In a research report, the Beosin EagleEye platform, a subsidiary of Beosin, a blockchain security audit company, disclosed that Web3 encountered substantial losses of about $890 million due to diverse security breaches, phishing scams, and rug pulls during the third quarter of 2023.
A detailed breakdown of the losses indicates that 43 distinct hacker attacks were responsible for a cumulative loss of roughly $540 million. Simultaneously, losses from phishing scams amounted to approximately $66.15 million.
Furthermore, a total of 81 rug pulls within projects contributed to an overall loss of around $280 million during this period.
DeFi Accounted for 67.4% of all Incidents
Decentralized Finance (DeFi) continued to be the primary focus of security breaches, constituting 67.4% of all incidents, with a total of 29 reported attacks.
Within the spectrum of project types, public chains endured the most significant losses, with Ethereum alone registering a substantial loss of $227 million. Ethereum also led in the number of security incidents, recording 16 during the quarter.
In terms of attack methods, private key leaks emerged as the most financially damaging, resulting in losses amounting to $223 million.
It’s worth noting that a considerable portion of the pilfered funds, totaling approximately $360 million, remained under the control of the hackers. This represents a concerning 67% of the overall total, emphasizing the persistent challenge of fund recovery in the realm of cybersecurity.
10% of Stolen Funds Were Retrieved in Q3 2023
Despite concerted efforts, the endeavor to recover stolen assets saw only limited success, with a mere 10% of the pilfered funds successfully retrieved during the quarter.
The audit landscape demonstrated that both audited and unaudited projects faced the impact of security incidents almost evenly, with audited projects accounting for 48.8% and unaudited projects making up 46.5% of the affected cases.
While blockchain technology continues to bring about transformative changes across various industries, the ongoing and prevalent threat of cyberattacks and scams remains a significant and pressing concern.