Web3 projects lost nearly $314m in Q2, CertiK research shows
CertiK’s Q2 2023 Web3 Security report highlights a decline in volume lost to malicious actors in the blockchain ecosystem, significant off-chain events, and vulnerabilities in major protocols and applications.
Bad actors still targeting web3 projects
The recently released Q2 2023 Web3 Security report by CertiK, a blockchain security and auditing company, sheds light on the scams, rug pulls, and security breaches that occurred in the industry during the last quarter.
According to the report, malicious actors drained $313,566,528 from web3 companies during the months of April, May and June in 2023. Surprisingly, this figure closely mirrors the $320 million lost in Q1, indicating a relatively consistent trend in the face of emerging security challenges.
However, the data shows a positive outcome when comparing the current figures to those of Q2 2022 — the industry witnessed a 58% decrease in value lost to bad actors during the same period last year.
CertiK’s analysis of 212 security incidents in the second quarter of 2023 found that the average financial loss per attack amounted to $1,479,087. This figure is slightly lower compared to the average loss of $1,562,595 reported in the first quarter. Although the decrease is modest, it might indicate positive advancements in security protocols.
One disturbing trend highlighted in the report is the surge in exit scams and rug pulls. Ninety eight exit scams were identified, resulting in the loss of $70,353,565 from unsuspecting investors. This figure more than doubled the $31 million lost to rug pulls in Q1, emphasizing the need for heightened vigilance when investing in new web3 projects.
Flash loan attacks fall
Another significant finding in the report is the decline in value attributed to flash loan/oracle manipulation exploits. In Q2 2023, attackers managed to net $23,749,032 through 54 such incidents. This represents a sharp decrease compared to Q1, where 52 flash loan attacks resulted in losses totaling $222 million, although it is worth noting that a single exploit, Euler Finance, accounted for 85% of the previous quarter’s total.
Off-chain events and vulnerabilities
According to the report, the web3 industry also experienced significant events off-chain.
The SEC initiated legal proceedings against the top two crypto exchanges — Binance and Coinbase. Furthermore, BlackRock, the world’s largest asset management company, submitted an application to the regulatory agency for a bitcoin exchange-traded fund (ETF), indicating increasing mainstream interest in cryptocurrencies (although the SEC later called the application “inadequate”).
CertiK’s security researchers uncovered vulnerabilities in major blockchain protocols and applications. Notable findings include security risks in the Sui validator nodes and ZenGo’s MPC wallet, emphasizing the importance of robust security audits and constant improvement in the face of evolving threats.