of 2023.
The third quarter of 2023 has been the “most financially damaging” quarter of the year, taking almost $700 million in digital assets across various security incidents, according to the quarterly report of blockchain security firm CertiK.
Within the report, CertiK highlighted that there was a total of 184 security incidents that happened in July, August and September 2023. The report highlighted that over $699 million in crypto assets were lost in the quarter, surpassing the first-quarter losses of $320 million and the second-quarter losses of $313 million.
Within the types of exploits that led to the losses, private key compromises have been listed as the most damaging, taking over $204 million across 14 incidents. According to the report, the Multichain incident, where private keys were under the exclusive control of the project’s CEO, led to a loss of $125 million. The incident highlighted that centralized control of private keys for businesses could lead to a vulnerability, which, in Multichain’s case, led to a stoppage of its operations.
Apart from the private key exploits, exit scams and oracle manipulation have also been prevalent in the quarter. The report highlighted that there were a total of 93 exit scam incidents in the quarter, taking more than $55 million in digital assets. Meanwhile, oracle manipulation incidents were 38, taking over $16 million in crypto.
Related: Exploits, hacks and scams stole almost $1B in 2023: Report
When it comes to crypto hacks, the exploit of the cross-chain protocol Mixin Network contributed the most to making September the biggest month for crypto exploits in 2023. On Sept. 25, Mixin Network suspended all withdrawals and deposits after the incident. The company later confirmed that $200 million worth of assets from its mainnet were drained.
CertiK’s quarterly report also highlighted that North Korea’s state-affiliated hacking group Lazarus was still a “dominant threat actor” in the quarter. The report noted that the group was responsible for at least $291 million in confirmed losses in 2023 and continued its activities in the third quarter.
Magazine: Should crypto projects ever negotiate with hackers? Probably