Between rug pulls, honeypot scams, and security breaches affecting players across the crypto ecosystem, investors need to remain vigilant if they want to protect their capital from being stolen. And in the third quarter of 2023, the overarching trend points to rising crypto theft.
According to an analysis by Hacken, the number of major security incidents fell from 131 in Q2 to 117 in Q3. But although there were fewer scams and hacks, the value of assets stolen more than doubled to $720M.
The significant spike in the value of stolen crypto can be largely attributed to a handful of access control attacks that netted perpetrators nearly $320M in the quarter.
Some of the most profitable and high-profile security incidents of the quarter resulted from compromised private keys. For example, in July, $126M was drained from several Multichain bridges in a major exploit that resulted from the protocol’s Multi-Party Computational (MPC) being compromised.
In another major access control attack, in September, $142 million worth of cryptocurrency was stolen from Mixin Network after hackers breached a cloud server that hosted critical security keys.
Overall, the report found that just 6 access control attacks accounted for two-thirds of all funds lost in the quarter.
As in previous quarters, rug pulls made up the most common type of scam reported by Hacken in Q3.
Averaging $638,594 in value each, the report noted 78 incidents in which token developers drained liquidity. In total, investors lost nearly $50 million to rug pulls between July and September 2023.
Worryingly, the report found that victims of rug pull scams failed to implement basic crypto security measures.
Of the 78 rug pulls examined, only 12 were properly audited. Worse still, some of the biggest rug pulls occurred after auditors raised red flags over the token contracts, which were ultimately manipulated by their deployers to steal millions of dollars from investors.
The most popular chain for rug pulls was Ethereum, which was hit by 56 exit scams in the quarter. Binance Smart Chain (BSC) came in second place with 24, Meanwhile, Hacken reported 4 such incidents on the Base network, which experienced its first rug pull in August.