Over $300 Million Lost to Web3 Hacks an
Although the total amount lost during the second quarter of 2023 was lower compared to 2022, there was an observed increase in the value lost specifically due to exit scams. Exit scams accounted for approximately $70 million during the reported quarter.
According to the quarterly report compiled by blockchain security company, CertiK, on-chain data reveals that over $300 million worth of digital assets were lost to cryptocurrency hacks and exploits during the second quarter of 2023.Based on CertiK’s report, a total of 212 security incidents were reported in the quarter wherein malicious individuals managed to drain a cumulative amount of $313,566,528 from Web3 protocols. Compared to Q2 2022, hacks and exploits resulted in a loss of $745 million, representing a 58% decrease in the amount of funds lost during the reported period. Although the total amount lost during the second quarter of 2023 was lower compared to 2022, there was an observed increase in the value lost specifically due to exit scams. Exit scams accounted for approximately $70 million during the reported quarter.
At the same time, Q2 saw a decrease in losses due to Oracle manipulations attacks and flash loans. During the first quarter, there were a total of 52 oracle manipulation attacks, resulting in losses of approximately $222 million. Notably, the Euler Finance hack accounted for 85% of these losses.
In Q2, there were a total of 54 flash loan and oracle manipulation attacks, resulting in losses of approximately $23 million. This marked an 89% decline in losses compared to the first quarter.
Oracle manipulation attacks involve exploiting vulnerabilities in the price oracles used in decentralized applications (DApps) and smart contracts.
Oracles provide external data, such as asset prices or market information, to the blockchain-based applications. By manipulating the data fed into the oracle, attackers can deceive smart contracts and DApps, leading to fraudulent activities, including price manipulation, front-running, and inaccurate execution of financial transactions.
Flash loan attacks are a type of DeFi attack where someone takes out a flash loan (a form of uncollateralized lending) from a lending protocol and uses it in conjunction with various types of gimmickry to manipulate the market in their favor.
Among the blockchains studied for CertiK’s report:
- BNB Chain had the highest number of incidents, with a total of 119, resulting in losses of $70,711,385
- Ethereum ranked second, with 55 incidents resulting in hackers obtaining $65,999,953