Crypto and Web3 projects suffered a 153% increase in attack incidents from July to September 2023 compared to the same period in 2022, according to a report from blockchain security platform Immunefi. In Q3 2022, there were a total of 30 attack incidents. But in Q3 2023, this number swelled to 76. Nearly $686 million was lost in the recent quarter.
The highest loss came from the Mixin hack of September 25, which drained approximately $200 million. The Multichain hack was the second-worst attack of the quarter, resulting in over $126 million in losses that have still not been recovered. In addition to these incidents, the Lazarus Group drained over $208 million worth of crypto through multiple attacks, including hacks of centralized services CoinEx, Alphapo, Stake, and Coinspaid. The Lazarus Group was responsible for 30% of all stolen crypto in Q3, the report stated.
Related: Exclusive: Hackers selling discounted tokens linked to CoinEx, Stake hacks
A small portion of Q3 attacks consisted of rug pulls and other scams. Only $23 million, or 3.3% of total losses, came from these types of incidents, whereas the remaining 96.7% came from hacks or exploits. Overall, monetary losses from scams in Q3 decreased by 23.9% compared to Q3 2022.
The report stated that decentralized finance (DeFi) hacks accounted for 72.9% of total losses, while centralized services accounted for only 27.1% of exploit losses. Immunefi did not state how they defined “decentralized” versus “centralized” services.
The two networks most targeted by hackers and scammers were Ethereum and BNB Chain. Ethereum represented 42.7% of losses, while BNB Chain represented 30.5%. Base and Optimism were the third and fourth most popular networks for attackers to exploit.
The report provides further evidence that Q3 has been the worst quarter of the year for crypto-related hacks and scams. A report from Certik on October 2 came to similar conclusions.