Web3 security losses in Q3 2023 escalate to $889.26M.
North Korean APT group Lazarus emerges as a significant threat, responsible for over $208M in thefts.
Ethereum remains the most targeted blockchain, with losses totaling $227M.
Alarming Surge in Q3 2023 Losses
According to a recent report jointly released by Beosin and SUSS NiFT on September 27, 2023, the third quarter of this year has seen a disturbing rise in Web3 security incidents. Losses have skyrocketed to $889.26M, a figure that outstrips the combined losses of the first two quarters of the year, which were $330M and $333M respectively.
The Lazarus Group: A Formidable Adversary
The report highlights the North Korean APT group Lazarus as a major security threat in Q3 2023. The group has been implicated in thefts totaling over $208M across four significant attacks. Their tactics are complex, involving a range of methods from social engineering to brute force attacks, indicating a high level of sophistication.
Types of Attacks and Vulnerabilities
Private key compromises led the way in types of attacks, causing losses of $223M. Cloud database attacks, notably the Mixin Network incident, accounted for $200M. Contract vulnerabilities were also significant, leading to about $93.27M in losses. DeFi projects were the most frequent targets, suffering 29 attacks that led to $98.23M in losses.
Blockchain and Project Types Most Affected
Ethereum continues to be the most targeted blockchain, with losses amounting to $227M and 16 major attacks. Public blockchains were the most affected among project types, primarily due to the $200M Mixin Network hack. Payment platforms were the next most affected, with two incidents causing combined losses of $97.3M.
Audit and Regulatory Concerns
The report also sheds light on the audit status of the attacked projects. The proportion of audited and non-audited projects was nearly equal, at 48.8% and 46.5% respectively. This raises questions about the effectiveness of current auditing practices in the industry.
Recommendations and Future Outlook
The report suggests that crypto service providers need to be extra vigilant, especially against sophisticated adversaries like the Lazarus group. It recommends regular security training for employees and the implementation of robust monitoring and alert systems.
Image source: Shutterstock