Defi Hacks Remain a Major Threat Despite 50% Decline in 2023: Halborn

The report warns that protocols should improve security by using multi-sig wallets and vetting counterparty code.

AccessTimeIconAug 12, 2024 at 12:15 p.m. UTC
Updated Aug 12, 2024 at 2:23 p.m. UTC
  • Total amount stolen in 2023 dropped by 50% compared to the previous year.
  • Off-chain hacks including private key theft are on the rise, accounting for 57.5% of the amount stolen in 2023.
  • Halborn warns that 21% of hacked protocols used multi-sig wallets and that the majority of hacks occurred on protocols that were not audited.
  • Is DeFi Summer Making a Comeback?
    04:41
    Is DeFi Summer Making a Comeback?
  • Crypto Hacks Totaled $19B Since 2011: Crystal Intelligence
    00:57
    Crypto Hacks Totaled $19B Since 2011: Crystal Intelligence
  • Bitcoin ETFs Are Still 'Wildly Successful': Kraken Head of Strategy
    11:52
    Bitcoin ETFs Are Still 'Wildly Successful': Kraken Head of Strategy
  • Bitcoin ETFs Are Still 'Wildly Successful': Kraken Head of Strategy
    11:52
    Bitcoin ETFs Are Still 'Wildly Successful': Kraken Head of Strategy
  • Decentralized finance (DeFi) hacks remain a major threat to the industry despite a decline in the amount stolen in 2023, according to a report by blockchain security firm Halborn.

    The report summarizes the top 100 DeFi hacks between 2016 and 2023, the accumulated total of which comes to $7.4 billion with the majority of attacks occurring on Ethereum, Binance Smart Chain and Polygon.

    Although on-chain hacks including smart contract exploitation, price manipulation and governance attacks are most prevalent, off-chain attacks like private key theft represent 29% of the total number of attacks and 34.6% of the funds stolen in general. In 2023 off-chain attacks made up 56.5% of total attacks and accounted for 57.5% of the stolen amount.

    The report adds that just 21% of hacked protocols used multi-sig wallets, which is a security method that requires multiple people to approve a transaction at the same time.

    Halborn also warns that the majority of on-chain attacks occurred on protocols that were not audited and that protocol's lack of faulty input verification or validation is the main cause of loss in terms of smart contract exploitation.

    Cross-chain bridges also remain as a key attack vector for bad actors, Halborn adds that protocols should "review the code carefully" before using a cross-chain bridge.

    Last week, the Ronin Bridge has hacked resulting in a loss of $12 million, that followed a $625 million exploit to the same protocol two years prior.

    An Immunefi report earlier this year showed that hacks targeting DeFi had resulted in the loss of $473 million in the first half of 2024.

    Edited by Stephen Alpher.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Oliver Knight

    Oliver Knight is a CoinDesk reporter based between London and Lisbon. He does not own any crypto.


    Read more about