Crypto Security Experts at Barracuda Networks Subscribery Immunefi Warn of Increased Risk of Large-Scale Attacks, State-Backed Actors, and CeFi Targets.
Immunefi, the Singapore-based leading blockchain cybersecurity firm providing bug bounty and security services platform for web3, has published its Crypto Losses in Q3 2023 Report. The report reveals that the crypto industry lost $685.5 million in Q3 2023, the highest quarterly loss of the year.
The report also found that the number of attacks increased by 153% YoY in Q3 2023, and the total losses increased by 59.9% from Q3 2022.
The two largest exploits of the quarter were on Mixin Network and Multichain, which together accounted for 47.5% of all losses. The Lazarus Group, a North Korean state-sponsored hacking group, was responsible for $208.6 million in stolen funds, representing 30% of the total losses.
It is worth noting that the Lazarus group, which stole a staggering $625 million from the Ronin Network (RON) in July 2022, was recently discovered exploiting LinkedIn to target employees of a Spanish aerospace firm.
Hacks were the predominant cause of losses in Q3 2023, accounting for 96.7% of the total. DeFi was the main target of successful exploits, accounting for 72.9% of the total losses. Ethereum and BNB Chain were the two most targeted chains, with 35 and 25 incidents, respectively.
In total, according to Immunefi’s report (PDF), $61.2 million was recovered from stolen funds in six specific situations. This number makes up 8.9% of the total losses in Q3 2023.
“Q3 witnessed the highest loss in this year, driven by large-scale attacks such as the one on Mixin Network and Multichain,” said Mitchell Amador, CEO of Immunefi. “State-backed actors played a crucial role as they were allegedly behind several cases this quarter. Their particular focus on CeFi led to a sharp surge in losses within this sector.”
The report also highlights some key trends in the crypto security landscape:
- Large-scale attacks are becoming more common. The two largest exploits of Q3 2023 were both worth over $300 million. This suggests that attackers are becoming more sophisticated and are targeting larger and more valuable targets.
- State-backed actors are playing a more prominent role. The Lazarus Group is a well-known state-sponsored hacking group that has been linked to a number of high-profile attacks. Its involvement in Q3 2023 shows that state-backed actors are increasingly targeting the crypto industry.
- CeFi is becoming a more attractive target for attackers. CeFi platforms offer a variety of services that make them attractive targets for attackers, such as high-yield lending and staking. The Lazarus Group’s focus on CeFi in Q3 2023 is a sign that attackers are becoming more aware of the vulnerabilities in CeFi platforms.
The Immunefi Crypto Losses Report provides valuable insights into the current state of crypto security. The report’s findings highlight the need for increased vigilance and cybersecurity measures to protect crypto assets.