- In 2023, scams, rug pulls, and hacks caused nearly $2 billion in damages. This is about half of last year’s figure.
- This year’s decline is primarily due to improvements in security protocols, but the industry remains susceptible to security risks.
Cryptocurrency users lost nearly $2 billion (approximately 280 billion yen, equivalent to 140 yen to the dollar) in 2023 due to scams, rug pulls, and hacks. This was revealed by researchers at security app De.Fi in their annual report published on the 27th, which researchers say shows the industry remains vulnerable to security risks, although it is about half of what it was last year. He pointed out that there was.
The decline is primarily due to the implementation of improved security protocols, increased awareness within the community, and reduced activity across the market, but stablecoin issuer Terraform Labs, crypto asset lending This is still a large amount considering that $40 billion was lost due to the collapse of major Celsius and cryptocurrency exchange FTX.
The bear market is also a factor. Although the recovery has continued over the past few months as the situation has turned more bullish, some major altcoins have fallen by up to 85% from their 2021 peaks. Additionally, De.Fi noted that the return on funds has significantly improved from just 2% in 2022 to around 10%.
Damage by blockchain
The Ethereum blockchain, the largest blockchain in terms of number of active users and assets under custody (TVL), suffered the most losses with an estimated 170 incidents totaling approximately $1.35 billion. This number shows that the Ethereum blockchain is attractive to malicious actors due to its extensive ecosystem and high-profile projects. The largest exploit was a $230 million attack on cross-chain platform Multichain in July.
BNB Chain was also an attractive target, with 213 incidents resulting in $110.12 million in losses. Upstart network zkSync Era lost $5.2 million in two cases, and Solana blockchain lost $1 million in one case.
Losses caused by centralized platforms such as exchanges and trading platforms totaled approximately $256 million in seven cases. The largest attack, against Poloniex in November, caused $122 million in damages.
Damage by method
Access control exploits were by far the most costly, with 29 resulting in more than $852 million in damages. In access control exploits, criminals take advantage of weaknesses in smart contracts and how permissions and access rights are managed within the platform.
Flash loan attacks were the second most costly, with 36 attacks resulting in $275 million in losses. In flash loan attacks, criminals exploit the unsecured loan feature of decentralized finance (DeFi), which allows users to borrow large amounts of crypto assets without any upfront funds, and then use the borrowed funds to manipulate market prices.
There were 263 exit scams resulting in losses of $136 million. In an exit scam, a malicious developer erases their online presence after depleting the liquidity of the tokens they issued or collecting funds from unsuspecting market participants.
｜Translation and editing: Rinan Hayashi
｜Image: fikry anshor/Unsplash, modified by CoinDesk
｜Original text: Crypto Users Lost $2B to Hacks, Scams and Exploits in 2023, De.Fi Says