Q1 Crypto Attacks Up, Money Lost Is Down: Report

Though total losses are down 64% from 2022’s first quarter, the number of attacks has risen to its highest level in past two years, Immunefi data shows

by Ben Strack /
article-image

Brian A Jackson/Shutterstock modified by Blockworks

share

The number of crypto attacks spiked during the first quarter, though the total losses accumulated over the span are down, according to a report by Web3 security platform Immunefi.

The two major exploits during the first three months of 2023 — ones that targeted Euler Finance and BonqDAO — accounted for $317 million of the $477 million seen during the quarter. 

The $477 million of crypto losses was considerably lower than the first quarter of 2022, in which roughly $1.2 billion was lost, according to Immunefi. 

“Projects have significantly increased their security measures through audits and bug bounties, but blackhats have kept pace,” Immunefi CEO Mitchell Amador said in a statement. “Losses are currently down, but mostly because the amount of funds in crypto has decreased, making hacks less devastating.”

Despite the drop in losses, the number of incidents has risen from 25 in 2022’s first quarter to 73 in the first three months of 2023. This increase reflects the highest quarterly activity the sector has seen in the past two years, Immunefi data shows.

The nearly 200% year-over-year increase could be “a random anomaly,” Immunefi communications lead Jonah Michaels told Blockworks. Or, he added, it could be a result of lower prioritization of security during the bear market and a growing hacker community attracted to the possibility of big gains.

“In the Web2 world, blackhats fight over databases of credit cards and other information that can be difficult to monetize,” Michaels said. “In the Web3 world, blackhats can steal hundreds of millions in the blink of an eye. It’s not hard to understand why they might be attracted to Web3.” 

The most targeted chains

BNB Chain is the most targeted chain, with 33 incidents last quarter. Ethereum followed with 22 incidents.

Adrian Hetman, Immunefi’s tech lead triager, said BNB Chain “lacks a security-first approach and attracts many users looking for a quick way to earn money.”

Attackers exploited BNB Chain last October for $100 million. While decentralized chains are not designed to be stopped, according to a BNB Chain statement at the time, it sought to limit the damage by contacting community validators one by one to halt transactions. The blockchain added it was seeking to expand the validators to boost further decentralization.

A BNB Chain spokesperson did not immediately return a request for comment Tuesday. 

Arbitrum, which had no incidents in last year’s first quarter, endured eight incidents in the months leading up to the launch of its ARB token, followed by Polygon and Optimism with five and three incidents, respectively.

“This quarter should reinforce the importance of security,” Michaels told Blockworks. “To projects, we would recommend they hire someone to focus on security full-time. To whitehat hackers, we would recommend that they double down on their efforts to responsibly disclose bugs before blackhats get their first.”

A rise in recovery

Euler was hit with a flash loan attack last month in what amounted to a $200 million exploit. 

The recovery of $177 million by Euler Finance and about $250,000 by SperaxUSD represent roughly 40% of the total losses endured during the first quarter. 

The recovery level is nearly equal to how much was recovered in all of 2022, making up about 5% of the nearly $4 billion lost last year. 

Euler notified its community Tuesday that additional funds had been returned, bringing the recovery totals up to about $200 million. 

“A plan for the restoration of user assets will be laid out in the coming days for review and consideration by the Euler community,” according to a company statement.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Permissionless III Hackathon

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

learn more

recent research

Research Report Templates (1).png

Research

Why Solana Mobile Should 100x Their Phone Production

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

by Luke Leasure

/

news

article-image

Business

Ledger doubles down with second touchscreen-focused product

Firm known for crypto hardware wallets set to bring another touchscreen option to consumers

by Ben Strack /
article-image

Analysis

Empire Newsletter: Crypto’s next wave of smart money

Plus, BlackRock’s BUIDL is paying out steady yield — and those dividends are growing

by Katherine Ross&David Canellis /
article-image

DeFi

Jito unveils code for Solana restaking network

Solana’s biggest liquid staking provider takes a meaningful step towards restaking

by Jack Kubinec /
article-image

DeFi

Blast incentives aim to attract strong devs, as value leaks

BLAST token skids as Season 2 points plan earns mixed reviews

by Macauley Peterson /
article-image

Analysis

On the Margin Newsletter: Behind the most important economic paper of the year

Plus, a look at the top asset-gathering ETH ETFs after two days of trading

by Felix Jauvin&Ben Strack&Casey Wagner /
article-image

Analysis

Lightspeed Newsletter: Zk compression may help Solana’s data storage problems

Plus, celebrity memecoins are plummeting from their early price runs

by Jack Kubinec&Jeff Albus /