Welcome to Hack3d: The Web3 Security Report for 2023. CertiK’s Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security. Each report contains detailed incident analyses, technical insights, and the most comprehensive statistics on hacks, scams, and exploits in the entire Web3 industry.
Executive Summary
- A total of $1,840,879,064 was lost across 751 security incidents in 2023.
- This represents a decline of 51% from 2022’s total of $3.7 billion, and an average of $2.45 million per incident.
- However, just the ten most costly incidents alone accounted for $1.11 billion, and the median loss per incident was much lower than the average, at $101,132.
- November was the most costly month of the year, with $363,367,327 lost in 45 incidents.
- Q3 saw the most losses, at $686,558,472, from 183 hacks, scams, and exploits.
- Private key compromises were the most costly attack vector, with $880,892,924 lost in just 47 incidents. This represents nearly half of all financial losses, though private key compromises accounted for just 6.3% of all security incidents.
- BNB Chain experienced the highest number of security incidents, with a total of 387 hacks, scams, and exploits leading to $134 million in losses. This resulted in an average of $346,253 per incident.
- Ethereum saw a total of 224 incidents but $686 million in losses, for an average of $3.0 million per incident.
- Security breaches affecting multiple chains accounted for $799 million of losses in just 35 incidents, highlighting the persistent pain-point that is cross-chain interoperability.
- Hack3d 2023 covers the stories and trends that defined the direction of Web3, the current state of the industry, and where the next twelve months may take us.