Over the past six months, the Web3 space has witnessed an alarming increase in hacking incidents, leading to significant financial losses for the victims. According to recent reports from PeckShield and CertiK Skynet, these attacks have targeted various facets of the decentralized finance (DeFi) ecosystem, exploiting vulnerabilities and leaving many investors reeling in shock. In this investigative report, we examine the extent of the damage caused by these hacks and shed light on the primary attack vectors used by cybercriminals.
The Numbers:
In the first half of 2023 alone, the crypto community endured a staggering 395+ major hacks, with 386 of them specifically targeting DeFi platforms. These breaches resulted in a jaw-dropping loss of approximately $479.4 million for the victims. This exponential rise in hacking incidents has sent shockwaves through the Web3 ecosystem, raising concerns about the security and robustness of blockchain technology.
The Top 10 Hacks:
What’s particularly alarming is that the top 10 hacks alone accounted for a whopping 79% of the total stolen funds. These breaches collectively drained $378.3 million from various platforms, leaving investors and developers in a state of incredulity. The scale and sophistication exhibited by these attacks serve as stark reminders of the constant vigilance required when engaging with the crypto space.
Primary Attack Vectors:
When dissecting the modus operandi of these hackers, it becomes clear that certain attack vectors were more prevalent than others. Among the 386 DeFi hacks, the top three attack vectors were logic bugs, accounting for 46% of the incidents, followed by oracle manipulation at 15%, and privilege exposure at 14%. These vulnerabilities were skillfully exploited by cybercriminals to gain unauthorized access and orchestrate these devastating attacks.
Flashloans and Public Blockchains:
Another disconcerting trend revealed by the analysis is the utilization of flashloans. A staggering 71% of the attacks made use of this technique, highlighting the growing appeal of this financial tool to criminals within the crypto space. Additionally, more than ten public blockchains experienced hacking incidents during this period. Notably, Ethereum, the world’s second-largest cryptocurrency, emerged as the primary target, suffering losses amounting to approximately $287 million.
Specific Incidents:
The CertiK Skynet team recently detected a flashloan attack on the BNO (BNO) project, causing the token to plummet by over 98%. This incident resulted in an estimated loss of around $505,000, emphasizing how vulnerable even established platforms can be to such sophisticated exploits. Additionally, CertiK Skynet also uncovered reports of a phishing link posted in the Flex_strk Discord Server, raising concerns about the overall security posture of the project.
The first half of 2023 has been tumultuous for the Web3 ecosystem as it grapples with an unprecedented surge in hacking incidents. The DeFi space, in particular, has borne the brunt of these attacks, highlighting the urgent need for robust security measures and ongoing audits to safeguard investor funds. As the crypto industry grows and evolves, stakeholders must remain vigilant and proactive in mitigating risks, ensuring a safer and more secure environment for users to transact and invest in digital assets.
