Crypto and Web3 projects experienced a 153% surge in attack incidents from July to September 2023 compared to the same period in 2022, according to a report by blockchain security platform Immunefi. In Q3 2022, there were a total of 30 attack incidents. However, in Q3 2023, this number rose to 76. A total of $686 million was lost in the recent quarter.
The highest loss occurred in the Mixin hack on September 25, which resulted in a loss of approximately $200 million. The Multichain hack was the second-worst attack of the quarter, causing over $126 million in losses that have yet to be recovered. Additionally, the Lazarus Group drained over $208 million worth of crypto through multiple attacks, including hacks of centralized services CoinEx, Alphapo, Stake, and Coinspaid. The report stated that the Lazarus Group was responsible for 30% of all stolen crypto in Q3.
A small portion of Q3 attacks consisted of rug pulls and other scams, accounting for only $23 million, or 3.3% of total losses. The remaining 96.7% came from hacks or exploits. Overall, monetary losses from scams in Q3 decreased by 23.9% compared to Q3 2022.
The report mentioned that decentralized finance (DeFi) hacks accounted for 72.9% of total losses, while centralized services accounted for only 27.1% of exploit losses. Immunefi did not provide a specific definition for “decentralized” versus “centralized” services.
The two most targeted networks by hackers and scammers were Ethereum and BNB Chain, with Ethereum representing 42.7% of losses and BNB Chain representing 30.5%. Base and Optimism were the third and fourth most popular networks for attackers to exploit.
This report further confirms that Q3 was the worst quarter of the year for crypto-related hacks and scams. A similar conclusion was reached in a report by Certik on October 2.
