Crypto losses hit $685 million in Q3, $1.4 billion year-to-date: Immunefi


Crypto losses hit $685 million in Q3, $1.4 billion year-to-date: Immunefi

Web3 projects witnessed $685.5 million in losses during Q3, with major exploits on cross-chain protocols Mixin Network and Multichain accounting for nearly half of the total losses. The Q3 losses represent a 59.9% increase on the $428.7 million lost in Q2, with incidents up 153% year-over-year, according to the latest report from web3 bug bounty platform Immunefi.

The losses marked the worst quarter for the year, reaching $1.4 billion in 2023 due to hacks and fraud. “Q3 witnessed the highest loss in this year, driven by large-scale attacks such as the one on Mixin Network and Multichain”, Immunefi CEO Mitchell Amador said in the report. “State-backed actors played a crucial role as they were allegedly behind several cases this quarter. Their particular focus on CeFi led to a sharp surge in losses within this sector.”

Mixin Network’s $200 million exploit in September and Multichain’s $126 million funds stolen in July were responsible for $326 million in losses alone, making up 47.5% of the Q3 total. North Korean regime-backed Lazarus Group, allegedly behind high-profile attacks on platforms like CoinEx ($70 million), Alphapo ($60 million), Stake ($41.3 million) and CoinsPaid ($37.3 million), stole a total of $208.6 million — representing 30% of the Q3 losses.

Ethereum was the most targeted network, registering 35 of the 76 incidents (42.7% of the losses), while BNB Chain witnessed 25 incidents, accounting for 30.5% of losses. Coinbase-incubated Layer 2 network Base followed, suffering losses across four projects since launching on Aug. 9, namely LeetSwap, SwirlLend, Magnate Finance and RocketSwap. Optimism accounted for three of the incidents.

Crypto losses hit $685 million in Q3, $1.4 billion year-to-date: Immunefi

Crypto losses Q3 2023. Image: Immunefi.

DeFi hacks lead Q3 crypto losses

Some $662.9 million was lost to hacks across 49 exploits, accounting for 96.7% of losses — representing a 66.1% year-over-year increase. Meanwhile, $22.6 million was lost to 27 incidents of fraud, scams and rug pulls, totaling 3.3% of the losses combined — down 23.9% year-over-year.

DeFi platforms remained the most attractive targets for cybercriminals, suffering $499.8 million (72.9%) of Q3 losses — up 18.5% year-over-year and adding to around $3 billion in funds stolen by DeFi attackers to date, according to The Block’s data dashboard. Centralized platforms accounted for the remaining 27.1% —worth $185.7 million — representing an eye-watering 3,400% increase compared to Q3 last year.

A small consolation is the recovery of $61.2 million in stolen funds from six cases, representing just 8.9% of the total Q3 losses. Curve Finance recovered the most, reclaiming $5.3 million from $24 million stolen. However, recovery efforts are ongoing, with Mixin Network offering hackers a $20 million “bug bounty” last week in an on-chain message designed to incentivize the return of the stolen funds.

Immunefi says it has paid more than $80 million in bounties and saved over $25 billion in user funds across protocols like Chainlink, The Graph, Synthetix and MakerDAO.

Last week, Immunefi launched on-chain vaults in its first milestone toward decentralizing its bug bounty platform.


Leave A Reply

Your email address will not be published.