The first quarter of 2024 has brought both good and bad news for the Web3 ecosystem in terms of security. According to the latest report by Immunefi, a bug bounty and security services platform, a total of $336 million was lost to Web3 hackers and fraudsters in this period. This represents a 23% decrease compared to the same quarter in 2023. Despite this decrease, the report highlights that nearly half of the total capital stolen in Q1 2024 was taken in January alone, showing that the threat is still prevalent.
Types of Losses in Web3
The report delves into the different types of losses the Web3 community suffered during the first quarter of this year. It notes that a significant portion of the stolen capital, approximately $73,885,000, was recovered from seven specific situations. Two major exploits, the Munchables exploit and the Seneca exploit, contributed significantly to this amount. Hacks were responsible for the majority of the losses, accounting for $321,645,400 across 46 incidents. On the other hand, fraud accounted for $14,665,817 stolen across 15 specific incidents.
Challenges Faced by DeFi
Immunefi’s Founder and CEO, Mitchell Amador, highlighted that DeFi faced significant challenges in the first quarter, with the ecosystem accounting for 100% of the total losses. Private key compromises were a major issue, emphasizing the critical need to secure both code and protocol infrastructure. This underscores the importance of implementing robust security measures in decentralized finance platforms to mitigate the risk of attacks.
Targeted Chains and Projects
Ethereum remained the most targeted chain in Q1, surpassing BNB Chain in the number of attacks. Out of the total 61 incidents reported, Ethereum experienced 33 incidents, while BNB Chain suffered 14. These two chains together accounted for over half of the total losses in the quarter. Additionally, two projects, Orbit Bridge and Munchables, suffered the most significant losses, totaling $144,480,000, which represents 43% of the overall losses in Q1.
Hacks continue to be the leading cause of fund loss in the Web3 ecosystem, accounting for 95.6% of the total losses in Q1 2024. On the other hand, frauds only contributed to 4.4% of the losses. Despite the decrease in losses caused by both types of incidents compared to previous periods, the threat of hacks remains a significant concern for the community.
Immunefi plays a crucial role in protecting Web3 user capital by offering bounty rewards to security researchers. With over $155 million in available rewards and $95 million already paid out in bounties, the platform has been instrumental in identifying vulnerabilities and preventing potential losses. Immunefi claims to have saved over $25 billion in user funds through its security initiatives.
Overall, while the decrease in losses compared to the previous year is a positive sign, the Web3 ecosystem still faces significant security challenges. Securing decentralized finance platforms, addressing vulnerabilities in protocols, and promoting best practices in security remain paramount to safeguarding user funds from malicious actors. The landscape of Web3 security is evolving, and continued efforts are necessary to stay ahead of increasingly sophisticated threats.
