In 2023, the Web3 security landscape experienced significant changes, as detailed in CertiK's Annual Report. The year saw a notable decrease in financial losses due to hacks, scams, and exploits, down to $1.8 billion, which is 51% less than in 2022 and 65% lower than in 2021. Despite this positive trend, the number of incidents rose to 751, indicating ongoing vulnerabilities. November emerged as the costliest month, with losses totaling $363 million. Private key compromises were identified as a primary cause, responsible for half of the year's losses. The report also explores intriguing cases like KyberSwap and analyzes the correlation between DeFi’s Total Value Locked (TVL) and the losses incurred. CertiK's achievements in 2023 included launching the SkyInsights platform, earning accolades for mobile security, and receiving a significant bug bounty from SUI. This highlights the company’s proactive approach in the evolving field of Web3 security.
This week on Security in 60 Seconds, we delve into the latest security threats and vulnerabilities in the digital landscape. CertiK has reported ten incidents over the past week, resulting in a staggering $5.4 million in losses, with the majority attributed to a significant ice phishing incident. The episode also highlights concerning phishing attempts impersonating Stretto, the claims agent for the Celsius bankruptcy proceedings, which managed to circumvent sender policy framework checks. Additionally, we explore the repercussions of a social engineering attack on Balancer's DNS service provider, leading to a loss of $238,000, and discuss the potential of decentralized blockchain-based DNS as a solution. To cap it off, we uncover a new cloud-native cryptojacking operation targeting Amazon Web Services offerings. Stay informed and secure by tuning in to our weekly updates and following us on social media for the latest in Web3 security.
The Bug Bounty Leaderboard is a major step forward in collaborative cybersecurity for Web3. This platform unleashes the collective intelligence of white-hat hackers to reward those who protect the Web3 world. Every bounty reaches its rightful recipient with a zero-fee payout model. The Bug Bounty Leaderboard seamlessly integrates with Skynet to enrich the security scores that resonate with all stakeholders. This is a symbol of security and a badge of integrity. For white-hat hackers, it's about more than just bug hunting; it's about shaping the future of the industry. Engage, explore, excel. For users, the Bug Bounty Leaderboard's data is another tool in your belt, empowering you to conduct your Web3 security analysis with the information you need. We're building bridges, nurturing communities, and fostering innovation. Together, we can redefine security. Experience the Bug Bounty Leaderboard, where collaboration meets innovation, where challenges are met with solutions, and where security is a shared vision.