PeckShield: Flash Loans Remain DeFi's Weakest Link
Blockchain security firm PeckShield reports that the DeFi sector witnessed 386 attacks in the first half of 2023, resulting in a total loss of $479 million.
#PeckShieldAlert In H1 2023, there are 395+ major hacks (386 DeFi related) in Web3 space, leading to ~$479.4m loss.
— PeckShieldAlert (@PeckShieldAlert) July 17, 2023
Among these hacks, top 10 account for $378.3m (79%) of total stolen funds. pic.twitter.com/ZrQQi8neyP
Flash Loan Vulnerability in DeFi
As detailed in Coin68's "22 Significant Crypto Events of 2022," last year saw at least $3 billion in crypto losses due to hacks, marking it as a record year for crypto heists. In comparison, 2023 has seen a decline in the number of attacks, partly due to the sanctions on Tornado Cash and the apprehension of the Mango Markets attacker, which have made criminals more cautious.
According to Beosin's security data, approximately $656 million in crypto was stolen through hacks, phishing, and rug pulls in the first half of 2023.
PeckShield: $500 Million Lost in H1 2023
PeckShield's latest statistics report a slightly lower figure than Beosin, recording a total loss of $479.4 million.
#PeckShieldAlert Among these 386 DeFi hacks, top 3 attack vectors are logic bugs (46%), oracle manipulation (15%), and privilege exposure (14%).
— PeckShieldAlert (@PeckShieldAlert) July 17, 2023
And 71% make use of flashloans. Also, 10+ public blockchains suffered hacks in H1 2023, with #Ethereum suffering the most at ~$287m. pic.twitter.com/NpEqkRlKt8
This figure marks a significant improvement from the same period in 2022, which saw nearly $2.5 billion in losses. Notably, almost 50% of the stolen funds, amounting to $226.2 million, were recovered, offering hope for projects targeted by cybercriminals.
Out of the nearly 500 reported incidents in web3, the DeFi sector accounted for 386 of them. The top 10 largest incidents represented 79% of the total losses.
Major DeFi Attacks in H1 2023
Significant attacks in the first half of this year include:
- Euler Finance ($197 million)
- Atomic Wallet ($65 million)
- FPG ($20 million)
- Bitrue ($20 million)
- Platypus Finance ($8.75 million)
Ethereum and BNB Chain: High-Profile Targets
Ethereum remains the most targeted blockchain, understandable given the high value and number of projects on it. The network lost $287 million in the past six months, accounting for nearly 58% of all crypto losses.
BNB Chain, however, saw the highest number of attack incidents, with nearly 290 cases, making up 75% of the total recorded. This is likely due to the lower quality of projects on BNB Chain, many of which are mere "copycats" of Ethereum projects or insignificant memecoins. The blockchain has previously issued warnings about 191 high-risk dApps on its network.
Flash Loans: The Perennial Threat
Flash loans remain the most exploited vulnerability, responsible for 71% of the recorded DeFi attacks. Notable examples include Euler Finance, Platypus, 0VIX, and Allbridge.
These statistics highlight that DeFi's current security measures are insufficient. While developers and security experts continuously work to improve their technologies, cybercriminals are equally relentless in advancing their attack methods.
"Hacking is an endless race between defenders and attackers," as echoed by speakers at the GM Vietnam event on blockchain security and lessons from multi-million-dollar hacks.
