Back to all stories
Highlighted Stories
Hack3d: The Web3 Security Report 2023

Welcome to Hack3d: The Web3 Security Report for 2023. CertiK’s Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security. Each report contains detailed incident analyses, technical insights, and the most comprehensive statistics on hacks, scams, and exploits in the entire Web3 industry.

Read the report here.

Hack3d: The Web3 Security Report 2023

Executive Summary

  • A total of $1,840,879,064 was lost across 751 security incidents in 2023.
  • This represents a decline of 51% from 2022’s total of $3.7 billion, and an average of $2.45 million per incident.
  • However, just the ten most costly incidents alone accounted for $1.11 billion, and the median loss per incident was much lower than the average, at $101,132.
  • November was the most costly month of the year, with $363,367,327 lost in 45 incidents.
  • Q3 saw the most losses, at $686,558,472, from 183 hacks, scams, and exploits.
  • Private key compromises were the most costly attack vector, with $880,892,924 lost in just 47 incidents. This represents nearly half of all financial losses, though private key compromises accounted for just 6.3% of all security incidents.
  • BNB Chain experienced the highest number of security incidents, with a total of 387 hacks, scams, and exploits leading to $134 million in losses. This resulted in an average of $346,253 per incident.
  • Ethereum saw a total of 224 incidents but $686 million in losses, for an average of $3.0 million per incident.
  • Security breaches affecting multiple chains accounted for $799 million of losses in just 35 incidents, highlighting the persistent pain-point that is cross-chain interoperability.
  • Hack3d 2023 covers the stories and trends that defined the direction of Web3, the current state of the industry, and where the next twelve months may take us.

Comparative Analysis of Cybersecurity Threats Across Different Blockchain Platforms in 2023

This year's report provides a detailed breakdown of $1.84 billion lost across 751 incidents, reflecting a 51% decrease from the 2022’s total of $3.7 billion. We analyze the data to determine the extent to which this decline is merely reflective of broader declines in asset valuations in order to understand whether Web3 is learning its lessons and giving security the importance it deserves.

Analysis of Risk in Decentralized Finance: Correlation Between Total Value Locked and Magnitude of Losses from Security Breaches

The third quarter of 2023 stood out as the period with the heaviest losses, totaling $686 million from 183 hacks, scams, and exploits.

Monthly Overview of Cybersecurity Incidents and Financial Impact in 2023

Private key compromises, accounting for just 6.3% of all incidents, were responsible for nearly half of the year’s total financial losses. The report also highlights the challenges in cross-chain interoperability, as breaches across multiple chains led to $799 million in losses from 35 incidents.

Categorization of Cybersecurity Threats and Their Financial Repercussions in 2023

Our analysis extends beyond raw data, delving into the ramifications of these breaches on the broader Web3 ecosystem. We examine the success of so-called “retroactive bug bounty” negotiations, break down how a major hardware wallet manufacturer saw its backend compromised, spotlight the unprecedented demands made by a hacker of the platform they compromised, and try to give an answer to the ever-recurring question: wen institutional adoption?

Hack3d 2023 is an indispensable resource for all stakeholders in Web3, from developers and investors to policymakers and enthusiasts. It offers a mix of technical depth, market analysis and insights, and forward-thinking projections, making it a crucial guide for understanding and navigating this dynamic industry.

Join us as we look back on the pivotal developments of 2023, learning the lessons that need to be learned, acknowledging the progress we’ve undoubtedly made, and looking forward to a secure future for the Web3 world.

Read the report for free here.