Cryptocurrency hacks have seen a significant upsurge in the third quarter of 2023, with criminals making away with $727million, more than double the amount stolen in the previous quarter.
But a specific focus was on crypto rug pulls, making up the largest amount of exploits in crypto. These types of scams accounted for more than 65% of all hacks in the quarter.
This frequency of rug pulls is due to the ease of creating these schemes. The report said: “Serial scammers use token factories that exhibit the same behaviour to produce fraudulent tokens on a mass scale,” the report notes.
Hacken’s quarterly security insights aim to spot the trends in crypto hacks and analyse how projects approach security breaches.
Access control breaches cause major losses
Access control attacks were the most damaging type of hack this quarter, resulting in $449m lost over eight incidents. These attacks involve hackers gaining control of sensitive security details, often allowing them to access crypto directly.
The Hacken report said: “EOAs are particularly at risk since seed phases are their sole protection. With a private key, attackers can seize assets across chains and various addresses originating from that key.Moreover, many projects store substantial assets in EOAs, incentivizing attackers to create elaborate schemes for massive gains.”
The largest access control breach was when Mixin Network lost $142m after an exploiting their cloud database storage, demonstrating the high cost of lapses in security protocols.
These exploits had an average loss of $58m per incident, according to the report.
Rug pulls can be prevented according to Hacken
Rug pulls have been recorded as dominating the scam space in the recent quarter. These scams occur when developers hype a cryptocurrency, sell their share, and vanish, leaving the token to plummet.
The scam type made up 65% of Q3’s hacks. However, they had a relatively low average scam amount of $638,594.
Despite this, Hacken notes they’re preventable. Hacken’s scrutiny of 78 rug pulls revealed that only 12 had any audit on record.
The company’s co-founder and CEO, Dyma Budorin, attributed the oversight by investors to FOMO (fear of missing out), leading them to ignore such critical precautions.
Budorin said: “This desire for substantial returns in a short timeframe often causes individuals to overlook red flags and impulsively dive into investments.”
However, Budorin cautioned that the presence of an audit report isn’t a security guarantee. Investors need to scrutinise these reports, not just accept them at face value, as some projects still receive poor audit scores. This nuance often gets overlooked, creating a false sense of security around certain investments.
Hacken concluded its report stating: “The analysis of this quarter’s hacks underscores the ongoing need for enhanced blockchain security awareness and action among users, projects and auditors.”