In 2023, Access Control emerged as the most damaging vulnerability in the cryptocurrency market, followed closely by Flash Loan Attacks and Rug Pulls, according to a report by blockchain security auditor Hacken. Despite a decrease in total losses due to hacks to $1.9 billion, a substantial 93.6% drop from the previous year, the report highlights a worrisome trend of increasing frequency and sophistication of attacks.
While the largest theft of the year involved Multichain, with $231 million drained from its bridge, it paled in comparison to the Terra Luna incident of 2022, which wiped out over $40 billion in value. Hacken described 2023 as a year of improved safety and better security practices.
However, the auditor also noted a 14% increase in the number of attacks compared to the previous year, with various types of hacks on the rise.
The most damaging vulnerability in 2023 was Access Control, where unauthorized access to hot wallets resulted in half of all stolen funds, averaging $31 million per incident. Flash Loan attacks followed, with a total stolen amount of just over $275 million, and Rug Pulls averaged $566,000 per incident, making them the second least damaging type of attack.
The most affected sector was Lending and Borrowing, particularly smart contract-based money markets. These platforms became prime targets for hackers who exploited flash loans. Bridges and Centralized Exchanges (CEXs) also suffered significant losses due to their substantial liquidity pools.
BNB Smart Chain (BSC) and Ethereum were the primary targets for exploits, with BNB Chain experiencing 214 incidents, primarily rug pulls, and Ethereum encountering 176 incidents, including classic rug pulls and sophisticated flash loan attacks. Even smaller platforms like Arbitrum had their share of incidents, highlighting vulnerabilities in emerging networks.