Q1 2023 Global Web3 Security Report

Q1 2023 Web3 Security Overview

In Q1 2023, Beosin EagleEye monitored a total of 61 major attacks in the Web3 space, with a total loss of approximately $295 million, a 77% decrease from Q4 2022. Total losses from attacks in Q1 2023 were lower than any quarter of 2022.

In addition to attacks, Beosin EagleEye also monitored 41 major rug pull incidents throughout Q1 2023, which involved a sum of approximately $20.34 million.

March saw the highest frequency of attacks, with total losses reaching $235 million, accounting for 79.7% of the overall losses in Q1.

In terms of project types, DeFi was the type with the most attacks and highest loss this quarter. A total of $248 million was lost in 42 DeFi security incidents, representing 84% of the total amount lost.

In terms of blockchain types, Ethereum accounted for 80.8% of the total losses, making it the most affected blockchain by loss amount.

In terms of attack types, flashloans caused the most losses this quarter, with eight flashloan attacks costing approximately $198 million; the most common attack type was contract vulnerability exploits, with 27 exploits accounting for 44% of all incidents.

Approximately $200 million of stolen assets were recovered during the quarter, surpassing the recovery rate of any quarter in 2022.

Regarding audit status, only 41% of the attacked projects had undergone an audit prior to the incidents.

Join us in showcasing the cryptocurrency revolution, one newsletter at a time. Subscribe now to get daily news and market updates right to your inbox, along with our millions of other subscribers (that’s right, millions love us!) — what are you waiting for?

2 Overview of Exploits

In the first quarter of 2023, Beosin EagleEye -- the security risk monitoring, alerting, and blocking platform monitored 61 major attacks in the Web3 space, with a total loss of approximately $295 million. There was one security incident with a loss exceeding $100 million (Euler Finance's $197 million attack). There were two incidents with losses ranging from $10 million to $100 million, and 17 incidents with losses ranging from $1 million to $10 million.

Overall, the total loss from attacks showed a monthly increase in the first quarter. March was a month with a high frequency of attack incidents, with total losses reaching $235 million, accounting for 79.7% of the total losses in the first quarter.

3 Types of Attacked Projects

84% of loss amount was from DeFi

As the crypto market faced an extended downturn and numerous black swan events causing deleveraging, it eventually reached a bottom and began to bounce back. Concurrently, DeFi's Total Value Locked (TVL) experienced fluctuations, ultimately showing signs of recovery throughout the first quarter in tandem with cryptocurrency prices.

In the first quarter of 2023, DeFi projects experienced 42 security incidents, representing 68.9% of all events. Total DeFi losses reached $248 million, accounting for 84% of total losses. DeFi was the project type with the most attacks and highest loss this quarter.

NFT-related losses ranked second, totaling $18.52 million, primarily stemming from NFT phishing incidents. The third-ranked category was individual users, all of whom were victims of phishing attacks. Wallet attacks ranked fourth in terms of losses. Notably, the categories ranked 2nd to 4th in losses were all closely related to user security.

In Q1 2023, there was only one cross-chain bridge security incident, resulting in a loss of $130,000. In contrast, in 2022, 12 cross-chain bridge security incidents caused a combined loss of approximately $1.89 billion, ranking first among all project types in losses. Following the high frequency of cross-chain bridge security incidents in 2022, the security of cross-chain bridge projects significantly improved during this quarter.

4 Loss Amount by Chain

Ethereum account for 80.8% of losses

In Q1 2023, there were 17 major attacks on Ethereum, resulting in total losses of approximately $238 million. Ethereum saw the highest loss of any blockchain, accounting for 80.8% of the total loss.

BNB Chain saw the highest number of attacks, totaling 31. Its overall losses amounted to $19.48 million, ranking second among all blockchains.

Algorand ranked third in terms of losses, primarily due to the MyAlgo wallet incident. Notably, there were no major security incidents on Algorand in 2022.

It is worth mentioning that in 2022, Solana ranked third among all blockchains in terms of losses. However, no major security incidents were detected on Solana during this quarter.

5 Attack Type

Flash loans were the most common type of attack during the quarter, with eight flash loan incidents costing approximately $198 million, or 67 percent of all losses.

The most frequent attack type was contract vulnerability exploits, with 27 exploits accounting for 44% of all incidents. Contract vulnerabilities resulted in an accumulated loss of $39.05 million, the second highest amount of losses for all attack types.

Throughout the quarter, DeFi projects faced 42 separate attacks, with more than half (22 incidents) stemming from contract vulnerability exploits. This highlights the urgent need for DeFi projects to enhance the security of their smart contracts to avert potential threats.

By type of vulnerability, the top three that caused the highest losses were improper business logic/function design, permission issues and reentrancy. A total loss of $22.44 million was lost in 17 improper business logic/function design vulnerabilities.

6 Typical Security Incidents in Q1 2023

6.1 Euler Finance

6.2 BonqDAO

6.3 Platypus Finance

(Read the full pdf version for more details)

7 Stolen Fund Flow

In the first quarter of 2023, approximately $200,146,821 of assets were recovered, accounting for 67.8% of all stolen assets. Among them, the $197 million assets stolen from Euler Finance have been fully returned by the hacker. More examples of recovered assets include: on February 13th, the hacker who attacked dForce returned all of the stolen $3.65 million; on March 7th, the whitehat hacker who attacked Tender.fi returned the stolen funds and received a bounty of 62 ETH. The stolen asset recovery situation in this quarter is better than any quarter in 2022.

Beosin KYT AML platform found that approximately $23.13 million (7.8%) of assets were transferred into Tornado Cash, and an additional $2.54 million in assets were transferred into other mixers. Compared to last year, the proportion of stolen funds transferred into mixers this quarter has significantly decreased. In fact, since Tornado Cash faced sanctions last August, the proportion of stolen funds transferred into Tornado Cash has been on a continuous decline since Q3 2022.

At the same time, Beosin KYT AML platform discovered that about $60.02 million (20.3%) of assets are still held at hackers' addresses. Additionally, approximately $9.32 million (3.1%) of stolen assets have been transferred to various exchanges. Most of the incidents involving transfers to exchanges are low-value attacks, with a few being phishing incidents that only gained public attention days later. Due to low or delayed attention, hackers have the opportunity to transfer stolen funds into exchanges.

8 Audit Analysis

In the first quarter of 2023, among the projects that were attacked, excluding 8 incidents that cannot be measured by audits (such as phishing attacks on individual users), there were 28 projects that had undergone audits and 25 that had not.

There were a total of 27 contract vulnerability exploits this quarter, with 15 audited projects (with losses of $31.19 million) and 12 unaudited projects (with losses of $7.86 million). The overall quality of audits in the Web3 market is still not optimistic. It is recommended that projects carefully compare auditors before choosing one, as selecting a professional auditor can effectively ensure the project's security.

9 Rug Pulls

In the first quarter of 2023, a total of 41 major Rug Pulls were monitored in the Web3 sector, involving approximately $20.34 million.

In terms of amount, 6 projects (14.6%) rugged with over $1 million, 12 rug pulls (29.2%) ranged from $100,000 to $1 million, and 23 rug pulls (56%) involved amounts less than $100,000.

Out of the 41 Rug Pull incidents, 34 projects (83%) were deployed on BNB Chain. Why do so many scam projects choose BNB Chain? There might be several reasons:

1) BNB Chain has lower GAS fees and shorter block time intervals.

2) BNB Chain has a larger number of active users. Scam projects tend to choose chains with more active users.

3) For BNB Chain users, it is more convenient and faster to deposit and withdraw funds through Binance.

10 Summary

Overall, the total losses from attacks in Q1 2023 are lower than any quarter in 2022, and the fund recovery situation is better than all quarters in 2022. After the rampant hacking in 2022, the overall security of Web3 has significantly improved in this quarter.

By project type, DeFi saw the highest frequency of attacks and the most significant losses in this quarter. There were a total of 42 security incidents in the DeFi sector, with 22 of them stemming from contract vulnerability exploitation (11 audited and 11 unaudited projects). If audited by professional security companies, most vulnerabilities can be detected and fixed during the audit stage.

User security is also a key focus this quarter. With Blur leading the NFT market back to prominence this quarter, NFT phishing incidents have also increased significantly. Carefully check whether each link is official, examine the content of signatures, verify the correctness of an address when transfer, download apps from official app stores, and install anti-phishing extensions – vigilance must be maintained at every step.

Rug Pulls continue to occur frequently this quarter, with 56% of the exit scams involving amounts less than $100,000. These projects typically have insufficient information on official websites, Twitter, Telegram, and Github, lack roadmaps or whitepapers, exhibit questionable team member information, and have a project launch-to-exit timeline not exceeding three months. It is advised that users conduct extensive background research on projects to avoid financial losses.