Financial Losses from Hacking Decreased in 2023
In 2023, financial losses from hacking in the web3 industry decreased to $1.7 billion compared to the previous year. This shows that the industry is improving in terms of cybersecurity and preventing cyber attacks. However, cybercriminal gangs, such as Lazarus, are still finding hacking to be a lucrative endeavor.
The majority of the losses can be attributed to high-profile cyberattacks on platforms like Multichain, Mixin Network, and Poloniex.
The cybersecurity company Salus has compiled a comprehensive report on the web3 security landscape in 2023. The report highlights the top 10 attacks, overall losses from crypto hacking, common vulnerabilities, and preventive measures companies can take to enhance their security.
Here are the key findings from the report that can help companies improve their security in 2024.
Key Vulnerabilities in the Web3 Industry
According to the Salus report, the main weaknesses that led to hacking incidents in 2023 are:
-
Access control issues (39.18% of attacks)
-
Flash loan attacks (16% of attacks)
-
Exit scams (12% of losses)
-
Oracle problems (6% of exploits)
-
Phishing (4% of incidents)
-
Reentrancy (4% of attacks)
-
Other vulnerabilities (17% of hacks)
These vulnerabilities encompass both technical and human-related weaknesses that hackers can exploit.
Here’s how you can prevent these vulnerabilities in 2024.
Preventing Access Control Issues
Access control issues were the root cause of 39.18% of cyber attacks in 2023, resulting in losses of $666 million. To prevent this common security flaw, you should:
-
Implement strong authorization with minimal privilege principles.
-
Regularly update access rights and permissions.
-
Provide additional training for users with higher privileged access.
-
Implement automated monitoring systems to detect and mitigate access exploitation attempts.
Preventing Flash Loan Attacks
Flash loan attacks, which accounted for 16% of cybercrime in 2023, require preventive measures. To protect your assets from these attacks:
-
Set limits on borrowing amounts and impose time limits for flash loans.
-
Consider implementing fees for flash loans to deter hackers.
Preventing Exit Scams
To prevent exit scams (12% of losses in 2023), you should:
-
Thoroughly research and evaluate the teams and projects you’re investing in.
-
Diversify your investments and avoid putting everything in one project.
-
Be cautious of unrealistic opportunities and promises.
Preventing Oracle Issues
To prevent vulnerabilities related to Oracle in the web3 industry:
-
Be cautious of token prices based on markets with shallow liquidity.
-
Assess the suitability of liquidity and consider the Oracle integration with your platform.
-
Use Time-Weighted Average Price (TWAP).
Preventing Phishing Attacks
To protect against phishing attacks (4% of incidents in 2023):
-
Provide awareness training for all employees.
-
Conduct penetration testing to detect and address potential weaknesses.
-
Implement multi-factor authentication, domain security,
By
By
By
By
By