Cryptocurrency Security Wins, but $2 Billion Worth of Scams and Hacks
Researchers revealed in a report published by security app De.Fi that cryptocurrency users will lose almost $2 billion due to scams and heists. This was a significant drop from the previous year, but still highlights the vulnerability of the cryptocurrency industry.
The market decline and increased awareness have contributed to lower crypto risks.
In 2023, the crypto industry experienced improved security protocols and increased awareness in the community, leading to a decline in scams and hacks. This decline is notable considering the $40 billion lost in the collapses of Terraform Labs, Celsius, and FTX.
The decline in scams and hacks coincided with a bear market, where major alternative tokens suffered significant declines before recovering under more positive circumstances. The fund recovery rate has also improved from 2% in 2020 to 10% today.
However, the year still witnessed ongoing vulnerabilities and issues within the DeFi ecosystem, with various incidents resulting in losses. Ethereum, with its large ecosystem and high-profile projects, suffered the most losses, with approximately $1.35 billion lost in 170 incidents.
BNB Chain and zkSync network were also targeted, resulting in losses of $110.12 million and $5.2 million, respectively. Solana suffered a loss of $1 million in one attack.
Centralized platforms, including exchanges and trading platforms, also experienced losses. Seven different cases amounted to approximately $256 million in losses, with Poloniex being particularly affected with a net loss of $122 million.
The most destructive attacks exploited vulnerabilities in the management of permissions and access rights by smart contracts or platforms. These exploits resulted in losses of more than $852 million in 29 incidents, allowing unauthorized access to funds and critical functions.
While progress has been made in strengthening security measures, the report emphasizes the need for continued vigilance and innovative thinking to protect users and their assets.
The breach of Ledger, a traditionally secure cold wallet, exposed vulnerabilities in cold wallet security. Hackers injected malicious code into Ledger’s Connect Kit’s GitHub library, putting several DeFi platforms at risk. Ledger promptly removed the code, but users must update their versions to address the security risk.
This attack raises questions about the perceived security of cold wallets, typically considered secure due to their offline nature. Ledger is cooperating with authorities and assisting affected users, investigations, and asset recovery.
