The cryptocurrency sector experienced $413 million in losses due to hacks and scams during the third quarter of this year, occurring across 34 incidents, as reported by Immunefi, a platform specializing in web3 bug bounties and security services.
This figure marks a 28% decline from the $573 million lost to exploits in the second quarter and represents a 40% drop compared to the $686 million stolen in the same quarter last year. To date, over $1.3 billion has been taken through hacks and fraud, reflecting a 4% decrease from the corresponding period in 2023, according to Immunefi’s analysis.
With approximately $90 billion locked in total value across web3 protocols, as indicated by DeFiLlama, decentralized finance (DeFi) remains a significant target for attackers, comprising 31 out of the 34 incidents identified by Immunefi in Q3. However, centralized finance (CeFi) suffered greater losses overall, accounting for 74.8% ($309 million) of the total, compared to 25.2% ($104 million) attributed to DeFi.
Mitchell Amador, the founder and CEO of Immunefi, remarked, โWe are observing a greater number of incidents impacting DeFi, whereas CeFi sees fewer incidents but often incurs more substantial losses, with individual exploits resulting in hundreds of millions stolen.โ He further explained that in CeFi, the primary issue lies in private key management, which is crucial for maintaining the self-custody of crypto assets but often lacks thorough security audits. โRobust key management policies, practices, and emergency plans are essential,โ he added.
Latest: Spot Bitcoin ETFs See Positive Flows: $105M Net Inflows!
The bulk of the losses stemmed from two major exploits, which together accounted for $287 million, or 69.5% of the total. The most significant incident was a $235 million breach of the Indian crypto exchange WazirX on July 18, followed by a theft of $52 million from the Singapore-based exchange BingX on September 20.
July recorded the highest losses for the quarter, totaling $282 million. This figure sharply dropped to just $15 million in August, but September saw an uptick with an additional $116 million in losses. Of the stolen funds in Q3, $14.9 million (3.6%) was recovered from two incidents: $10 million from Ronin Network and $4.9 million from ShezmuTech.
Ethereum and BNB Chain Most Targeted Networks
In terms of losses, hacks continued to overshadow fraud, with hacks accounting for 99.3% ($409.9 million) of the total across 31 incidents, compared to fraud, scams, and rug pulls, which represented only 0.7% ($3.1 million) across three specific cases.
Ethereum and BNB Chain remained the most targeted networks, mirroring trends from Q2. Ethereum suffered the highest number of attacks, with 15 incidents contributing to 44.1% of losses among targeted chains, followed by BNB Chain, which experienced eight incidents representing 23.5%. Other affected networks included Base, Blast, Solana, and Arbitrum.
Immunefi has stated that it has paid out over $100 million in bounties to ethical hackers and researchers over three years, resulting from more than 3,000 bug bounty reports, including a notable $10 million reward for a vulnerability found in Wormholeโs cross-chain protocol.