The impact of digital asset scams has been a major talking point around policies, regulations, and developer’s direction this year with millions lost across chains to bad actors.
A new report by blockchain security firm Hacken shows a quarter-to-quarter increase in hacks and money drained from crypto firms amid wider calls for tougher regulations.
A total of 117 hacks was reported in the last three months with $720 million stolen in the entire industry compared to Q2 2023 131 hacks and $327 million stolen values.
A significant share of losses can be hinged on access control (65%) which analyst at Hacken believes displays the human factor as a major challenge as well as coding errors.
“In Q3, the crypto landscape witnessed diverse security breaches. The lion’s share of the losses, with a significant 65%, came from Access Control attacks. Smaller yet noteworthy segments – Rug pull and Reentracny + Flash Loans made up over 20%.”
Access control accounted for $449 million in losses from about eight incidents.
The biggest hack in the last three months was the Multichain bridge which saw $231 million after its previous two incidents attracting wider concerns within the community.
The infamous Viper Compiler incident caused by a bug led to approximately $70 million in losses from multiple projects before 90% of stolen funds were recovered.
Rug pulls: A bad actor’s favorite
Rug pulls account for most scam incidents because of the nature and ease of creation. Rug pulls are a type of exiting scam perpetuated by the team on most occasions rather than an external hacker.
The developers of a scam coin build traction and suddenly withdraw liquidity after the price pump, a scheme described by analysts as easy to spot and prevent.
One way of preventing scams like rug pulls is to research the token’s audit properly documented by a third-party auditor, the company noted.
Crypto users usually ignore key indicators like auditors before investing in certain projects putting them at risk. It should be noted that even if an audit is presented, there is still the risk of a rug pull pushing analysts to advise taking notes of the reputation of the firm behind the audit.
“The project can undergo an audit and have an audit report, but with a poor score. Yet, users overlook this and consider the mere fact that the project was audited as sufficient.”
Hacken examined 78 rugpulls of the total number and discovered only 12 have participated in periodic audits. The firm proposed a multi-audit approach to block scammers that may conceal intentions at first as smart contract vulnerabilities remain prevalent.