Report | Feb 7, 2024
Stolen Crypto Funds Drop Over 54.3% in 2023 Despite Persistent Threat of Hacking
The recent analysis by Chainalysis has provided the crypto community with a detailed examination of the hacking landscape in 2023, revealing trends that are both encouraging and concerning. The report, “Stolen Crypto Falls in 2023, but Hacking Remains a Threat,” offers a comprehensive look at the state of cryptocurrency security, highlighting the significant decrease in stolen funds alongside an uptick in hacking incidents. Below are a few key findings.
See: Calgary Police and Chainanalysis Launch the Western Canada Cryptocurrency Investigations Centre
Chainalysis’s comprehensive analysis reveals a notable decrease in the total value of stolen crypto, which fell by approximately 54.3% to $1.7 billion, down from 2022’s record-breaking $3.7 billion. This decline is primarily attributed to a reduction in DeFi hacking incidents, which had previously been the main catalyst for the surge in crypto thefts.
Despite the encouraging decline in stolen funds, the report indicates a slight uptick in hacking activity, with the number of incidents rising from 219 in 2022 to 231 in 2023. This suggests that while the impact of individual hacks may be diminishing, the threat landscape remains active and evolving.
DeFi’s Evolving Security Landscape
The report shows that there was $1.1 billion in total value stolen from DeFi platforms in 2023 which was a 63.7% decrease year over year. This reduction in DeFi protocol victimization marks a significant shift in the landscape of stolen funds.
See: How Permissioned DeFi Will Transform Global Payments
- Despite several large-scale hacks, such as the incidents involving Euler Finance flash loan attack and Curve Finance liquidity pool hack, there was overall decrease in median loss per DeFi hack by 7.4%
- Further, a 17.2% reduction in the number of DeFi-specific hacks suggest an improvement in security protocols and a heightened awareness of cybersecurity needs within the DeFi space.
DeFi Hack Types
As DeFi platforms continue to grow in popularity and complexity, they become attractive targets for cybercriminals. According to insights from Halborn, a security firm specializing in blockchain and web3 solutions, DeFi attack vectors can be broadly classified into two categories: on-chain and off-chain.
See: Consultation: OSC Wants to Increase Fees for Crypto Firms
On-chain attacks are those that exploit vulnerabilities in the blockchain components of a DeFi protocol, such as smart contracts. These do not stem from the blockchain technology itself but from the way DeFi protocols are implemented on the blockchain.
- Protocol Exploitation: This involves exploiting vulnerabilities in a protocol’s blockchain components, such as validator nodes, the protocol’s virtual machine, or the mining layer.
- Contagion: This occurs when an attacker exploits vulnerabilities created by a hack in another protocol, including hacks closely related to other protocols.
- Price Manipulation Hack: This type of attack exploits smart contract vulnerabilities or flawed oracles that do not reflect accurate asset prices, allowing attackers to manipulate digital token prices.
- Smart Contract Exploitation: Attackers exploit vulnerabilities in smart contract code, granting them direct access to control mechanisms of a protocol and token transfers.
- Governance Attacks: These attacks involve manipulating a blockchain project with a decentralized governance structure by gaining enough influence or voting rights to enact malicious proposals.
See: CFTC Publishes DeFi Report for Policymakers and Industry
Off-chain attacks exploit vulnerabilities outside the blockchain, such as in the systems or processes that interact with the blockchain.
- Insider Attack: This occurs when someone inside the protocol, like a rogue developer, uses privileged information or keys to steal funds.
- Phishing: Attackers trick users into signing permissions by impersonating a legitimate protocol, allowing them to spend tokens on the users’ behalf or trick users into sending funds to malicious smart contracts.
- Compromised Server: An attacker compromises a server owned by a protocol, disrupting its normal workflow or gaining knowledge to further exploit the protocol.
- Wallet Hack: This involves exploiting a protocol that provides custodial/wallet services, subsequently acquiring information about the wallets’ operation.
- Compromised Private Key: Attackers gain access to a user’s private key through leaks or failures in off-chain software.
- Third-Party Compromised: An attacker gains access to an off-chain third-party program used by a protocol, which can later be used for an exploit.
Looking Ahead
The decline in stolen crypto funds and advancements in DeFi security practices offer hope for a more secure future. However, the rise in hacking incidents and the sophistication of attacks present ongoing challenges that the crypto industry must address.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada’s Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
Related Posts
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://ncfacanada.org/stolen-crypto-funds-halve-in-2023-despite-more-hack-attempts/
- :has
- :is
- :not
- $3
- 1
- 150
- 2%
- 2018
- 2022
- 2023
- 300
- 54
- 62
- 7
- a
- About
- access
- According
- accurate
- acquiring
- active
- address
- advancements
- affiliates
- Allowing
- alongside
- alternative
- alternative finance
- an
- analysis
- and
- Another
- approximately
- ARE
- artificial
- artificial intelligence
- AS
- asset
- Assets
- At
- attack
- attacker
- attackers
- Attacks
- Attempts
- attractive
- awareness
- BE
- become
- been
- behalf
- below
- Billion
- blockchain
- blockchain and web3
- blockchain technology
- both
- broadly
- but
- by
- cache
- calgary
- CAN
- Canada
- Catalyst
- categories
- centre
- CFTC
- chainalysis
- challenges
- classified
- closely
- code
- community
- complexity
- components
- comprehensive
- concerning
- consultation
- continue
- contract
- contracts
- control
- create
- created
- Crowdfunding
- crypto
- crypto community
- crypto firms
- Crypto funds
- Crypto Industry
- cryptocurrency
- cybercriminals
- Cybersecurity
- decentralized
- decentralized governance
- Decline
- decrease
- DeFi
- DeFi hack
- defi platforms
- DEFI PROTOCOL
- DeFi protocols
- DeFi security
- Despite
- detailed
- Developer
- digital
- Digital Assets
- Digital token
- diminishing
- direct
- Direct access
- distributed
- do
- down
- Drop
- ecosystem
- Education
- encouraging
- engaged
- enough
- Ether (ETH)
- evolving
- examination
- Exploit
- exploiting
- exploits
- failures
- Falls
- Feb
- Fees
- few
- finance
- financial
- financial innovation
- findings
- fintech
- Firm
- firms
- Flash
- flash loan
- flawed
- For
- from
- funding
- funding opportunities
- funds
- further
- future
- Gain
- gaining
- Gains
- get
- Global
- Global Payments
- governance
- Government
- granting
- Grow
- hack
- hacker
- hacking
- hacks
- had
- Halborn
- heightened
- helps
- High
- highlighting
- hope
- How
- However
- http
- HTTPS
- Impact
- implemented
- improvement
- in
- incidents
- Including
- Increase
- indicates
- individual
- industry
- influence
- information
- Innovation
- innovative
- inside
- insights
- Insurtech
- Intelligence
- interact
- into
- Investigations
- investment
- involve
- involves
- involving
- ITS
- itself
- Jan
- jpg
- Key
- keys
- knowledge
- landscape
- large-scale
- later
- launch
- layer
- Leaks
- legitimate
- like
- Liquidity
- liquidity pool
- loan
- Look
- loss
- machine
- Main
- malicious
- manipulating
- Manipulation
- Market
- max-width
- May..
- mechanisms
- member
- Members
- Mining
- more
- must
- needs
- networking
- nodes
- normal
- notable
- number
- of
- offer
- Offers
- on
- On-Chain
- ongoing
- operation
- opportunities
- or
- Oracles
- osc
- Other
- Other Protocols
- outside
- over
- overall
- owned
- partners
- payments
- peer to peer
- per
- perks
- permissioned
- permissions
- Platforms
- plato
- Plato Data Intelligence
- PlatoData
- please
- Police
- policymakers
- pool
- popularity
- practices
- present
- previously
- Prices
- primarily
- private
- Private Key
- privileged
- processes
- Program
- project
- projects
- Proposals
- protocol
- protocols
- provided
- provides
- Publishes
- recent
- reduction
- reflect
- Regtech
- related
- remains
- report
- revealing
- Reveals
- rights
- Rise
- rising
- s
- Sectors
- secure
- security
- sending
- server
- Services
- several
- shift
- Shows
- significant
- signing
- smart
- smart contract
- Smart Contracts
- Software
- Solutions
- Someone
- sophistication
- Space
- specializing
- spend
- stakeholders
- State
- Stem
- Stewardship
- stolen
- stolen funds
- structure
- Subsequently
- such
- suggest
- Suggests
- surge
- Systems
- targets
- Technology
- that
- The
- The Landscape
- The State
- thefts
- Them
- There.
- These
- they
- third-party
- this
- those
- thousands
- threat
- Through
- to
- today
- token
- Tokens
- Total
- transfers
- Transform
- Trends
- trick
- two
- type
- used
- users
- uses
- Validator
- validator nodes
- value
- vectors
- vibrant
- Virtual
- virtual machine
- Visit
- Voting
- Vulnerabilities
- Wallets
- wants
- was
- Way..
- Web3
- Western
- when
- which
- while
- will
- with
- within
- workflow
- works
- year
- zephyrnet