In a recent report released by security app De.Fi, researchers revealed that cryptocurrency users lost nearly $2 billion to scams, rug pulls, and hacks in 2023. Although this represented a significant reduction from the previous year, it underscores the ongoing vulnerability of the industry to security risks.

Market Decline and Improved Awareness Contribute to Lowered Crypto Risks

The decrease in losses is largely attributed to the implementation of enhanced security protocols, increased awareness within the community, and an overall decline in market activity. Notably, this reduction becomes even more substantial when factoring in the $40 billion lost to the collapses of the stablecoin issuer Terraform Labs, the crypto lender Celsius, and the FTX exchange.

This positive trend coincides with a bear market where major alternative tokens experienced significant slumps before recovering in recent months amid more bullish conditions. Additionally, the recovery rate of funds saw a significant improvement, rising to around 10%, up from a mere 2% in 2022, according to De.Fi.

“This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem,” De.Fi wrote in its report, which the firm shared with TechCrunch. “2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”

Ethereum, the largest blockchain by active users and value locked, bore the highest losses, with approximately $1.35 billion erased in an estimated 170 incidents. This highlights Ethereum's attractiveness to malicious actors due to its extensive ecosystem and high-profile projects, with the most substantial exploit being the $230 million attack on the cross-chain platform Multichain in July.

BNB Chain also emerged as a target, witnessing a loss of $110.12 million across 213 incidents. The zkSync Era network lost $5.2 million in two incidents, while Solana experienced a loss of $1 million in a single attack.

Losses on centralized platforms, including exchanges and trading platforms, totaled around $256 million across seven cases. The largest of these incidents occurred in November when an attack on Poloniex resulted in a net loss of $122 million.

Access control exploits proved to be the most damaging, with attackers exploiting weaknesses in how permissions and access rights are managed within smart contracts or platforms. Such exploits, totaling more than $852 million in losses from 29 instances, often grant unauthorized access to funds or critical functionalities.

While the cryptocurrency industry has made strides in bolstering security measures, the report highlights the persistent challenges and underscores the importance of ongoing vigilance and innovation to safeguard users and their assets.

Vulnerabilities Exposed: Implications for Traditional Cold Wallet Security

Earlier, Finance Magnates reported that in a cyberattack on Ledger, $484,000 in digital currencies was stolen, exposing vulnerabilities in the traditionally secure storage method. The breach, attributed to a former employee falling victim to a phishing attack, has broader implications for the safety of cold wallets.

Ledger confirmed that hackers inserted malicious code into the GitHub library for Connect Kit, a widely used javascript library enabling decentralized finance (DeFi) protocols to connect with hardware wallets. This has put several DeFi platforms, including Sushi, Lido, Metamask, and Coinbase, at risk.

While Ledger swiftly removed the malicious code, users remain at risk. All protocols using Connect Kit must manually update their versions to address the security threat. Ledger's CEO emphasized the need for continuous security improvement, acknowledging the incident as a reminder of the dynamic nature of security.

The attack questions the previously perceived safety of cold wallets, typically considered secure due to their offline nature. Ledger is actively cooperating with authorities, vowing to support affected users and aid in the investigation to apprehend the hacker and recover stolen assets.