Cryptocurrency users suffered significant losses in 2023, with nearly $2 billion being lost to scams, rug pulls, and hacks. This amount is roughly half of what was lost in the previous year, indicating some improvement in security protocols. However, the industry still faces security risks, according to a report by security app De.Fi.
The reduction in losses can be attributed to several factors, including the implementation of improved security protocols, increased awareness within the cryptocurrency community, and decreased activity in the market. However, even with these improvements, the industry remains vulnerable to security threats.
It is worth noting that the $2 billion figure does not include the losses incurred due to the collapses of stablecoin issuer Terraform Labs, crypto lender Celsius, and the FTX exchange. When these losses, which amount to $40 billion, are taken into account, the overall impact on the industry becomes more significant.
The decrease in losses coincided with a bear market, during which major alternative tokens experienced significant declines before recovering in recent months. This recovery, coupled with the improved recovery rate of funds, which increased from 2% in 2022 to 10% in 2023, indicates some positive developments in the industry.
Among the different blockchains, Ethereum, the largest blockchain in terms of active users and value locked, suffered the highest losses. Approximately $1.35 billion was erased in an estimated 170 incidents. This highlights the appeal of Ethereum to malicious actors due to its extensive ecosystem and high-profile projects. The largest exploit on Ethereum occurred in July, with an attack on the cross-chain platform Multichain resulting in a loss of $230 million.
BNB Chain, another popular blockchain, also proved to be an attractive target, with $110.12 million lost across 213 incidents. Other networks, such as zkSync Era and Solana, also experienced losses, albeit on a smaller scale.
Losses on centralized platforms, including exchanges and trading platforms, amounted to around $256 million across seven cases. The largest of these incidents occurred in November when Poloniex was attacked, resulting in a loss of $122 million.
The report also highlights the most common methods used by attackers to exploit vulnerabilities in the cryptocurrency ecosystem. Access control exploits were found to be the most damaging, resulting in losses of over $852 million in 29 instances. These exploits take advantage of weaknesses in how permissions and access rights are managed within smart contracts or platforms, granting unauthorized access to funds or critical functionalities.
Flash-loan attacks were the second-most cash-generative method, leading to losses of $275 million over 36 cases. These attacks exploit the uncollateralized loan feature in decentralized finance (DeFi), allowing attackers to borrow large amounts of cryptocurrency without upfront capital. The borrowed funds are then used to manipulate market prices and exploit vulnerabilities in DeFi.
Exit scams accounted for $136 million over 263 cases. In an exit scam, a rogue developer drains all liquidity from a token they have issued or removes their online presence after raising money from unsuspecting market participants.
Overall, while there has been some improvement in security protocols and a decrease in losses compared to the previous year, the cryptocurrency industry still faces significant security risks. The report by De.Fi serves as a reminder that users and industry participants must remain vigilant and continue to prioritize security measures to protect themselves and their investments.