-
Total amount stolen in 2023 dropped by 50% compared to the previous year.
-
Off-chain hacks including private key theft are on the rise, accounting for 57.5% of the amount stolen in 2023.
-
Halborn warns that 21% of hacked protocols used multi-sig wallets and that the majority of hacks occurred on protocols that were not audited.
Decentralized finance (DeFi) hacks remain a major threat to the industry despite a decline in the amount stolen in 2023, according to a report by blockchain security firm Halborn.
The report summarizes the top 100 DeFi hacks between 2016 and 2023, the accumulated total of which comes to $7.4 billion with the majority of attacks occurring on Ethereum, Binance Smart Chain and Polygon.
Although on-chain hacks including smart contract exploitation, price manipulation and governance attacks are most prevalent, off-chain attacks like private key theft represent 29% of the total number of attacks and 34.6% of the funds stolen in general. In 2023 off-chain attacks made up 56.5% of total attacks and accounted for 57.5% of the stolen amount.
The report adds that just 21% of hacked protocols used multi-sig wallets, which is a security method that requires multiple people to approve a transaction at the same time.
Halborn also warns that the majority of on-chain attacks occurred on protocols that were not audited and that protocol's lack of faulty input verification or validation is the main cause of loss in terms of smart contract exploitation.
Cross-chain bridges also remain as a key attack vector for bad actors, Halborn adds that protocols should "review the code carefully" before using a cross-chain bridge.
Last week, the Ronin Bridge has hacked resulting in a loss of $12 million, that followed a $625 million exploit to the same protocol two years prior.
An Immunefi report earlier this year showed that hacks targeting DeFi had resulted in the loss of $473 million in the first half of 2024.