2023 In Review: Hacken Security Report 

2023 was a year of significant challenges and developments in the world of crypto security. From sophisticated attack techniques to substantial financial losses, the landscape of digital asset security has faced critical tests – and our report delves into the patterns and trends that shaped the turbulent year. Importantly, the 2023 Hacken Security Report gathers key expert insights, equipping Web3 businesses with evidence-based practices and strategic measures for navigating the evolving landscape of cyber threats.

Some Key Takeaways

• Total losses in 2023 reached a staggering $1.9B
• Access control issues accounted for 50% of these losses
• $275M drained from protocols in flash loan attacks
• 20% of the stolen funds were recovered

Detailed Takeaways from the Report:

Total Value Lost

$1.9 billion was the total yearly losses reached. Compared with the $52.3B loss of 2022, seems like a good dynamic. But a closer look paints a dimmer picture, with the number of attacks growing in numbers and complexity.

The most affected sector was Lending and Borrowing, primarily smart contract-based money markets, followed by bridges and exchanges.

More (Sophisticated) Attacks

2023 recorded a 14% increase in the number of attacks over 2023.

Access control issues were at the heart of 50% of all losses.

Hotspots For Hackers

Singapore and the USA emerged as significant hotspots for cyber exploits, possibly due to the highest fintech activity there – a detailed analysis is included in the full report.

Rug Pulls

The number of rug pulls was higher than all other registered exploits combined. It is expected to observe a surge of rug pulls on networks like Solana. An indicator of this trend is the creation of approximately 100,000 new tokens on Solana in just December. Investment in public security measures was a strong predictor of an exit scam risk, as notably, only 6% of all rug-pulled projects had any form of audit. 

Asset Recovery

Protocols recovered 20% of stolen assets, or $400M, first in the industry.

Audits

Only 10% of exploited contracts underwent any form of audit, and merely half of these were relevant, matching the deployed blockchain code.

Bug Bounties

Only 15% of hacked companies had any bug bounty program. Among these, just 7% had an ongoing bug bounty program covering the exploited smart contracts when the hack occurred.

What to Expect in 2024 and Beyond?

• Access control breaches and flash loan attacks will remain key concerns.
• Rug pulls to continue as standard risk, with a surge on fast-rising networks like Solana.
• Growth in token factories leading to rampant pump-and-dump schemes.
• A potential rise in vulnerabilities due to neglecting audits on new networks as risk-seeking liquidity and experimentation attention shifts from Ethereum to Layer 2 solutions.

Security Recommendations

 To improve security in 2024, businesses should invest in:

• Comprehensive auditing and ongoing monitoring
• Proactive security culture via bug bounty programs
• Stringent access controls like multisig wallets
• Security-rich features for wallets and extensions 
• Better scam education for communities

As the industry grows, proactive and resilient security measures will be essential to prevent incidents in the upcoming bull run.

Download the Full Report

For a deeper dive into the intricate details of these findings and to equip yourself with knowledge for a more secure future in the crypto space, we invite you to download our comprehensive 2023 Hacken Security Report.