CertiK's latest report reveals a significant decline in cryptocurrency security incidents in 2023.
Total losses decreased to $1.84 billion across 751 events, which represents a 51% decrease from 2022. Moreover. Losses per incident averaged $2.45 million, and the top 10 contributed $1.11 billion. Interestingly, the blockchain security company found that the average loss per incident was only $101,132.
November had the highest loss amount of $363,367,327 from 45 incidents, while Q3 was dominated by losses of $686,558,472 from 183 hacks, scams and exploits.
Private key: Not very private
Private key compromises accounted for nearly 50% of the total losses, which amounted to $880 million. The CertiK report found that these numbers stemmed from just 47 incidents, representing just 6.3% of all security incidents over the year, yet more than half of the losses.
It is worth noting that six of the ten most costly security incidents during 2023 were due to private key breaches.
The Multichain hack in July caused a loss of $125 million. Despite the emphasis on decentralization, it was revealed that Multichain's CEO has exclusive control over multiparty computation servers and private keys. The vulnerability was revealed with the arrest of the CEO, making $1.5 billion of Total Value Locked (TVL) on the Multichain Bridge inaccessible to users.
As such, CertiK has informed users to implement certain private key management practices, which include:
- Use multi-signature wallets to distribute control, reducing the risk of single-point failure.
- Choose hardware wallets to store keys securely, preventing plaintext exposure.
- Store backups of private keys offline in secure locations such as safe deposit boxes.
- Define strict access policies to limit access to the key to only authorized personnel.
- Protect private keys with strong encryption in secure formats.
- Regularly audit and monitor key usage to detect unauthorized access.
- Use cold wallets to store extensible private keys, reducing online threats.
- Educate relevant employees on key management best practices, with an emphasis on security and confidentiality.
- Consider multi-party computing (MPC) to share the key securely without exposing the entire key to one party.
- Utilize professional key management services, especially for enterprise-level operations, to ensure compliance with industry standards.
Other highlights
Meanwhile, Ethereum emerged as a leader in losses, according to CertiK's findings regarding blockchains. The report indicates that Ethereum suffered total losses amounting to $686 million, including 224 incidents, with an average of about $3 million per incident.
In contrast, the BNB chain, despite facing 387 security incidents, recorded much smaller losses of $134 million, highlighting a marked contrast to Ethereum's numbers. Furthermore, the challenge of cross-chain interoperability remains a major concern in the cryptocurrency industry. The blockchain security firm noted that security breaches affecting multiple blockchains resulted in losses of $799 million.
