The year 2023 was a turbulent one for the cryptocurrency industry, with highs and lows, booms and busts, and triumphs and tragedies. One of the most important aspects of the industry is its security, which affects both users and developers. In this blog post, we will take a look at the cryptocurrency losses in 2023, how they compare to previous years, what factors contributed to the reduction or increase of losses, and what lessons can be learned for the future.
According to a report by De.Fi, a blockchain security firm, cryptocurrency users experienced losses of nearly $2 billion due to scams, rug pulls, and hacks in 2023. This represents a significant reduction compared to the estimated $4.2 billion losses in 2022. However, this figure does not include the $40 billion lost in the collapses of stablecoin issuer Terraform Labs, crypto lender Celsius, and the FTX exchange, which were some of the biggest shocks of the year.
What factors contributed to the reduction of losses in 2023? De.Fi identifies three main factors:
- Improved Security Protocols: The cryptocurrency industry has been investing more in security measures, such as audits, bug bounties, insurance, and multi-signature wallets. These measures help prevent or mitigate potential attacks and exploits on smart contracts, protocols, and platforms.
- Increased Awareness: The cryptocurrency community has become more aware of the risks and challenges of the industry, especially after witnessing some of the major losses in 2022. Users have become more cautious and vigilant when interacting with new projects, platforms, or services. They also seek more information and education on how to protect their funds and avoid common pitfalls.
- Overall Decreased Market Activity: The year 2023 was marked by a bear market, which saw the prices of many cryptocurrencies decline significantly. This reduced the incentives and opportunities for attackers to target high-value projects or platforms. It also reduced the demand and supply of new projects or services, which often carry higher risks.
Despite the reduction in losses, the cryptocurrency industry remains susceptible to security risks. The $2 billion losses in 2023 do not include the $40 billion lost in the collapses of Terraform Labs, Celsius, and FTX. These were not caused by external attacks or exploits, but by internal mismanagement, fraud, or negligence. These cases highlight the importance of trust and transparency in the industry, as well as the need for more regulation and oversight.
The losses also varied across different blockchains and platforms. According to De.Fi, Ethereum was the most targeted blockchain in 2023, with $1.35 billion lost in approximately 170 incidents. This is partly due to its popularity and dominance in the industry, as well as its complexity and innovation. BNB Chain was the second-most targeted blockchain, with $110.12 million lost across 213 incidents. This is mainly due to its low fees and high speed, which attract many users and developers. zkSync Era was a new entrant to the list of targeted blockchains, with $5.2 million lost in two incidents. This is due to its novelty and experimental nature, as it is one of the first layer-2 solutions for Ethereum that uses zero-knowledge proofs. Solana was another newcomer to the list, with a loss of $1 million in a single attack. This is due to its rapid growth and adoption in 2023, as well as its scalability and performance.
The losses on centralized platforms were relatively lower than those on decentralized ones, with approximately $256 million lost across seven cases. The largest incident was the November attack on Poloniex, which netted $122 million. This was followed by the October hack on KuCoin, which resulted in $87 million lost. The other cases involved smaller platforms or exchanges that had lower security standards or practices.
The methods used by attackers and exploiters also varied across different cases. De.Fi categorizes them into four main types:
- Access Control Exploits: These are exploits that take advantage of flaws or weaknesses in access control mechanisms or policies. For example, an attacker may gain unauthorized access to a smart contract’s owner or admin functions, or a platform’s user accounts or wallets. These exploits are often hard to detect or prevent, as they may not leave any traces or anomalies on the blockchain. They are also very damaging, as they may allow an attacker to steal or manipulate large amounts of funds or data. Access control exploits were the most cash-generative method in 2023, resulting in losses of over $852 million in 29 instances.
- Flash-Loan Attacks: These are attacks that use flash loans to manipulate prices or liquidity on decentralized exchanges or protocols. A flash loan is a loan that is borrowed and repaid within one transaction on the blockchain. An attacker may use a flash loan to borrow a large amount of funds from a lending platform, use them to manipulate the market or the protocol, and then repay the loan with a profit. Flash-loan attacks were the second-most cash-generative method in 2023, leading to $275 million lost over 36 cases.
- Exit Scams: These are scams that involve the creators or developers of a project or platform disappearing with the funds raised from investors or users. These scams are often hard to prevent, as they may involve elaborate marketing campaigns, fake reviews, or endorsements, or false promises or guarantees. They are also hard to recover from, as the funds may be transferred to multiple addresses or platforms, or mixed with other funds to obscure their origin. Exit scams accounted for $136 million over 263 cases in 2023.
- Other Methods: These are methods that do not fall into the previous categories, but may involve a combination of them or other techniques. For example, an attacker may use a phishing attack to trick users into revealing their private keys or passwords, or a denial-of-service attack to disrupt the normal functioning of a platform or protocol. These methods accounted for $73 million over 51 cases in 2023.
The year 2023 was a mixed bag for the cryptocurrency industry in terms of security. On one hand, it saw a significant reduction in losses due to scams, rug pulls, and hacks compared to 2022. On the other hand, it saw some of the biggest losses in history due to collapses of major platforms and services. The industry also faced different challenges and threats across different blockchains and platforms, as well as different methods and techniques used by attackers and exploiters.
The year 2023 also showed some signs of improvement and progress in terms of security. The recovery rate of funds lost to hacks, scams, and exploits improved significantly, reaching around 10%, up from just 2% in 2022, according to De.Fi. This is partly due to the efforts of security firms, researchers, white-hat hackers, and community members who helped identify, track, freeze, or return the stolen funds. It is also partly due to the cooperation and coordination of different platforms, protocols, and services who shared information and resources to mitigate the impact of the incidents.
The year 2023 also demonstrated the resilience and innovation of the cryptocurrency industry in terms of security. Despite the losses and challenges, the industry continued to grow and develop new projects, platforms, and services that offer more value and utility to users and developers. The industry also continued to experiment and explore new solutions and technologies that enhance security and performance, such as layer-2 scaling solutions, zero-knowledge proofs, multi-party computation, quantum-resistant cryptography, and more.
The year 2023 was a learning experience for the cryptocurrency industry in terms of security. It taught us some valuable lessons on how to prevent or reduce losses, how to recover or mitigate losses, and how to improve or enhance security. It also taught us some important questions on how to balance security and usability, how to regulate and oversee security, and how to trust and verify security. These lessons and questions will guide us in the future as we enter a new year with new opportunities and challenges.
Broker Complaint Registry may be able to help if you have lost money in a bitcoin transaction on the blockchain, you may face some challenges in getting it back. The blockchain is not regulated by any authority that can protect consumers from fraud. Also, crypto accounts, wallets and transactions do not have any real-world identities or locations associated with them.
To recover your funds from the blockchain, you need to identify the people who scammed you. This requires professional crypto investigation services. You may wonder, “Is bitcoin anonymous?” The answer is that it is not completely anonymous. It does not have personal information like a bank account, but it has codes that can be traced with technology and forensic methods.
Broker Complaint Registry experts know how to investigate crypto schemes.
We work with clients and provide them with solutions and tools such as intelligence reports that can help them get their money back from the blockchain. Contact us today, and let us help you find your funds.