Welcome to Hack3d: The Web3 Security Report for 2023. CertiK’s Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security. Each report contains detailed incident analyses, technical insights, and the most comprehensive statistics on hacks, scams, and exploits in the entire Web3 industry.
This year's report provides a detailed breakdown of $1.84 billion lost across 751 incidents, reflecting a 51% decrease from the 2022’s total of $3.7 billion. We analyze the data to determine the extent to which this decline is merely reflective of broader declines in asset valuations in order to understand whether Web3 is learning its lessons and giving security the importance it deserves.
The third quarter of 2023 stood out as the period with the heaviest losses, totaling $686 million from 183 hacks, scams, and exploits.
Private key compromises, accounting for just 6.3% of all incidents, were responsible for nearly half of the year’s total financial losses. The report also highlights the challenges in cross-chain interoperability, as breaches across multiple chains led to $799 million in losses from 35 incidents.
Our analysis extends beyond raw data, delving into the ramifications of these breaches on the broader Web3 ecosystem. We examine the success of so-called “retroactive bug bounty” negotiations, break down how a major hardware wallet manufacturer saw its backend compromised, spotlight the unprecedented demands made by a hacker of the platform they compromised, and try to give an answer to the ever-recurring question: wen institutional adoption?
Hack3d 2023 is an indispensable resource for all stakeholders in Web3, from developers and investors to policymakers and enthusiasts. It offers a mix of technical depth, market analysis and insights, and forward-thinking projections, making it a crucial guide for understanding and navigating this dynamic industry.
Join us as we look back on the pivotal developments of 2023, learning the lessons that need to be learned, acknowledging the progress we’ve undoubtedly made, and looking forward to a secure future for the Web3 world.
Read the report for free here.