The year 2023 marked a pivotal point in the Web3 security landscape, reflecting notable advances in resilience, but also persistent challenges.
Cyberattacks targeting this industry exceeded $1.7 billion, with at least 453 incidents reported.
Although there was an overall decrease in losses, high-profile exploits stood out that resonated with the community.
Mixin Network suffered a loss of $200 million in September, followed by Euler Finance ($197 million in March) and Multichain ($126.36 million in July), underscoring threats to DeFi bridges and protocols.
A monthly analysis revealed an interesting trend: while September, November and July stood out for considerable losses, October and December marked a notable decline, suggesting a greater focus on security awareness and the implementation of more robust safeguards.
Vulnerabilities showed a varied overview in the report About Web3
Access control issues accounted for 39.18% of attacks on Web3, resulting in a loss of $666 million.
The importance of implementing strong authentication, limiting permissions, and providing security training for key employees was highlighted.
Additionally, flash loan attacks contributed 16.12%, causing losses of $274 million, leading to the suggestion of introducing restrictions and fees as deterrents.
The top 10 attacks of the year, which accounted for nearly 70% of total losses, highlighted a common vulnerability: access control issues, particularly private key thefts.
Among the notable attacks, Mixin Network suffered a cloud security breach, Euler Finance experienced a vulnerability in its DeFi protocol, and Poloniex was the victim of a hack led by the Lazarus group.
Despite the reduction in total losses, the need for more robust measures was highlighted.
The importance of rigorous audits and penetration testing was emphasized, and users were urged to prioritize security when choosing platforms and services in the Web3 space to ensure a more secure and resilient future.