$1.8 Billion lost to Web3 Hackers and Scammers in 2023

• In 2023, Web3 hacks and scams resulted in $1.8 billion in losses, a significant decrease from the previous year’s $3.8 billion.
• The Lazarus Group, a North Korea-linked cybercriminal organisation, accounted for 17% of the losses, totalling approximately $309 million.
• Hacks and exploits constituted the majority of losses ($1.6 billion), while fraud schemes like rug pulls contributed $103 million to the total losses.

In 2023, the Web3 ecosystem suffered losses amounting to $1.8 billion due to hackers and scammers, according to a report released on December 28 by blockchain security platform Immunefi.

Notably, 17% of these losses were attributed to the Lazarus Group, a North Korea-linked cybercriminal organisation.

The largest hack of the year, in terms of losses, targeted the peer-to-peer trading platform Mixin Network, resulting in over $200 million in losses for crypto investors. The second-largest loss, at $197 million, was associated with the exploit of lending platform Euler Finance, followed by the $126 million hack of cross-chain bridge protocol Multichain.

The report identified approximately $309 million in losses linked to the Lazarus Group, a cybercriminal organization connected to North Korea. These losses encompass incidents like the Atomic Wallet hack ($100 million), CoinEx ($70 million), Alphapo ($60 million), Stake, CoinsPaid, and others.

Most of the losses ($1.6 billion) resulted from hacks and exploits, while only $103 million stemmed from clearly identifiable fraud schemes, such as rug pulls. The majority of these losses, $1.3 billion, occurred within protocols claiming to be decentralised. In contrast, centralised finance (CeFi) crypto protocols accounted for $409 million in losses.

The $1.8 billion in losses in 2023 represents a significant decrease from the previous year when blockchain security platform Chainalysis reported over $3.8 billion in stolen funds, indicating a more than 52% decline in losses.

According to a report by TRM Labs, hack volumes in 2023 fell by more than 50% compared to the previous year.

Read this: Big Hacks of 2023💰🔐

Notable Hacks in 2023

• Mixin ($200M): Attacked in September via a cloud service provider data breach. Funds remain unrecovered.
• Euler Finance ($197M): Exploited by a flash loan attack in March, with the attacker later returning the stolen funds and apologizing.
• Multichain ($126M): Experienced a major exploit in April involving compromised private keys and token theft.
• BonqDAO ($120M): Fell victim to a flash loan attack in July, resulting in significant losses of stablecoins and ETH.
• Poloniex ($114M): Hot wallet compromise in February led to the theft of Bitcoin and other tokens.
• Stake ($41M): Hackers targeted hot wallets in September, primarily stealing Ethereum and Dai.
• Atomic Wallet ($100M): Supply chain attack in February allowed unauthorized access to user funds.
• Ledger Connect Kit ($600K): Malicious code injection in December compromised multiple DeFi platforms and drained user funds.
• Curve ($60M): Exploited vulnerabilities in the DeFi protocol in July, resulting in a $60M theft.
• Kyber ($48M): November attack on DeFi market maker KyberSwap, with hackers taking nearly $50M and making open demands for protocol control.