Crypto projects faced a grim reality in the third quarter of the year, as they collectively lost nearly $889 million to various security breaches, hacks, phishing scams, and rug pulls. This sobering revelation comes from the Global Web3 Security Report published by blockchain security firm Beosin.
Breakdown of Losses
The report sheds light on the magnitude of the losses:
1. Rug Pulls: Investors lost approximately $283 million across 81 rug pull incidents. Rug pulls typically involve deceptive practices by project creators who abandon a project after attracting substantial investments.
2. Phishing Schemes: Phishing scams generated illicit gains of around $66 million during the same quarter. These scams often involve tricking individuals into revealing sensitive information or transferring funds to fraudulent addresses.
3. Hacks: Security breaches plagued the crypto industry, with 43 crypto projects falling victim to hacks, resulting in a staggering loss of $540 million. Notable hacks during this period included the $200 million hack of Mixin Network, the $73 million exploit of Curve Finance, and an $8 million loss due to a hot wallet compromise.
These losses represent a substantial increase compared to the cumulative losses of the previous two quarters, which amounted to $330 million in the first quarter and a slight uptick to $333 million in the second quarter.
Decentralized finance (DeFi) projects bore the brunt of the attacks, accounting for approximately 67% of all breaches during this period. However, it's important to note that other sectors, including blockchains, payment platforms, exchanges, casinos, and infrastructure, also experienced security incidents.
Among the various blockchain platforms, Ethereum experienced the most significant number of losses and incidents. According to Beosin, Ethereum faced 16 security incidents during the period, making it the most targeted platform. BNB Chain, Arbitrum, BTC, and Base also saw multiple security incidents.
A notable finding in the report is that nearly half (46.5%) of the attacked projects had not undergone any security audits. Furthermore, 63.6% of the 22 projects attacked due to contract vulnerabilities had never been audited. This emphasizes that many of these exploits could have been prevented had the projects taken proactive measures to conduct security audits and address vulnerabilities.
Despite these alarming losses, only a mere 10% of the stolen funds were successfully recovered. This highlights the significant challenges associated with retrieving stolen crypto assets, leaving a substantial sum of approximately $800 million unaccounted for.
The report underscores the critical importance of security measures and due diligence within the crypto industry. As malicious actors continue to target various sectors of the crypto space, projects and investors must prioritize security audits, proactive vulnerability assessments, and robust security protocols to mitigate the risks associated with these types of attacks.