The third quarter of 2023 has been the “most financially damaging” quarter of the year, with almost $700 million in digital assets lost to various security incidents, according to the quarterly report of blockchain security firm CertiK.
Within the report, CertiK highlighted 184 security incidents in July, August and September 2023, with over $699 million in crypto assets lost in the quarter, surpassing first-quarter losses of $320 million and second-quarter losses of $313 million.
Among the exploits that led to the losses, private key compromises have been listed as the most damaging, taking over $204 million across 14 incidents. According to the report, the Multichain incident — where private keys were under the exclusive control of the project’s CEO — led to a loss of $125 million. The incident highlighted that centralized control of private keys for businesses could lead to a vulnerability, which, in Multichain’s case, led to a ceasing of its operations.
Aside from private key exploits, exit scams and oracle manipulation have also been prevalent in the quarter. The report highlighted that there were a total of 93 exit scam incidents in the quarter, taking more than $55 million in digital assets. Meanwhile, 38 oracle manipulation incidents took over $16 million in crypto.
Related: Exploits, hacks and scams stole almost $1B in 2023: Report
When it comes to crypto hacks, the exploit of the cross-chain protocol Mixin Network contributed the most to making September the biggest month for crypto exploits in 2023. On Sept. 25, Mixin Network suspended all withdrawals and deposits after the incident. The company later confirmed that $200 million worth of assets were drained from its mainnet.
CertiK’s quarterly report also highlighted that North Korea’s state-affiliated hacking group Lazarus was still a “dominant threat actor” in the quarter. The report noted that the group was responsible for at least $291 million in confirmed losses in 2023 and continued its activities in the third quarter.
Magazine: Should crypto projects ever negotiate with hackers? Probably
Comments (No)