This year’s third quarter has emerged as the “most financially damaging” quarter of 2023 with almost $700million in losses in the crypto sector. This was revealed in the quarterly report by blockchain security firm CertiK.
Security incidents crowded Q3 as there were 184 such occurrences in the month of July, August and September this year. Here, private key compromises took the lead in being the most damaging, resulting in a loss of over $204m across 14 incidents.
The report talked about the Multichain incident which led to a loss of $125m. The project’s private keys were under the exclusive control of its CEO, thereby highlighting the possibility of vulnerability in case of centralised control of private keys for businesses.
Multichain’s tumultuous breakdown started in May when its routes were suspended due to an upgrade, with fund transfers taking longer than expected. This was soon followed by crypto exchange Binance’s decision to halt deposit and withdrawal support for some of Multichain bridged tokens as it remained concerned about the uncertainties surrounding the protocol.
In July, on-chain observers concluded that the protocol was attacked for over $100m worth of assets. These were withdrawn from its Fantom bridge on the Ethereum side. A report from blockchain analytics firm Chainalysis suggested that the withdrawals appear to be a “rug pull” by insiders. This then led to Multichain announcing that it is “forced to cease operations” due to a lack of operational funds. Other exploits prevalent in this quarter were exit scams and oracle manipulation. The report noted 93 exit scam incidents and 38 oracle manipulation incidents, taking over $55m and $16m in digital assets, respectively.
September was the biggest month for crypto exploits in 2023, with a whopping $329.8m in crypto stolen. Here, cross-chain protocol Mixin Network accounted for almost two-thirds of the crypto exploit losses. This happened when the Hong Kong-based protocol lost $200m from its mainnet due to a breach of its cloud service provider.
Last month’s other major attacks included the one on the CoinEx exchange and Stake.com, resulting in losses of $53m and $41m, respectively.
The quarterly report also called attention to North Korea’s state-affiliated hacking group Lazarus, tagging them as a “dominant threat actor” in the quarter. The notorious cybercrime organisation is believed to be associated with the Democratic People’s Republic of Korea (DPRK, also known as ‘North Korea’).
The Lazarus group is now held responsible for at least $291m in confirmed losses in 2023 and continued its activities in the third quarter. Last month, it carried out an attack on crypto exchange CoinEx, which drained at least $55m.
The latest report has shown a rising threat to the crypto sector which is now abound with countless hacks, attacks and compromises. Q3 of 2023 has surpassed first-quarter losses of $320m in the sector, as well as the second-quarter losses of $313m.
However, this quarter’s losses are lower than 2022’s first and fourth quarters, when hackers took around $1.3bn and $950m, respectively. At the start of this year, CertiK had suggested that the low amount of losses may be linked to events happening off-chain which had an impact on the crypto industry as a whole. This included issues such as the Silvergate Bank one and the depegging of USD Coin at the height of the Silicon Valley Bank collapse.