Immunefi Crypto Losses Report Q3 2023

The team at Immunefi, the leading bug bounty and security services platform for crypto, has assessed the volume of crypto funds lost by the community due to hacks and scams in Q3 2023.

Overview

The global web3 space was valued at over $934 billion in 2022. That capital represents an unparalleled and attractive opportunity for blackhat hackers.

We have reviewed all instances where blackhat hackers have exploited various crypto protocols, as well as cases of protocols that have allegedly performed a rug pull in Q3 2023. We have located 74 such instances, including both successful and semi-successful hacking attempts, as well as alleged fraud.

In total, we have seen a loss of $685,510,444 across the web3 ecosystem in Q3 2023. $662,850,580 was lost to hacks in Q3 2023 across 47 specific incidents and $22,659,864 was lost to fraud in across 27 specific incidents. Most of that sum was lost by two specific projects: Mixin Network, a transactional network for digital assets, and Multichain, a cross-chain router protocol.

This number represents a 59.9% increase compared to Q3 2022, when hackers and fraudsters stole $428,718,083.

Key Takeaways in Q3 2023

• The 2 major exploits of the quarter totaled $326,000,000 alone, accounting for 47.5% of all losses in Q3 2023.
• In Q3 2023, hacks continued to be the predominant cause of losses at 96.7% in comparison to frauds, scams, and rug pulls, which amounted to only 3.3% of the total losses.
• In Q3 2023, DeFi continued to be the main target of successful exploits at 72.9% as compared to CeFi at 27.1% of the total losses.
• The two most targeted chains in Q3 2023 were Ethereum and BNB Chain. Ethereum suffered the most individual attacks with 33 incidents, while BNB Chain witnessed 25 incidents. Base followed with 4 incidents and Optimism with 3 incidents. Polygon, Avalanche, Arbitrum, zkSync Era, and Fantom each had 2 incidents. Solana, and others, followed with 1 incident each.
• In total, $61,169,000 has been recovered from stolen funds in 4 specific situations. This number makes up 8.9% of the total losses in Q3 2023.

Key Insights in Q3 2023

• In Q3 2023, the number of attacks spiked: the number of single incidents increased 147% YoY from 30 to 74 in Q3 2023. The total number of losses increased by 59.9% when compared to Q3 2022, amounting to $685,510,444. Overall, Q3 has witnessed the highest loss in 2023.
• In Q3 2023, Ethereum surpassed BNB Chain once again and became the most targeted chain.
• Since its launch in early August, Coinbase-backed Base protocol has witnessed losses across 4 projects, sharing the top of targeted chains with Ethereum and BNB Chain.
• The Lazarus Group was responsible for $208,600,000 stolen, representing 30% of the total losses in Q3 2023. The group was allegedly behind the high-profile attacks on CoinEx, Alphapo, Stake, and CoinsPaid.

Download the full report here.

Get the full dataset here.

For questions about this study or Immunefi itself, reach out at press@immunefi.com

About Immunefi

Immunefi is the leading security platform for crypto, protecting more than $180 billion in user funds, and securing protocols across the full development lifecycle, from pre-deployment through production.