Digital assets faced a turbulent third quarter in 2023, as a report from blockchain security specialist CertiK unveiled an unprecedented surge in losses totaling nearly $700 million due to multiple security breaches.
The months of July, August, and September alone witnessed 184 recorded security incidents. This drastic upsurge overshadowed losses from the first two quarters, which were $320 million and $313 million, respectively.
Private key compromises, often described as the digital version of a combination to a safe, stood out as the most significant contributors to these losses. In particular, 14 such breaches resulted in the theft of over $204 million. A standout case involved Multichain, a project whose CEO was the sole handler of its private keys, which then suffered a staggering $125 million loss. This incident underscored the risks associated with centralizing control of these keys in businesses, as it was such centralization that eventually drove Multichain to halt its operations.
However, private key breaches weren't the only culprits. The quarter also saw a rise in exit scams and oracle manipulations. A worrying 93 cases of exit scams resulted in a loss of more than $55 million, while 38 instances of oracle manipulations led to over $16 million vanishing from the digital vaults.
The security breach of Mixin Network, a cross-chain protocol, particularly stood out in September, marking it as the most incident-heavy month of the year. After being compromised, Mixin Network froze all transactions. They later confirmed that assets amounting to $200 million had been siphoned off their mainnet.
The CertiK report additionally shed light on North Korea’s state-linked hacking group, Lazarus. This group, continuing its notorious activities from previous years, was labeled as a consistent threat. Their malevolent activities resulted in confirmed losses of at least $291 million in 2023, with their operations persistently threatening digital security in the third quarter.