Despite the ongoing threat of cryptocurrency hacking, there were some notable shifts in 2023. Chainalysis’s report revealed that while the number of hacking incidents increased from 219 in 2022 to 231 in 2023, the total stolen funds decreased by 54.3%, plummeting from $3.7 billion in 2022 to $1.7 billion in 2023. One key factor behind this reduction was the involvement of the North Korean Lazarus Group.
As per the security firm’s report, the notable decrease in stolen funds can be mainly attributed to a decline in DeFi hacking incidents, which peaked between 2021 and 2022. In 2022, cybercriminals managed to steal over $3.1 billion from DeFi protocols. However, by 2023, this figure had plummeted significantly to $1.1 billion, marking a 63.7% decrease.
More funds stolen due to private key mismanagement
The report showed that on-chain vulnerabilities were prevalent in the early part of the year but were later replaced by compromised private keys as a significant attack vector in the third and fourth quarters.
When examining the impact of hacks, those stemming from on-chain contagion caused the most harm, leading to a median loss of $1.4 million. Furthermore, governance attacks (on-chain), insider attacks (off-chain), and compromised private keys (off-chain) all played a role in contributing to a median hack value of approximately $1 million each.
Growth or security?
Mar Gimenez-Aguilar, Lead Security Architect and Researcher at Halborn, a Web3 security company, spoke with Chainalysis about the increasing trend of DeFi hacking. She explained the worrying rise in both the frequency and severity of attacks within the DeFi ecosystem.
She notes that the top 50 DeFi hacks observed in 2023 were carried out on EVM-based and Solana-based chains due to their popularity and smart contract execution capabilities. For the decrease in hack incidents, security experts suggest that many DeFi vulnerabilities resulted from protocol operators prioritizing growth over implementing robust security systems.
In contrast, the Holborn researcher mentioned that the decrease in the actual value stolen from DeFi and the relative reduction in on-chain vulnerability-driven hacking in 2023 indicates an enhancement in smart contract security among DeFi operators.
She believes that the increased security measures in DeFi protocols play a crucial role in reducing hacks related to smart contract vulnerabilities. While acknowledging the positive trends, Gimenez-Aguilar stresses that the growth in hacks driven by attack vectors like compromised private keys signals the need for DeFi operators to go beyond smart contract security.