During Q3 of 2023, there were a total of 117 hacks in which $720 million was stolen via access control breaches and rug pulls among other security incidents, a new study has found. While the losses ($49.80 million) from rug-pull incidents are significantly lower than the $449 million lost via access control and reentrancy, the study data shows rug-pulling incidents as the most prevalent form of attack.
Human Factor ‘Most Exposed Part of the Crypto Industry’
According to the latest Web3 security report by the blockchain security auditor Hacken, there were a total of 117 hacks in Q3 of 2023 while the value of funds stolen in this period topped $720 million. For context, there were 131 hacks in the preceding quarter yet only $327 million was stolen.
As noted in the study report, access control breaches were again the most financially damaging attacks “causing $449 million in losses from just 8 incidents.” The report added that the category’s average losses of tens of millions of dollars per incident again show that “the human factor remains the most exposed part of the crypto industry.”
While the losses ($49.80 million) from rug-pull incidents are significantly lower than the $449 million lost via access control and reentrancy, the study data shows rug-pulling incidents as the most prevalent form of attack.
“Another glaring trend is the prevalence of rug pulls – a type of exit scam characterised by a sudden withdrawal of liquidity, often accompanied by changes in tokenomics or the project’s smart contract. Understanding the anatomy of this scam is crucial because they make up most exploits this year. Despite the relatively low average check cashed by the malicious actors of $638,594, it’s one of the simplest scams to prevent,” the report stated.
Projects With Poor Audit Scores
On why cybercriminals still siphon user funds via this tactic, the Hacken report revealed that approximately 15%, or 12 out of 78, examined rug pull incidents had been audited. Furthermore, the report noted that many users often overlook a project’s poor audit score. However, such a score may sometimes indicate an even deeper problem.
To illustrate, the Hacken report cites the audit findings from Magnate Finance, which unequivocally declared that “a deployer could manipulate the token.” Unfortunately, many users “continued to participate in protocol for almost 3 months after the audit results.” As a result, the deployer was able to “remove LPs in multiple transactions” and more than $5 million was stolen.
Meanwhile, the report urged users to analyze token ownership, liquidity conditions, and audit outcomes before investing their funds. Users should also prioritize projects with renounced admin controls and community-led finances, the report added.
What are your thoughts on this story? Let us know what you think in the comments section below.