1. H1 2023 Web3 Security Overview

According to statistics from Beosin EagleEye platform, the total losses from hacks, phishing scams, and rug pulls in Web3 reached $655.61 million in the first half of 2023. Among them, 108 attacks resulted in a total loss of approximately $471.43 million. Phishing scams accounted for a total loss of approximately $108 million, and there were 110 rug pulls with a total loss of approximately $75.87 million.

2023 H1 Total Losses

The total loss from hacks in Web3 has significantly decreased compared to last year. In H1 2022, the total loss from attacks was approximately $1.91 billion, and in H2 2022, it was about $1.69 billion, while in H1 2023, this value dropped to $471 million.

2021-2023 Loss In Hacks

In terms of project types, DeFi remains the most frequent target and the type with the highest losses. The total loss from 85 DeFi security incidents reached $292 million, accounting for 62% of the total losses.

In terms of blockchain platform types, 75.6% of the loss amount came from Ethereum, totaling approximately $356 million, ranking first among all blockchain platforms.

In terms of attack types (classified according to root causes), the most frequent and financially damaging attack type was contract vulnerability exploits. Sixty incidents of contract vulnerabilities resulted in a loss of $264 million, accounting for 56% of the total losses.

In terms of fund flows, approximately $215 million of stolen assets were recovered, accounting for 45.5% of all stolen assets. Additionally, approximately $113 million were transferred to Tornado Cash and other mixers.

In terms of audit status, approximately 49% of the attacked projects had not undergone an audit.

In contrast to the decreasing trend in hackers compared to 2022, phishing scams and rug pull events were more frequent in the first half of 2023. According to incomplete statistics, the total amount involved in these two types of events reached at least $184 million. The lower barrier to entry for phishing scams, such as the sale of malicious toolkits by some wallet drainers where buyers can share profits with them after profiting, has led to a significant increase in phishing scams in the first half of 2023, becoming a major threat to the security of Web3 users.

2. Overview of Hacks

108 attacks resulting in $471.43 million in losses

In the first half of 2023, Beosin EagleEye monitored 108 major attacks in the Web3 space, with a total loss of approximately $471 million. There was one security incident with loss exceeding $100 million, 7 incidents with losses ranging from $10 million to $100 million, and 23 incidents with losses ranging from $1 million to $10 million.

H1 2023 Top Hacks (Exceeding $10M)

Attacks with losses exceeding $10M (in descending order):

● Euler Finance - $197 million

On March 13, the DeFi protocol Euler Finance was attacked for $197 million. On April 4, Euler Labs announced on Twitter that the attacker had returned all stolen funds after successful negotiations.

● Atomic Wallet - $67 million

On June 3, several Atomic Wallet users reported on social media that their wallet funds had been stolen, with estimated losses of at least $67 million. The stolen funds were then laundered by the hackers through the Sinbad mixer, and the cause of the attack is still under investigation.

● MEV attack - $25 million

On April 3, several MEV robots were the victims of malicious sandwich attacks, resulting in a total loss of approximately $25 million.

● Bitrue - $24 million

On April 14th, cryptocurrency exchange Bitrue's hot wallet was hacked, leading to a loss of $24 million.

● FPG - $20 million

On June 11, cryptocurrency brokerage Floating Point Group (FPG) was attacked, resulting in a loss of approximately $20 million.

● GDAC - $13 million

On April 9, South Korean cryptocurrency exchange GDAC was targeted in a hack that resulted in a loss of nearly $13 million.

● Yearn Finance - $11.5 million

On April 13, Yearn Finance's YUSDT contract was hacked, resulting in a profit of over $10 million for the attacker.

● MyAlgo Wallet - $11.2 million

In February, MyAlgo Wallet suffered a man-in-the-middle attack resulting in a loss of $11.2 million.

3. Types of Attacked Projects

$292 million lost in 85 DeFi security incidents

In the first half of 2023, a total of 85 security incidents occurred in the DeFi sector, accounting for 78.7% of the total number of attacks. The total loss in DeFi reached $292 million, representing 62% of the total loss. DeFi projects experienced the highest frequency of attacks and the highest amount of losses compared to other project types.

Loss Amount by Project Type

Out of the 85 DeFi security incidents, 51 incidents originated from contract vulnerabilities, resulting in a loss of $249 million, accounting for 85% of the total DeFi losses.

Wallet attacks caused approximately $78.2 million in losses, ranking as the second highest among all project types. The Atomic Wallet attack alone resulted in a loss of at least $67 million, while the MyAlgo wallet attack caused a loss of $11.2 million.

Loss Amount by Project Type (%)

The third-ranked project type in terms of losses is exchanges, with approximately $50.14 million in losses. Exchange attacks maintained a trend of frequent attacks, as seen in the ranking of losses throughout the entire year of 2022.

Cross-chain bridge projects ranked first in terms of losses in 2022 ($1.89 billion), but in the first half of 2023, the losses significantly decreased to $1.38 million.

4. Loss by Chain

75.6% of the loss amount was on Ethereum

Loss Amount by Chain

In the first half of 2023, a total of 27 major attacks occurred on Ethereum, resulting in losses of approximately $356 million. Around 75.6% of the amount lost comes from Ethereum, ranking first among all chains.

BNB Chain witnessed the highest number of attacks, reaching 58 cases, which accounted for 53.7% of all security incidents. Out of the 58 attacks on BNB Chain, 40 of the targeted projects had not undergone any form of auditing.

A total of 7 attacks on Arbitrum have caused approximately $16.71 million in losses. Losses and the number of incidents have increased compared to 2022, where Arbitrum had only experienced two major security incidents throughout the entire year.

In 2022, Solana ranked third in terms of loss amount among all public blockchains. However, no major attacks were detected on Solana in the first half of 2023.

Count by Chain (%)

5. Loss by Attack Type

Contract vulnerability exploits saw the most frequency and the highest loss amount

Loss Amount by Attack Type

*Note: When multiple attack techniques are present, classification is based on the root cause. Attacks with insufficient information or undisclosed reasons are classified as "Unclear."

In the first half of 2023, the most frequent attack type with the highest loss amount was contract vulnerability exploits. A total of 60 contract vulnerability exploits resulted in losses of $264 million, accounting for 56% of the total losses.

Approximately $100 million worth of security incidents were categorized as "Unclear" in terms of attack types. This includes events such as the theft of $67 million from the Atomic Wallet and a $20 million attack on the cryptocurrency brokerage firm FPG. These incidents involve significant amounts of funds and affect numerous users. It is recommended that projects actively collaborate with third-party security companies, promptly disclose investigation results, take necessary remedial measures, and assume responsibility for the security of user assets while investigating the causes of such events.

Additionally, there were 7 incidents of private key compromise, resulting in losses of approximately $27.67 million. In 2022, private key compromise also ranked third among all attack types. Private key compromise continue to pose a threat to project security. Strengthening the professional ethics and security awareness management of core team members is particularly important, as evidenced by some incident disclosures.

Loss Amount by Attack Type (%)

Loss Amount by Vulnerabilities

In terms of vulnerability types, the top three causes of losses were business logic flaws, access control, and reentrancy. A total of 36 business logic vulnerabilities resulted in losses of approximately $239 million, accounting for 90% of all losses caused by contract vulnerabilities. These types of vulnerabilities are often overlooked by developers and can lead to significant losses once exploited. In fact, 9 incidents had losses exceeding $1 million each. It is recommended that project teams seek experienced professional auditing firms to conduct audits.

6. Typical Security Incidents in H1 2023

6.1  Euler Finance

6.2  BonqDAO

6.3  Platypus Finance

6.4  Yearn Finance

6.5  MEV bot

(Read the full pdf version for more details)

7. Typical AML Security Incident

Atomic Wallet $67 Million theft incident

On June 3, several Atomic Wallet users reported on social media that their wallet funds had been stolen. The attack caused a loss of at least about $67 million. The theft involved a total of 21 chains, including BTC, ETH and TRX. The stolen funds were mainly concentrated in the ethereum chain.

7.1 Ethereum

1. Money Laundering through Contract Diversification and Avalanche Cross-Chain

2. Direct Diversification without Contracts and Launder through Various Cross-Chain Bridge Protocols and Exchanges

7.2 TRON

7.3 BTC Chain

(Read the full pdf version for more details)

8. Stolen Fund Flow

45.5% of stolen assets were recovered

In the first half of 2023, according to Beosin KYT, a virtual asset anti-money laundering compliance and analysis platform, approximately $215 million of stolen assets were recovered, accounting for 45.5% of all stolen assets. In contrast, in 2022, only 8% of stolen assets were recovered. The chances of fund recovery have significantly increased in 2023. In addition to negotiations with hackers for recovery, there has been an increase in cases where recovery is achieved through the combined efforts of security firms, law enforcement agencies, and community involvement. Furthermore, the improvement of global regulatory systems and increased enforcement efforts have acted as a deterrent to hacker activities.

Stolen Fund Flow 2023 H1

Approximately $113 million of stolen assets were transferred to mixers. Among them, approximately $45.38 million was transferred to Tornado Cash, and approximately $68.14 million to other mixer platforms. Since Tornado Cash faced sanctions by the U.S. Office of Foreign Assets Control (OFAC) in August 2022, the total amount of funds mixed using Tornado Cash has significantly decreased. However, the usage of other mixer platforms such as FixedFloat and Sinbad has noticeably increased.

9. Audit Status Analysis

The proportion of audited and unaudited projects is roughly equal

Out of the 108 attacked projects, 51 had undergone audits, while 53 had not. The proportion is roughly the same as in 2022.

Whether Audited by Count

Among the 51 audited projects, 31 (60%) were attacked due to contract vulnerabilities. This ratio is higher than last year's 45%, indicating that the quality of the entire audit market is still not optimistic. It is recommended that project teams must seek professional security companies for auditing.

10. Rug Pulls

$75.87 million lost in 110 rug pulls 

In the first half of 2023, the Web3 domain witnessed a total of 110 major Rug Pull events, involving approximately $75.87 million.

In terms of the amount involved, there were 14 Rug Pull events (12.7%) with amounts exceeding $1 million, 41 events (37.3%) in the range of $100,000 to $1 million, and 55 events (50%) with amounts below $100,000.

The largest Rug Pull event in terms of the amount was the Fintoch project, which took away approximately $31.6 million in assets.

Top 10 Rug Pulls H1 2023

In terms of blockchains, BNB Chain experienced 80 Rug Pull events, involving an amount of $53.37 million, which was significantly higher than other public blockchains.

Rug Pulls by chain

11. Summary

Overall, total losses from hacks in the Web3 space have declined significantly compared to 2022. In the first half of 2022, the total loss from attacks was approximately $1.91 billion, which decreased to around $1.69 billion in the second half of 2022. However, in the first half of 2023, this value dropped to $470 million, and approximately $215 million of stolen assets were recovered. Hacks have exhibited a substantial slowdown, and the main reasons contributing to this phenomenon include the gradual improvement of global regulatory systems, increased law enforcement efforts, improved security awareness among projects, the sanctioning of Tornado Cash, and enhancements in anti-money laundering (AML) technology and procedures. Additionally, there have been cases where the community has relied on off-chain intelligence to identify hacker identities and force them to return stolen funds.

Despite the significant slowdown in hacker attacks, smart contract security issues cannot be ignored. In the first half of 2023, the most frequent and financially impactful attack type was the exploitation of smart contract vulnerabilities. A total of 60 smart contract vulnerability incidents resulted in losses of $264 million, with the majority of vulnerabilities being related to business logic flaws. Some complex business logic vulnerabilities require experienced professional auditing firms to identify. Beosin auditing team conducts in-depth analysis of every hacking incident (on Twitter @BeosinAlert), ensuring that the knowledge and technology derived from these incidents are applied to the auditing process to address any potential attacks.

Contrary to the declining trend of hacker attacks, phishing scams targeting ordinary users have become more frequent. In the first half of 2023, a series of wallet drainer groups, led by Venom Drainer, emerged. They developed malicious toolkits for sale, and buyers would share profits with them after successfully phishing victims. Such phishing scams have affected a wide range of users, with Venom Drainer alone victimizing at least 15,000 individuals. For ordinary users, it is advisable to regularly pay attention to security company alerts, systematically learn about anti-phishing and anti-theft practices, and consider installing anti-phishing plugins, transaction pre-execution tools, and other reminders (while not solely relying on tools, as strengthening one's own security awareness always takes precedence).

Original Link: https://beosin.com/resources/h1-2023-global-web3-security-report-aml-analysis--crypto-r?lang=en-US