Crypto Industry Sees $413 Million in Losses in Q3 2023

According to the latest report from web3 bug bounty and security services platform, Immunefi, the crypto industry experienced $413 million in losses due to hacks and scams during the third quarter of this year across 34 incidents.

Losses Overview

The losses mark a 28% decrease from $573 million in Q2 and a 40% decline compared to Q3 2023, when $686 million was stolen. Year-to-date, over $1.3 billion has been lost to hacks and fraud, down 4% from the same period last year.

Targeted Sectors

With nearly $90 billion total value locked in web3 protocols (according to DeFiLlama), decentralized finance (DeFi) has remained a primary target for hackers, accounting for 31 out of the 34 incidents in Q3. However, centralized finance (CeFi) suffered greater losses, with 74.8% ($309 million) coming from CeFi, compared to 25.2% ($104 million) from DeFi.

Mitchell Amador, founder and CEO of Immunefi, stated, “We’re seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences.”

Security Issues

He emphasized that the significant security issue in CeFi is private key management, which is crucial for maintaining self-custody of crypto assets but often overlooked in security audits. This necessitates rigorous key management policies and emergency plans.

Major Incidents

The majority of losses stemmed from two major exploits, totaling $287 million or 69.5% of the losses. The largest attack was on Indian crypto exchange WazirX, which suffered a $235 million breach on July 18. An additional $52 million was stolen from Singapore’s BingX exchange on September 20.

July recorded the highest monthly losses at $282 million, followed by a dip to $15 million in August, and then $116 million in September. Only $14.9 million (3.6%) of the stolen funds were recovered from the Ronin Network ($10 million) and ShezmuTech ($4.9 million).

Hacks vs. Fraud

Hacks accounted for 99.3% ($409.9 million) of the losses across 31 incidents in Q3, while fraud incidents totaled just 0.7% ($3.1 million). Ethereum and BNB Chain were again the most targeted networks, with Ethereum suffering the most attacks (15 incidents) and losses (44.1% of targeted chains).

Immunefi has paid out more than $100 million in bug bounties to ethical hackers and researchers since its inception, covering over 3,000 reports, including a $10 million reward for a vulnerability in Wormhole’s cross-chain protocol.