Select Page

Key Takeaways

Web3 security losses in Q3 2023 escalate to $889.26M.

North Korean APT group Lazarus emerges as a significant threat, responsible for over $208M in thefts.

Ethereum remains the most targeted blockchain, with losses totaling $227M.

Alarming Surge in Q3 2023 Losses

According to a recent report jointly released by Beosin and SUSS NiFT on September 27, 2023, the third quarter of this year has seen a disturbing rise in Web3 security incidents. Losses have skyrocketed to $889.26M, a figure that outstrips the combined losses of the first two quarters of the year, which were $330M and $333M respectively.

The Lazarus Group: A Formidable Adversary

The report highlights the North Korean APT group Lazarus as a major security threat in Q3 2023. The group has been implicated in thefts totaling over $208M across four significant attacks. Their tactics are complex, involving a range of methods from social engineering to brute force attacks, indicating a high level of sophistication.

Types of Attacks and Vulnerabilities

Private key compromises led the way in types of attacks, causing losses of $223M. Cloud database attacks, notably the Mixin Network incident, accounted for $200M. Contract vulnerabilities were also significant, leading to about $93.27M in losses. DeFi projects were the most frequent targets, suffering 29 attacks that led to $98.23M in losses.

Blockchain and Project Types Most Affected

Ethereum continues to be the most targeted blockchain, with losses amounting to $227M and 16 major attacks. Public blockchains were the most affected among project types, primarily due to the $200M Mixin Network hack. Payment platforms were the next most affected, with two incidents causing combined losses of $97.3M.

Audit and Regulatory Concerns

The report also sheds light on the audit status of the attacked projects. The proportion of audited and non-audited projects was nearly equal, at 48.8% and 46.5% respectively. This raises questions about the effectiveness of current auditing practices in the industry.

Recommendations and Future Outlook

The report suggests that crypto service providers need to be extra vigilant, especially against sophisticated adversaries like the Lazarus group. It recommends regular security training for employees and the implementation of robust monitoring and alert systems.

Disclaimer & Copyright Notice: The content of this article is for informational purposes only and is not intended as financial advice. Always consult with a professional before making any financial decisions. This material is the exclusive property of Blockchain.News. Unauthorized use, duplication, or distribution without express permission is prohibited. Proper credit and direction to the original content are required for any permitted use.

Image source: Shutterstock

Share it on social networks