TL;DR
- In December 2023, crypto losses totalled $103.88M across 32 attacks, a 59% decrease compared to the previous month.
- The 2023 yearly loss amounted to $1.77B from over 440 hacking incidents, showcasing the prevalent vulnerability in the crypto space.
- Rug pulls and smart contract vulnerabilities contributed to being the prime contributors, constituting 21%, and code exploits 12% of the total losses throughout the year.
December 2023 is a month of noteworthy contrasts in the face of crypto losses. According to QuillMonitor, a Web3 hack and vulnerability analytics tool, the month saw a decline in losses, totalling $103.88M across 32 attacks. This marks a significant 59% decrease compared to the previous month’s recorded losses.
However, when assessing the broader picture, 2023 tells a tale of substantial losses, summing up to over $1.77B from over 440 hacking incidents. The patterns from this data shed light on the persistent vulnerabilities and ongoing threats in the crypto sphere.
Rug pulls, and smart contract vulnerabilities have been consistent players in this narrative of losses throughout the year. Rug pulls accounted for a staggering 21% of the total losses, with code exploits not far behind at 12%.
Apart from this, the month witnessed a range of incidents, from phishing scams to compromised private keys, resulting in considerable losses for various projects.
Revealing the Rug Pull Menace for the Month
Rug pulls, a prevalent issue in the Web3 world throughout 2023, have caused significant distress among investors. These schemes typically involve unscrupulous developers launching tokens or projects with attractive promises, only to disappear with the invested funds, leaving investors with worthless assets and substantial financial losses.
The rug pull stood at the top of the list by attack type in 2023. Among them the top rug pull projects in December were:
- Stoic DAO – $1.1M
- MegabotETH – $742k
- CKD Token – $539k
Gaurav Mehta, the Founder of Catax, a Blockchain Auditing and accounting firm, emphasizes the need for vigilance in this high-risk environment. He states, “The increasing prevalence of rug pulls in the Web3 space is alarming. It’s essential for investors to exercise heightened due diligence and seek professional guidance before investing. Smart contract auditing and certification of the project is bottom-line is unregulated cryptocurrency domain. ” This statement underlines the critical need for increased security practices and cautious investment strategies in the unregulated Web3 domain.
Spotting the Red Flags – How?
To safeguard oneself from falling victim to rug pulls, users must exercise caution and conduct thorough research before investing in any project. Tools like QuillCheck can be immensely helpful in assessing token health and market credibility. By leveraging such tools, potential scam tokens can be identified early on, saving investors from significant losses.
Cracking the Nuances Of 2023 Code Exploits
Smart contracts, known for their efficiency and autonomy in executing transactions, have unfortunately been a breeding ground for vulnerabilities in the crypto space for a long time. Throughout the year, these vulnerabilities have been consistently disrupting the space after rug pulls, making them a significant concern for the industry.
December’s Impact – Code Exploits
Nevertheless, December also contributed its fair share of losses to code exploits, amounting to $7.6 million. Here are the top hacks in December resulting from smart contract vulnerabilities:
- NFT Trader – $3M
- Flooring Protocol – $1.5M
- Telcoin – $1.25M
- Levana Protocol – $1.1M
- BEARN DAO – $769k
Trends & Analysis On Smart Contract Errors
Among the smart contract vulnerabilities prevalent in 2023, several key patterns were observed, resulting in notable breaches such as,
Error with logic calculations: This surfaced as one of the broadest categories of vulnerabilities encountered in smart contracts. These errors stemmed from mathematical or logical mistakes in deployed code, spanning incorrect collateralization requirements, miscalculations in token decimal scaling, and inappropriate reward distributions. These issues affected notable projects including Euler Finance, Platypus Finance, etc.
Approval permission mishaps: The approval mechanism, a cornerstone in token permissions within EVM chains, emerged as another vulnerability hotspot. It stemmed from granting permissions for token usage, often resulting in expensive processes.
Pricing/Oracle manipulations: The reliance on oracles for off-chain data input into on-chain applications posed another area of vulnerability. Ensuring accurate off-chain data transmission remained a hurdle, with discrepancies in oracle-reported prices leading to potential arbitrage opportunities. Projects like BonqDao and DKP tokens faced issues related to Oracle dependency.
Security Approach To Coping Up?
To combat the intricate landscape of smart contract vulnerabilities, a multi-layered approach to security becomes imperative:
- AI-Assisted Auditing: AI-driven auditing tools like QuillAI can be an embedded security measure. These tools can be leveraged during development itself to analyze code, enhancing the security of the protocols right from the beginning.
- Multiple Audits: A series of manual audits alongside ongoing assessments is pivotal. Multiple audits help maintain the integrity and security of Web3 protocols by identifying and addressing vulnerabilities at various stages.
As December 2023 draws to a close, it serves as yet another stark reminder of the ongoing vulnerabilities within the Web3 ecosystem. It underscores the critical necessity for continuous innovation in implementing robust security measures to safeguard against the ever-evolving Web3 threat landscape.
Discover a comprehensive analysis of 2023 hacks, expert insights on smart contract security and predictions for Web3 security in 2024 from the Annual Web3 Security Report 2023 published by QuillAudits.