Crypto Security Incidents Surge: $700M Lost in Q3 2023

Exit fraud and oracle manipulation incidents also occurred, resulting in $55 million and $16 million in losses, respectively.

Crypto Security Incidents Surge: $700M Lost in Q3 2023
Crypto Security Incidents Surge: $700M Lost in Q3 2023

According to the quarterly report of blockchain security firm CertiK, the third quarter of 2023 was the “most financially damaging” quarter of the year, with almost $700 million in digital assets lost to various security incidents.

Within the report, CertiK highlighted 184 security incidents in July, August, and September 2023, with over $699 million in crypto assets lost during the quarter, surpassing the first- and second-quarter losses of $320 million and $310 million, respectively.

Private key compromises have been identified as the most costly exploit, costing over $204 million across 14 incidents. According to the report, the Multichain incident, in which the project’s CEO had exclusive control over private keys, resulted in a $125 million loss.

The incident demonstrated that centralized control of private keys for enterprises could result in a vulnerability, which in the case of Multichain led to the cessation of operations.

In addition to private key exploits, exit schemes and oracle manipulation were prevalent during the quarter. More than $55 million in digital assets were stolen in 93 exit fraud incidents during the quarter, according to the report.

Incident counts and amount lost in Web3 security incidents in Q3 2023. Source: CertiK

In the meantime, 38 instances of Oracle manipulation stole over $16 million in cryptocurrency. The exploit of the cross-chain protocol Mixin Network contributed the most to September being the month with the highest number of crypto breaches in 2023.

After the incident on September 25, Mixin Network suspended all withdrawals and deposits. The company later verified that assets worth $200 million were removed from its mainnet.

CertiK’s quarterly report also highlighted that Lazarus, a cyber group affiliated with North Korea’s government, remained a “dominant threat actor” during the quarter.

The group was responsible for at least $291 million in confirmed losses in 2023, according to the report, and continued its operations in the third quarter.