By 2023, the blockchain security environment will see $50 billion less in cryptocurrency asset losses, indicating a shift toward improved security protocols and the maturation of the DeFi ecosystem.
According to a year-end report from cryptocurrency security company Hacken, the amount of financial damage from hacking and fraud decreased significantly last year. Total losses reached $1.9 billion, a stark contrast to the staggering figures recorded the previous year. The reduction in lost value represents a significant advance in the industry’s efforts to strengthen security measures and address vulnerabilities more effectively.
Across the industry, BNB Chain suffered the most attacks with 214, while Ethereum came in second with 178. In particular, most of the BNB chain and Ethereum hacks were classified as ‘lug pulls’, with 148 and 97 hacks, respectively.
The report also highlights the geographic distribution of blockchain exploits, with significant hotspots emerging in regions with high fintech activity. This geographical analysis provides valuable insight into the global nature of blockchain vulnerabilities and the need for a coordinated international response to address these issues.
The United States had the most with 15, followed by Singapore (13) and the United Kingdom (5) in second and third places. China ranked fourth with four, with an average of $5 million stolen per hack, the lowest compared to the United States ($10 million), Singapore ($23 million), and the United Kingdom ($40 million).
A decrease in losses compared to the previous year does not mean a decrease in the threat environment. Rather, the number of attacks increased by 14% compared to the previous year, highlighting that the attack surface is evolving and expanding. From sophisticated access control violations to flash loan attacks, the diversity of these attacks indicates that attackers are continually refining their strategies to exploit the complex web of DeFi and blockchain technology.
The most serious theft this year involved a multichain bridge, with $231 million lost, posing a significant risk to the security of cross-chain operations. Despite the high-profile nature of some of the attacks, the industry recovered a significant portion of the assets stolen through exploited protocols (about 20%, or $400 million) in the first year. This recovery was made possible through rapid response teams, the goodwill of certain hackers, and increased law enforcement activity.
Hacken’s report further highlights the importance of comprehensive audit coverage and the role of bug bounty programs in identifying and mitigating vulnerabilities before they are exploited. Despite these security measures, data shows that many projects are inadequately protected due to lack of audits or inadequate code deployed and audits performed. These gaps in security preparedness highlight the need for a more proactive and thorough approach to security audits, ensuring they are comprehensive and relevant to deployed blockchain code.
Hacken also highlights the effectiveness of real-time monitoring tools and the development of secure wallet technologies as critical components of a strong security framework. These tools play a critical role in strengthening the overall security posture of blockchain platforms and protecting user assets by detecting and mitigating potential threats early.
Looking forward to 2024, the report provides forecasts and recommendations to address future security challenges. Vulnerabilities are expected to increase as the industry continues to innovate and expand, especially as it adopts new Layer 1 and Layer 2 solutions. The report calls for continued emphasis on access control and flash loan attack prevention, the importance of fostering a proactive security culture, and the need for collaboration within the industry to strengthen collective defense mechanisms.
While progress has been made in reducing the financial impact of attacks, it is clear that combating cryptocurrency-related crime is an ongoing challenge to maintain the continued growth and stability of the DeFi sector.