The Web3 Industry Security Report for the third quarter of 2023 was released

Brief introduction

Hack3d is an important resource and statistical record to understand the security challenges and vulnerabilities in the Web3 field, and the "CertiK Q3 2023 Web3 Security Report" provides a comprehensive analysis of the current security situation of the Web3 ecosystem. **In the third quarter alone, Web3 lost about $700 million to security attacks, more than the entire first half of 2023. **

Web3 is now facing an unprecedented high risk, and the report is more than just a review of the season's major events, but also provides the necessary knowledge and insights to strengthen their security defenses and make informed decisions in an increasingly challenging environment.

Summary

• Spike in losses: Losses from various security incidents totaled $700 million during the quarter, sounding alarm bells for all Web3 participants.
• Lazarus Group: The group, linked to the North Korean state, became a major threat to the Web3 black industry, causing more than $291 million in damage. ** Private Key Leakage: Centralization risk remains a significant risk, with 14 incidents involving private key leakage resulting in nearly $321 million in losses. **

Click on the link at the bottom of the article to download Report for more details, content and data.

Partial data display

! [image] (https://img-cdn.gateio.im/webp-social/moments-40baef27dd-b5aa305124-dd1a6f-69ad2a.webp)

Lazarus effect

North Korea's Lazarus Group uses advanced social engineering techniques to target Web3 practitioners, meaning that state-affiliated cyber threats are on the rise in the Web3 world. In 2022, 20% of the losses of Web3 attacks were caused by the group. So far in 2023, Lazarus has caused more than $291 million in losses in five major vulnerabilities.

Private key compromised

The loss caused by the leakage of private keys was as high as nearly a quarter of the total loss in the third quarter**. For example, the Multichain incident, which lost about $125 million, highlighted critical vulnerabilities that arise when technology that should be decentralized is not sufficiently decentralized.

Mixin Million Dollar Loss

In the early morning of September 23, 2023, Beijing time, a security breach occurred in Mixin, a Hong Kong-based Web3 company, resulting in the theft of about $200 million, setting a record for the highest loss in the Web3 field in 2023. Although vulnerability incidents are not uncommon, the occurrence of this vulnerability in the Web3 field is significant - showing the importance of a fully decentralized Web3 protocol.

Vype****r Event Analysis

The largest reentrant lock failure vulnerability of the year resulted in a loss of approximately $52 million, demonstrating the importance of regular security audits and software updates.

How far is Web3 spring? **

The Web3 industry is currently in the middle of a cold winter, facing a series of problems such as application challenges, regulatory resistance, and market volatility. Nevertheless, major financial institutions around the world are moving from the pilot phase of blockchain technology to the integration stage, which indicates that blockchain technology is shifting to mainstream applications, and also means that Web3 is likely to rebound from the trough and usher in spring.

Part of the report

! [image] (https://img-cdn.gateio.im/webp-social/moments-40baef27dd-44d7ce7bda-dd1a6f-69ad2a.webp)

Full text PDF download link: