$1.8 Billion Cryptos Lost Across 751 Security Breaches in 2023: CertiK report

2023 saw a 51% decline in the digital assets lost to hacks, scams and exploits than that of 2022. However, a staggering $1.84 billion in cryptocurrencies were lost across 751 security breaches in 2023, blockchain security firm CertiK reveals.

The 2023 “Hack3d” report published Wednesday, highlighted major exploits and incidents that led to this ten-digit number. Per the data, 2023 losses were down 51% from 2022’s total of $3.7 billion.

“Although $1.8 billion is a significant decline from 2022, it’s still too much,” CertiK analysts noted.

Furthermore, data revealed that the Q3 of 2023 saw the most losses at $686,558,472 from 183 hacks and scams. “November was the most costly month of the year,” it added.

Private Key Compromised

The study attributed the cause of several digital asset breaches to private key compromises.

“Six of the ten most costly security incidents over the course of 2023 were due to private key compromises.”

Private key compromises were the costliest attack vectors with $880,892,924 worth of crypto assets lost in just 47 incidents. The figures represent nearly half of all financial losses, though these compromises represented just 6.3% of all security breaches this year.

CertiK suggested some of the private key management best practices to avoid future breaches. These include multi-signature wallets, hardware wallets, access control policies, encrypted storage and regular monitoring of the use of private keys.

CertiK Report Highlights Emerging Trend of Bug Bounty

The report highlighted the emerging trend of “retroactive bug bounties” in 2023, with $219 million returned across 36 events. This represents 12% of the $1.84 billion lost in total, it added.

Several protocols have successfully negotiated “grey hat” bounties, leading to hackers returning significant portions of stolen funds. For instance, Euler Finance fell victim to a flash loan attack in March, resulting in over $197 million in losses.

The DeFi protocol later offered a $1 million bounty for information leading to the arrest of the attackers and demanded the return of the stolen funds.

Ultimately, Euler exploiter returned a total of 84,951 Ether, worth approximately $147.8 million, and $29.9 million in the DAI stablecoin.

Ronghui Gu, co-founder of CertiK, sees a positive growth in blockchain security in 2024. “The growth of bug bounty platforms and other proactive security measures is a good sign,” Gu said. “Hopefully, we will see a continued decline in losses throughout 2024.”

CertiK analysts further predicted that the crypto bull market will put the industry’s security to the test. “Looking ahead, the real test of DeFi’s improved security protocols awaits in the resurgence of a bull market,” the report added.

“The expectation isn’t to eliminate losses entirely — an unrealistic goal in an industry that prides itself on cutting-edge innovation — but to continue reducing the correlation between total value locked (TVL) and losses to hacks and scams.”