Web3 Security Losses Skyrocket to $889.26M in Q3 2023, Says Beosin Report

Key Takeaways

Web3 security losses in Q3 2023 escalate to $889.26M.

North Korean APT group Lazarus emerges as a significant threat, responsible for over $208M in thefts.

Ethereum remains the most targeted blockchain, with losses totaling $227M.

Alarming Surge in Q3 2023 Losses

According to a recent report jointly released by Beosin and SUSS NiFT on September 27, 2023, the third quarter of this year has seen a disturbing rise in Web3 security incidents. Losses have skyrocketed to $889.26M, a figure that outstrips the combined losses of the first two quarters of the year, which were $330M and $333M respectively.

The Lazarus Group: A Formidable Adversary

The report highlights the North Korean APT group Lazarus as a major security threat in Q3 2023. The group has been implicated in thefts totaling over $208M across four significant attacks. Their tactics are complex, involving a range of methods from social engineering to brute force attacks, indicating a high level of sophistication.

Types of Attacks and Vulnerabilities

Private key compromises led the way in types of attacks, causing losses of $223M. Cloud database attacks, notably the Mixin Network incident, accounted for $200M. Contract vulnerabilities were also significant, leading to about $93.27M in losses. DeFi projects were the most frequent targets, suffering 29 attacks that led to $98.23M in losses.

Blockchain and Project Types Most Affected

Ethereum continues to be the most targeted blockchain, with losses amounting to $227M and 16 major attacks. Public blockchains were the most affected among project types, primarily due to the $200M Mixin Network hack. Payment platforms were the next most affected, with two incidents causing combined losses of $97.3M.

Audit and Regulatory Concerns

The report also sheds light on the audit status of the attacked projects. The proportion of audited and non-audited projects was nearly equal, at 48.8% and 46.5% respectively. This raises questions about the effectiveness of current auditing practices in the industry.

Recommendations and Future Outlook

The report suggests that crypto service providers need to be extra vigilant, especially against sophisticated adversaries like the Lazarus group. It recommends regular security training for employees and the implementation of robust monitoring and alert systems.

Disclaimer & Copyright Notice: The content of this article is for informational purposes only and is not intended as financial advice. Always consult with a professional before making any financial decisions. This material is the exclusive property of Blockchain.News. Unauthorized use, duplication, or distribution without express permission is prohibited. Proper credit and direction to the original content are required for any permitted use.

Image source: Shutterstock


Tagged : / / / / / / / / /

Crypto Hacks and Scams on the Rise

Crypto security and auditing company CertiK reported a total loss of $103.7 million due to vulnerabilities, frauds, and hacks in the month of April. Because of this, the overall loss for the year amounts to 429.7 million dollars. The month was particularly marked by major hacks, including the theft of $22 million from a hot wallet exploit at the Bitrue exchange, which resulted in a loss of $22 million; the hack of South Korea’s GDAC exchange, which resulted in a loss of $13 million; and the theft of $25.4 million due to an exploit of several MEV trading bots on April 3.

According to reports from CertiK, the overall losses incurred by crypto and DeFi exploits throughout the month amounted to $74.5 million. This is about half of the total $145 million that was exploited during the first four months of the year. assaults against flash loans were also common, resulting in losses of around $20 million. Yearn Finance was the primary victim of these assaults, which occurred when a hacker exploited an outdated smart contract on April 13.

In April, exit scams were another factor that contributed to the large amount of money lost, which was $9.4 million. The most successful exit scam for the month was perpetrated by Merlin DEX, which resulted in a loss of $2.7 million. Considering that the protocol had been audited by CertiK, which had previously warned about centralization problems, this was an especially worrying development. After the attack, Certik implemented a compensation plan, in which they demanded that the malicious developer pay back 80% of the stolen funds and offered a white hat bounty of 20% of the total amount.

In the month of April, the Rekt Database maintained by De.Fi documented over fifty crypto-related scams, hacks, and rug pulls. These Memecoin rug pulls made up a significant chunk of the total. The flash loan assault against the Polygon-based Ovix protocol, which occurred on April 28 and resulted in a loss of $2 million, was the most recent incident.

Hacks and frauds using cryptocurrencies are becoming more common, highlighting the need for stronger security measures inside the cryptocurrency ecosystem. Before putting money into any cryptocurrency project, it is essential for users and investors to do extensive research and due diligence on the project. Auditing companies such as CertiK play an essential part in determining the nature of any possible security threats that may exist and in elevating the level of industry-wide security.


Tagged : / / / / /

US Crypto Tax Law Study

Researchers from Indiana University and the University of Maine recently collaborated on a study that investigated the present condition of tax legislation in the United States regarding cryptocurrencies. The findings of the research are summarized in a series of recommendations that are directed for the Internal Revenue Service (IRS). If these suggestions were carried out, it would be impossible for taxpayers to deduct losses from bitcoin investments against profits from other types of investments.

The purpose of this study paper, which is named “Crypto Losses,” is to shed light on the myriad of different types of losses that may be incurred by firms and people who have invested in cryptocurrencies. In addition to this, it suggests a new tax structure to be applied to such losses.

At this time, the IRS has not issued definitive instructions on cryptocurrencies; nonetheless, bitcoin losses normally adhere to the same taxes regulations as other types of capital assets. In most cases, they may be deducted against profits from the sale of a capital asset, but not against gains from other sources, such as income. However, there are some restrictions regarding the times and ways in which deductions can take place.

For example, the amount of a loss that may be deducted for bitcoin transactions that are classified as a “sale” or “exchange” will be limited. On the other hand, taxpayers are eligible to deduct the full amount of their losses if their cryptocurrency was lost, stolen, or destroyed in any other manner (such as by burning it or through some other destructive method).

According to the findings of the research, the existing tax system does not adequately account for bitcoin losses, and it suggests adopting a different strategy in order to solve this problem. The tax system that is being suggested would make a difference between losses that are incurred as a consequence of transactions and those that are the result of the irreversible loss of assets.

According to the framework that has been presented, the only way for taxpayers to deduct losses related to cryptocurrencies that emerge from transactions is to do so against other types of capital gains. On the other hand, losses incurred as a consequence of the irretrievable destruction of assets would be totally deductable against other types of income.

In general, the findings of the research underscore the need for more clarity in the regulations governing the taxation of cryptocurrencies, as well as a more nuanced approach to the problem of how to handle bitcoin losses. Because of the widespread use of cryptocurrencies, it is imperative that the Internal Revenue Service (IRS) remain current with the rapidly evolving world of digital assets and provide transparent direction to taxpayers about their respective tax responsibilities.


Tagged : / / / / /

Crypto Hacks in Q1 2023

In the first quarter of 2023, hackers accessed over $320 million in the crypto industry through a variety of incidents, according to the quarterly report from blockchain security firm CertiK. While this amount is significantly lower than the $1.3 billion and $950 million lost in the first and fourth quarters of 2022 respectively, it is still a substantial sum.

CertiK notes that off-chain events may have played a role in the lower amount of losses seen in Q1 2023. For example, issues with Silvergate Bank and the depegging of USD Coin (USDC) may have had a broader impact on the crypto industry. However, despite these challenges, hackers still managed to exploit vulnerabilities in the system.

Out of the funds stolen within the quarter, over $31 million was lost to 90 exit scams, while more than $222 million was lost in 52 flash loan and oracle manipulation exploits. BNB Chain had the greatest number of incidents for the quarter, with 139 in total. Meanwhile, Ethereum had the most significant loss, with over $221 million lost.

Despite the lower numbers overall, Q1 2023 was still marked by substantial losses. 60% of the funds lost were due to the Euler Finance hack on March 13, where hackers exploited a flash loan to access over $195 million. However, negotiations with the hacker allowed Euler Finance to recover around 90% of the lost funds by April 4.

The trend of recovering funds through negotiations with hackers has become increasingly common in the crypto industry. Lending protocol Sentiment also recovered around $870,000 in April after giving a bounty of $95,000 to those responsible for taking almost a million dollars from the platform.

While it is encouraging to see funds being recovered in this way, it also highlights the need for continued vigilance in the industry. As long as there are vulnerabilities that can be exploited, hackers will continue to find ways to access funds. It is up to those in the industry to remain vigilant and take steps to ensure the safety and security of their platforms and assets.


Tagged : / / / / /

Meta offers lucrative pay packages for metaverse developers

Meta, the parent company of Facebook, Instagram, and WhatsApp, has been actively pursuing expansion into the metaverse, despite facing challenges and significant losses. The company’s metaverse-building division, Reality Labs, reportedly lost a staggering $13.7 billion in 2022, the largest yearly loss recorded for the division. Despite this setback, Meta has continued to offer lucrative pay packages to its metaverse developers, with compensation ranging from $600,000 to almost $1 million, according to anonymous sources familiar with the matter, as reported by The Wall Street Journal.

The move to attract top talent to work on its virtual reality suite comes at a time when Meta has been facing legal challenges. The company was served with a lawsuit from the Federal Trade Commission against Meta and CEO Mark Zuckerberg, in an attempt to block “its ultimate goal of owning the entire ‘metaverse.'” However, a judge in the United States approved Meta’s acquisition of a virtual reality company at the beginning of February 2023, indicating the company’s commitment to its long-term vision for the metaverse.

Despite concerns raised by U.S. senators in a letter addressed to Zuckerberg urging the Meta CEO not to allow teenagers access to the metaverse platform Horizon Worlds, citing “serious risks” and a “digital space rife with potential harms,” Zuckerberg has remained committed to the company’s vision for the metaverse.

Meta’s recent decision to slowly stop its support for non-fungible tokens (NFTs) on Facebook and Instagram was made to “focus on other ways to support creators, people, and businesses,” according to the head of commerce and financial technologies at Meta in a tweet on March 13. The move may be a signal that the company is exploring other ways to monetize its products and services, in addition to NFTs.

As Meta continues to invest in the development of the metaverse, the company’s ability to attract and retain top talent will be crucial to its success. With salaries ranging from $600,000 to almost $1 million, the company is offering its metaverse developers some of the most competitive compensation packages in the industry. Despite significant losses, Meta’s commitment to its vision for the metaverse remains steadfast, and it will be interesting to see how the company navigates the legal and regulatory challenges that lie ahead.


Tagged : / / / / /

DeFi Suffers $21M in Losses from Exploits

Decentralized finance (DeFi) platforms have suffered significant losses due to a series of exploits in February, with at least $21 million in crypto being drained from seven protocols, according to DeFi data analytics platform DefiLlama. Among the notable incidents were the flash loan reentrancy attack on Platypus Finance, which resulted in $8.5 million in losses, and the price oracle attack on BonqDAO, which saw an exploiter manipulating the price of AllianceBlock (ALBT) token, causing a loss of an estimated $120 million, although the attackers reportedly only managed to cash out $1 million due to a lack of liquidity on BonqDAO.

Other exploits included a reentrancy attack on Orion Protocol, resulting in a loss of roughly $3 million, and another on dForce network, leading to around $3.65 million in losses. However, in a surprising turn of events, all funds were returned to dForce when the attacker revealed themselves to be a white hat hacker. The attack on Platypus Finance was also notable because the team announced their intention to return 78% of the main pool funds by reminting frozen stablecoins.

Smart contract exploits were also prevalent, with the algorithmic stablecoin project Hope Finance losing roughly $2 million due to a smart contract exploit, and multichain exchange aggregator Dexible experiencing a loss of $2 million worth of cryptocurrency through an exploit that targeted the app’s selfSwap function.

Additionally, BNB Chain-based DeFi protocol LaunchZone suffered a loss of $700,000 worth of funds due to an attacker leveraging an unverified contract.

These incidents come after blockchain data firm Chainalysis revealed in its 2023 Crypto Crime Report that hackers had stolen $3.1 billion from DeFi protocols in 2022, accounting for more than 82% of the total amount stolen in the year.

Despite the losses, the DeFi space continues to grow, with the total value locked (TVL) in DeFi protocols reaching over $104 billion as of February 28, according to DefiLlama. The platform also noted that the number of users on DeFi platforms has steadily increased since 2020, with over 5.8 million unique addresses interacting with DeFi protocols in February 2023.

These incidents highlight the need for continued vigilance and improvement in DeFi security measures to prevent such exploits from occurring. While the DeFi space has seen significant growth and innovation in recent years, it is clear that security remains a crucial concern that must be addressed to ensure the continued success and sustainability of the ecosystem.


Tagged : / / / / /

Digital Currency Group Reports Over $1 Billion Loss Due to 3AC Collapse

Digital Currency Group (DCG), a cryptocurrency venture capital conglomerate, has reported losses of over $1 billion in 2022. The losses were primarily due to the collapse of Three Arrows Capital (3AC), a crypto hedge fund that DCG had invested in, and falling cryptocurrency prices.

According to DCG’s Q4 2022 investor report, the losses were mainly caused by the impact of 3AC’s default on Genesis, DCG’s lending arm. Genesis filed for Chapter 11 bankruptcy in late January, as it was 3AC’s largest creditor, having loaned the now-bankrupt hedge fund $2.36 billion. 3AC filed for bankruptcy in July 2022.

DCG’s fourth-quarter losses came to $24 million, while revenues came in at $143 million. Full-year revenues for DCG came in at $719 million, with total assets of $5.3 billion. DCG’s cash and liquid holdings amounted to $262 million, and its investments, such as shares in its Grayscale trusts, amounted to $670 million. The remaining assets were held by divisions of its asset management subsidiary Grayscale and DCG’s Bitcoin (BTC) mining business, Foundry Digital.

DCG’s equity valuation came in at $2.2 billion, with a price per share of $27.93, which the report said was “generally consistent with the sector’s 75%-85% decline in equity values over the same period.” However, the company said it “hit a milestone” with the restructuring of Genesis.

In February, DCG proposed an agreement that would see its equity share in Genesis’ trading entity contributed and all Genesis entities brought under the same holding company, with its trading entity sold off. DCG would also exchange an existing $1.1 billion promissory note due in 2032 for convertible preferred stock, and its existing 2023 term loans with an aggregate value of $526 million would be refinanced and made payable to creditors.

According to a Genesis creditor, the plan “has a recovery rate of approximately $0.80 per dollar deposited, with a path to $1.00” for those owed money by the firm.

DCG declared on November 1, 2021, that its valuation was more than $10 billion, following the sale of $700 million worth of shares to companies like Alphabet Inc., Google’s parent company. However, the recent losses have brought its valuation down significantly.

The collapse of 3AC and Genesis’ subsequent bankruptcy filing has had a major impact on DCG’s financials. The company will need to continue to navigate the volatile cryptocurrency market and work towards resolving its outstanding liabilities to regain investor confidence.


Tagged : / / / / /

Historic Levels of Realized Losses

Sometimes, the bitcoin market is a wild ride.

The below is an excerpt from a recent edition of the Deep Dive, Bitcoin Magazine‘s premium markets newsletter. To be among the first to receive these insights and other on-chain bitcoin market analysis straight to your inbox, subscribe now.

Over the last 55 days, there has been a historic amount of losses on the Bitcoin network. Over $16 billion worth of losses have been realized since May 13.

The steady bleed of the class of 2021 bitcoin investors continues, as shown by the largest capitulation event in the history of bitcoin in terms of aggregate dollar losses.

bitcoin net realized profit loss

On-chain data shows that a notably large amount of UTXOs in the age range of 3-6 months have recently moved, which further supports the notion that buyers from within the range of $40,000-$60,0000 have been capitulating.

bitcoin spent output age bands

This next point is worth repeating. Do not allocate into bitcoin more than you can afford to lose, especially if the funds will be needed in a short period of time. Bitcoin is extremely volatile, but this is the key point:

During the monetization phase of bitcoin’s history (what we are currently living through), the exchange rate volatility is the price you pay for returns. Without the immense volatility, the upside potential and investment risk/reward would not be as asymmetric.

This further highlights the simplicity and elegance of dollar-cost averaging into a bitcoin position. A simple daily dollar-cost average strategy would have you up 71.02% year over year.

Year over year bitcoin strategy

For most market participants this is the most prudent strategy, and while The Daily Dive does delve into some advanced trading strategies and concepts, for the average investor daily accumulation is a guaranteed winning strategy.

Acquire domain on the internet’s dominant monetary network.

It’s that simple.

This was an excerpt from a recent edition of the Deep Dive, Bitcoin Magazine‘s premium markets newsletter. To be among the first to receive these insights and other on-chain bitcoin market analysis straight to your inbox, subscribe now.


Tagged : / / / /

Global stocks under pressure amid fresh US-China tensions. Hang Seng and CSI 300 leading the losses as US to blacklist more Chinese firms. Bonds gain w/US 10y yields at 0.915%. The Dollar catching a bid w/Euro at $1.2250. Gold at $1881/oz, Bitcoin pares some gains, now $22.9k.

Global stocks under pressure amid fresh US-China tensions. Hang Seng and CSI 300 leading the losses as US to blacklist more Chinese firms. Bonds gain w/US 10y yields at 0.915%. The Dollar catching a bid w/Euro at $1.2250. Gold at $1881/oz, #Bitcoin pares some gains, now $22.9k. https://t.co/TjqiysT4pt


Tagged : / / / / / / / /
Bitcoin (BTC) $ 27,819.45 1.55%
Ethereum (ETH) $ 1,652.12 0.17%
Litecoin (LTC) $ 64.40 1.92%
Bitcoin Cash (BCH) $ 230.46 0.57%