The cryptocurrency sector has increasingly become a prime target for hackers in recent years.
According to a report submitted by bug bounty and security services platform Immunefi, the Web3 space suffered a total loss worth over $685 million in Q3, 2023.
This significant loss increase is particularly alarming given that losses suffered from hacks and frauds were over $428 million in Q2 this year.
The recent release by Immunefi denotes a whopping 59.9% increase in malicious attacks targeted at obtaining funds illegally from poorly secured blockchain protocols.
Providing more details, the platform stated that over $662 million was lost to hacks across 49 separate incidents.
The remaining balance of over $22 million was lost to fraudulent investment schemes captured across 27 specific incidents.
The report also disclosed more unsettling findings. According to Immunefi, Mixin Network and Multichain were among the hardest hit, with a combined loss of $326 million due to hacks.
This mammoth loss accounted for 47.5% of all losses recorded in Q3. Other protocols, such as CoinEx, CoinsPaid, Curve Finance, and JPEG’d, also fell victim to illegal fund draining by malicious actors.
Moreso, the Ethereum blockchain-based projects were the prime targets of these bad actors as a record number of 35 Web3 protocols were hit on the older blockchain protocol.
Meanwhile, Binance-owned BNB Chain came a close second on the list, with 25 protocols seeing their funds drained.
A surprise appearance was Coinbase-owned Base, which suffered four incidents, representing 4.9% of total losses across chains.
Optimism followed with three incidents, while Polygon and a few others suffered two incidents, and Solana completed the list with only 1 incident on its records.
Zooming in on the principal characters behind this series of cyberattacks, the North Korean-sponsored Lazarus Group came up tops.
Immunefi stated that the infamous hacking team carted away over $208 million, indicating a 30% value from the total losses suffered in Q3.
Lazarus Group executed its heist on CoinEx, Stake, Alphapo, and CoinsPaid.
DeFi Still a Juicy Honeypot for Hackers
The crypto market is broken into several sub-sectors. One of the most prominent is the decentralized finance (DeFi) sub-sector.
Like its name sounds, trades here are not centrally controlled, with users having direct control and access to their accounts.
There is no intermediary, and anyone can buy and sell digital assets. This lack of central oversight has made the DeFi space a prime target for several malicious actors.
According to a report by CoinGecko, the DeFi landscape lost an astronomical $2.8 billion in stolen funds in 2022.
The hacks were executed using various methods, including verification process bypass, market manipulation, crowd looting, as well as smart contract and bridge exploits.
The report pointed out Sky Mavis’ Ronin Network hack of $625 million as the principal network that lost the most in crypto losses. This security breach was done via the access hack method.