Blockchain security platform Immunefi has revealed alarming statistics in its December 28 report, showcasing that the year 2023 bore witness to a staggering $1.8 billion lost to Web3 hackers and scammers.
This eye-opening revelation underscores the persistent challenges the crypto and blockchain industry faces in safeguarding digital assets from malicious actors. One particularly notable finding of the report is the prominent role played by the North Korea-linked Lazarus Group, which is responsible for a substantial portion of the losses, amounting to 17%.
Lazarus group’s pervasive influence
The Lazarus Group, a cybercriminal organization with ties to the Democratic People’s Republic of Korea (North Korea), was identified as a major player in the realm of cryptocurrency-related cybercrimes.
The report attributed approximately $309 million in losses to this notorious group. These losses include high-profile incidents such as the Atomic Wallet hack ($100 million), CoinEx ($70 million), Alphapo ($60 million), Stake, CoinsPaid, and others. The Lazarus Group’s proficiency in executing sophisticated attacks has made them a significant concern for law enforcement agencies worldwide.
The year 2023 witnessed several significant hacks that sent shockwaves through the crypto community. The most devastating of these was the breach of peer-to-peer trading platform Mixin Network, resulting in losses exceeding $200 million for crypto investors.
In the second position was the $197-million exploit of the lending platform Euler Finance, closely followed by the $126-million hack of the cross-chain bridge protocol Multichain. These high-value breaches highlight the vulnerabilities inherent in the decentralized finance (DeFi) space and underscore the need for enhanced security measures.
Hacks vs. fraud: A stark contrast
A noteworthy revelation from the Immunefi report is the stark contrast between losses attributed to hacks and fraud-related losses. Of the $1.8 billion in total losses, a mere $103 million could be traced to clearly identifiable fraud schemes, such as rug pulls. In contrast, over $1.6 billion was lost due to hacks and exploits.
This divergence raises questions about the effectiveness of security measures within the crypto industry, particularly in the DeFi sector.
Surprisingly, the majority of losses, totaling $1.3 billion, stemmed from protocols that purported to be decentralized. This highlights the inherent risks associated with DeFi platforms, where malicious actors can exploit smart contracts and code vulnerabilities.
Conversely, losses from centralized finance (CeFi) crypto protocols amounted to $409 million, significantly lower in comparison. The crypto community faces the ongoing challenge of striking a balance between the principles of decentralization and the imperative of robust security.
A decline from the previous year
In a somewhat positive turn of events, the $1.8 billion in losses for 2023 represents a more than 52% decline from the previous year. In 2022, blockchain security platform Chainalysis reported over $3.8 billion in stolen funds.
While this loss reduction is a welcome development, it by no means suggests that the threat of cybercrimes against the crypto industry has been fully mitigated. Rather, it underscores the urgent need for continuous improvement in security measures and adopting best practices across the ecosystem.