Crypto Hacking Losses Dropped by 51% in 2023, Here's the Total: CertiK

CertiK’s latest report reveals a noteworthy decline in cryptocurrency security incidents in 2023.

Total losses came down to $1.84 billion across 751 events, marking a 51% decrease from 2022. Moreover. each incident averaged $2.45 million in losses, with the top ten contributing $1.11 billion. Interestingly, the blockchain security firm found that the median loss per incident was a mere $101,132.

November claimed the highest amount lost at $363,367,327 from 45 incidents, while Q3 dominated with $686,558,472 losses from 183 hacks, scams, and exploits.

Private Key: Not So Private

Private key compromises accounted for nearly 50% of total losses, amounting to $880 million. CertiK’s report found that these numbers stemmed from just 47 incidents, representing only 6.3% of total security incidents throughout the year, yet over half of the losses.

Notably, six of the ten most costly security incidents throughout 2023 were due to private key compromises.

The compromise of Multichain in July caused a loss of $125 million. Despite asserting decentralization, it was disclosed that Multichain’s CEO had exclusive control over its multi-party computation servers and private keys. The vulnerability came to light with the CEO’s arrest, rendering $1.5 billion in Total Value Locked (TVL) on the Multichain bridge inaccessible to users.

As such, CertiK has informed users to implement certain private key management practices, which include:

• Employing multi-signature wallets to distribute control, reducing the risk of single-point failures.
• Opting for hardware wallets for secure key storage, preventing exposure in plain text.
• Storing private key backups offline in secure locations like safety deposit boxes.
• Defining strict access policies to limit key access to authorized personnel only.
• Safeguarding private keys with strong encryption in secure formats.
• Regularly audit and monitor key use to detect unauthorized access.
• Utilizing cold wallets for extended private key storage, minimizing online threats.
• Educating relevant staff on key management best practices, emphasizing security and confidentiality.
• Considering Multi-Party Computation (MPC) for secure key sharing without exposing the entire key to one party.
• Leveraging professional key management services, especially for enterprise-level operations, to ensure compliance with industry standards.

Other Highlights

Meanwhile, Ethereum emerged as the leader in losses, as per CertiK’s findings in terms of blockchains. The report indicates that Ethereum experienced losses totaling $686 million, spanning 224 incidents, averaging around $3 million per occurrence.

In contrast, BNB Chain, despite encountering 387 security incidents, reported significantly lower losses at $134 million, highlighting a notable contrast with Ethereum’s figures. Moreover, the challenge of cross-chain interoperability continues to be a significant concern within the crypto industry. The blockchain security firm observed that security breaches impacting multiple blockchains resulted in losses of $799 million.