Defi Hacks Remain a Major Threat Despite 50% Decline in 2023: Halborn

The total amount stolen in 2023 decreased by 50% compared to the previous year.

Off-chain attacks, including private key theft, are on the rise and will account for 57.5% of the amount stolen in 2023.

Halborn says that 21% of the protocols attacked use multi-signature wallets, and most attacks occur on unaudited protocols.

Despite a decline in the amount stolen in 2023, decentralized finance (DeFi) attacks remain a major threat to the industry, according to a report by blockchain security firm Halborn.

The report outlines the 100 largest DeFi attacks that took place between 2016 and 2023. The vast majority of attacks took place on Ethereum, Binance Smart Chain, and Polygon, with a total of $7.4 billion worth of attacks taking place.

While on-chain attacks such as smart contract exploitation, price manipulation, and governance attacks are the most common, off-chain attacks such as private key theft represent 29% of the total number of attacks and 34.6% of the overall stolen funds. In 2023, off-chain attacks accounted for 56.5% of total attacks and accounted for 57.5% of the amount stolen.

The report notes that only 21% of hacked protocols used multi-signature wallets, a security method that requires more than one person to approve a transaction at the same time.

Halborn also says that most on-chain attacks occur on unaudited protocols, and that the main cause of loss in terms of smart contract exploitation is the protocols’ faulty input validation or lack of validation.

Halborn adds that cross-chain bridges continue to be a significant attack vector for malicious actors, and that protocols should “carefully review the code” before using a cross-chain bridge.

Last week, the Ronin Bridge was hacked, causing $12 million in damage. Two years ago, the same protocol was hacked for $625 million.

A report published by Immunefi earlier this year stated that attacks targeting DeFi caused losses of $473 million in the first half of 2024.

Leave a Reply

Your email address will not be published. Required fields are marked *