In Q3 2023, the number of reported attack incidents surged to 76, a stark contrast to the mere 30 incidents recorded during the same quarter in the previous year.
A report from Immunefi, a blockchain security platform, reveals that the crypto and Web3 projects experienced a staggering 153% surge in attack incidents from July to September 2023 in comparison to the corresponding period in 2022. Q3 of 2022 saw a total of 30 attack incidents, but this figure ballooned to 76 in Q3 2023. The losses in the recent quarter amounted to nearly $686 million.
The most substantial loss resulted from the Mixin hack on September 25, which drained approximately $200 million. The Multichain hack ranked as the second most damaging attack of the quarter, resulting in losses exceeding $126 million, which are yet to be recovered. Furthermore, the Lazarus Group orchestrated a series of attacks, targeting centralized services such as CoinEx, Alphapo, Stake, and Coinspaid, collectively siphoning over $208 million worth of crypto. The Lazarus Group was accountable for 30% of all stolen crypto in Q3, as per the report’s findings.
A small fraction of the attacks in Q3 involved rug pulls and various scams, contributing only $23 million, or 3.3% of the total losses. In contrast, the remaining 96.7% stemmed from hacks or exploits. Notably, monetary losses from scams in Q3 witnessed a 23.9% decrease compared to Q3 2022.
The report highlights that decentralized finance (DeFi) hacks constituted a substantial 72.9% of the total losses, leaving centralized services responsible for a mere 27.1% of exploit losses. However, the report does not define the criteria for distinguishing “decentralized” from “centralized” services.
Ethereum and BNB Chain emerged as the prime targets for hackers and scammers, accounting for 42.7% and 30.5% of the losses, respectively. Base and Optimism followed as the third and fourth most attractive networks for malicious actors.
The report serves as compelling evidence that Q3 has been the most challenging quarter of the year in terms of crypto-related hacks and scams, a conclusion in line with a similar report from Certik released on October 2nd.