security

Reports of Web3 and DeFi hacks surge during Q1 2023 The Block – The Block


Analysis from Naoris Protocol, a global cyber security firm, reveals there was a rise in the number of reported cyber security hacks on Web3 and DeFi in Q1 2023 compared to the same period in 2022 and 2021 – with 19 reported hacks.

This is up from 16 reported hacks in Q1 2022 and 10 reported hacks in Q1 2021.

Between 1st January 2023 and 14th April 2023 there were 22 reported cyber security hacks, totaling over $265 million in losses. The biggest single hack in Q1 2023 stole $197 million from Euler Finance.

The most common types of cyber security hack – Protocol logic

The most common type of hack so far in 2023 is one that targets a weakness in protocol logic. There were 11 of these types of hacks reported in the first quarter of this year, totaling $230 million in losses, which is less than half the amount lost in the same period in 2022. However, the number of these reported hacks in Q1 2023 was almost double that of Q1 2022, which saw six protocol logic attacks, but which totaled $471.8 million in losses.

There were also four attacks in Q1 2023 which targeted a weakness in the interaction between multiple protocols, classified as Ecosystem (there have been a further three reported attacks of this type since 1st April); two infrastructure attacks and two rug-pulls.

Types of attack year to date

Classification of cyber security attack (1st Jan 23 – 14th Apr 23) Total amount lost (US$) Number of reported cyber security hacks
Protocol logic 230.3 million 11
Ecosystem 23.9 million 7
Infrastructure 9.3 million 2
Rugpull 1.9 million 2

Targeting a weakness in protocol logic was also the most common type of attack in Q1 2022, with six in total valuing $471.8 million. During 2021, the attack type was one that targeted a weakness in the interaction between multiple protocols – classified as Ecosystem – with four recorded in the first quarter, totaling $52.8 million lost.

Readers Also Like:  Shadowbox Appoints Health Tech CEO Evan Steele to its Board of ... - PR Newswire
  Sum of amount lost (US$) Number of reported cyber security hacks Most common attack type
Q1 2023 252,466,000 19 Protocol logic (11)
Q1 2022 1,176,850,000 [226,850,000 when discounting Ronin and Wormhole] 16 Protocol logic (6)
Q1 2021 136,000,000 10 Ecosystem (4)
Q1 2020 1,000,000 2 Protocol logic (2)

When discounting the two huge cyber-attacks in Q1 2022 – Ronin at $624,000,000 and Wormhole at 326,000,000 – the overall amount stolen in Q1 2023 has increased by 11% on Q1 2022. The average amount stolen per cyber-attack in Q1 2023 was $13,287,684 compared to a slightly larger $16,203,571 in Q1 2022, showing in general hackers are increasing the number of attacks but stealing slightly less each time, compared to last year.

Monica Oravcova, co-founder & COO, Naoris Protocol said: “Our analysis shows an alarming increase in the number of hacks. This is a disturbing trend, it’s . It’s important to use a new set of tools and technology, specifically, Distributed CyberSecurity Mesh Architecture, to protect the decentralised ecosystem. This could preemptively stop these attacks before they become costly breaches.”

The DeFi sector is under enormous pressure to find more effective ways to protect themselves from attacks, as the fallout undermines the mass adoption of a decentralised financial ecosystem. The war against cybercrime needs new weapons – you can’t mitigate Web3 cyber threats with Web2 technology. Using a decentralised cybersecurity mesh for our hyperconnected world could have potentially prevented these types of attacks. There needs to be a strong focus on creating cybersecurity interventions that are fit for purpose.

Readers Also Like:  Tech Firms Start New National Cybersecurity Strategy | FTI - FTI Consulting

Changing techniques used by Web3 and DeFi hackers

The new analysis reveals that hackers targeting Web3 and DeFi are using a variety of techniques, with five new techniques already being reported in 2023:

●      Collateral offboarding mistake

●      Cloudflare key compromised

●      Social engineering

●      Redeem function exploit

●      Flashloan donate function logic exploit

  Top 5 hacking techniques reported in Q1 2023 (by USD value) Top 5 hacking techniques reported in Q1 2022 (by USD value) Top 5 hacking techniques reported in Q1 2021 (by USD value)
1 Flashloan donate function logic exploit ($197 million)   Private key compromised – social engineering ($624 million)   Flashloan pool shares exploit ($37.5 million)  
2 Access control exploit ($9.6 million)   Signature exploit ($326 million)   Drained contracts ($34.5 million)  
3 Cloudflare key compromised ($9.2 million)   Transfer Logic Exploit ($80 million) Infinite Mint and Dump ($27 million)  
4 Flashloan reentrancy attack ($9.1 million)   Private key compromised – unknown method ($51.6 million) Flashloan price oracle attack ($15 million)
5 Reentrancy ($6 million) Collateral Validations Exploit ($48 million) Delegatecall exploit ($14 million)  

Blockchains

Ethereum blockchain reported the highest amount lost in Q1 2023 – $204.2 million which is 81% of the overall amount lost in the first quarter.

The Ethereum blockchain reported the highest number of hacks in 2022 (23 in total), six of which took place in the first quarter, amounting to $685 million – more than half (58%) of the total amount stolen in Q1.

  • Duncan MacRae

    Duncan is an award-winning editor with more than 20 years experience in journalism. Having launched his tech journalism career as editor of Arabian Computer News in Dubai, he has since edited an array of tech and digital marketing publications, including Computer Business Review, TechWeekEurope, Figaro Digital, Digit and Marketing Gazette.

Readers Also Like:  Dashlane launches first SSO powered by confidential computing - TechRadar

Tags: , , ,



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.