Web3 protocols saw decline in security-related losses in Q2, but exit scams were on the rise
Web3 protocols experienced a significant decrease in security-related losses during the second quarter of this year, according to a report from CertiK. The total amount lost to hacks and exploits dropped by 58% to $313.5 million, down from $745 million during the same period last year. This decline suggests that the industry’s technical defenses and security protocols are becoming more effective.
Decrease in funds lost to cybersecurity breaches
The decrease in funds lost to cybersecurity breaches can be attributed to the improved security measures implemented by cryptocurrency exchanges, blockchain networks, and individual developers. These entities are now investing more in threat detection, vulnerability management, and incident response. As a result, the total losses for the second quarter represent a slight drop from the $330 million recorded in the first quarter of this year.
Q2 incidents and losses
During the second quarter of 2023, there were 212 security incidents, with an average loss of $1.5 million per incident. April and June were particularly active months for bad actors, with over 70 incidents each resulting in more than $100 million in losses. May, on the other hand, had the fewest number of exploits, with 63 incidents and losses totaling $74.6 million.
Rise in exit scams
Exit scams, also known as rug pulls, accounted for the majority of security incidents in the second quarter. A rug pull occurs when a project team unexpectedly abandons the project and sells all its liquidity after accepting investor funds. During this period, 98 projects were rug pulled, resulting in a total loss of $70.35 million. This is more than double the $31 million lost to exit scams in the first quarter.
Some notable exit scams during the quarter include Morgan DF Fintoch, which stole over $30 million, as well as Ordinals Finance and Chibi Finance, which stole roughly $1 million each.
Other security breaches
Apart from exit scams, flash loans and oracle manipulation were responsible for 54 incidents and $23.7 million in losses. Additionally, there were security breaches classified as “others,” which resulted in a loss of $219.5 million.
Targeting projects on BNB Chain
CertiK’s report highlighted the increasing targeting of crypto projects on the BNB Chain by malicious actors. The network saw 119 security incidents, resulting in losses of $70.7 million. Ethereum recorded 55 security breaches, with losses totaling $66 million. Arbitrum experienced 14 exploits amounting to $14.1 million in losses, while Multichain had five exploits resulting in a loss of $10.2 million. Avalanche and Polygon recorded five incidents each, with losses amounting to $2.4 million.
However, there were also 19 incidents where $150.3 million was stolen from other chains and off-chain events. The most significant individual exploit in the quarter was the $100 million exploit of Atomic Wallet.
Overall, while security-related losses in the Web3 industry have declined, exit scams remain a significant concern. It is crucial for investors and users to exercise caution and conduct thorough due diligence before participating in any crypto project.