Rise In Reported Web3 And Defi Hacks During Q1 2023, New Analysis Finds

• New analysis shows there were 19 reported hacks in Q1 2023 – up from 16 in Q1 2022 and 10 in Q1 2021.

• $265 million has been lost so far this year, with $197 million stolen in the biggest single hack of 2023.

Rise In Reported Web3 And Defi Hacks During Q1 2023, New Analysis Finds
Rise In Reported Web3 And Defi Hacks During Q1 2023, New Analysis Finds

New analysis* from Naoris Protocol, a global cyber security firm, reveals there was a rise in the number of reported cyber security hacks on Web3 and DeFi in Q1 2023 compared to the same period in 2022 and 2021 – with 19 reported hacks. This is up from 16 reported hacks in Q1 2022 and 10 reported hacks in Q1 2021.

Between 1st January 2023 and 14th April 2023 there were 22 reported cyber security hacks, totaling over $265 million in losses. The biggest single hack in Q1 2023 stole $197 million from Euler Finance.

The most common types of cyber security hack – Protocol logic

The most common type of hack so far in 2023 is one that targets a weakness in protocol logic. There were 11 of these types of hacks reported in the first quarter of this year, totalling $230 million in losses, which is less than half the amount lost in the same period in 2022. However, the number of these reported hacks in Q1 2023 was almost double that of Q1 2022, which saw six protocol logic attacks, but which totalled $471.8 million in losses.

There were also four attacks in Q1 2023 which targeted a weakness in the interaction between multiple protocols, classified as Ecosystem (there have been a further three reported attacks of this type since 1st April); two infrastructure attacks and two rug-pulls.

Types of attack year to date

Classification of cyber security attack (1st Jan 23 – 14th Apr 23)

Total amount lost (US$)

Number of reported cyber security hacks

Protocol logic 230.3 million 11
Ecosystem 23.9 million 7
Infrastructure 9.3 million 2
Rugpull 1.9 million 2


Targeting a weakness in protocol logic was also the most common type of attack in Q1 2022, with six in total valuing $471.8 million. During 2021, the attack type was one that targeted a weakness in the interaction between multiple protocols – classified as Ecosystem – with four recorded in the first quarter, totalling $52.8 million lost.

Sum of amount lost (US$) Number of reported cyber security hacks

Most common attack type

Q1 2023 252,466,000 19 Protocol logic (11)
Q1 2022 1,176,850,000

[226,850,000 when discounting Ronin and Wormhole]

16 Protocol logic (6)
Q1 2021 136,000,000 10 Ecosystem (4)
Q1 2020 1,000,000 2 Protocol logic (2)

When discounting the two huge cyber-attacks in Q1 2022 – Ronin at $624,000,000 and Wormhole at 326,000,000 – the overall amount stolen in Q1 2023 has increased by 11% on Q1 2022. The average amount stolen per cyber-attack in Q1 2023 was $13,287,684 compared to a slightly larger $16,203,571 in Q1 2022, showing in general hackers are increasing the number of attacks but stealing slightly less each time, compared to last year.

Monica Oravcova, Co-Founder & Chief Operating Officer, Naoris Protocol said: “Our analysis shows an alarming increase in the number of hacks. This is a disturbing trend, it’s . It’s important to use a new set of tools and technology, specifically, Distributed CyberSecurity Mesh Architecture, to protect the decentralised ecosystem. This could preemptively stop these attacks before they become costly breaches.”

The DeFi sector is under enormous pressure to find more effective ways to protect themselves from attacks, as the fallout undermines the mass adoption of a decentralised financial ecosystem. The war against cybercrime needs new weapons – you can’t mitigate Web3 cyber threats with Web2 technology. Using a decentralised cybersecurity mesh for our hyperconnected world could have potentially prevented these types of attacks. There needs to be a strong focus on creating cybersecurity interventions that are fit for purpose.

Changing techniques used by Web3 and DeFi hackers

The new analysis reveals that hackers targeting Web3 and DeFi are using a variety of techniques, with five new techniques already being reported in 2023:

• Collateral offboarding mistake

• Cloudflare key compromised

• Social engineering

• Redeem function exploit

• Flashloan donate function logic exploit

Top 5 hacking techniques reported in Q1 2023 (by USD value) Top 5 hacking techniques reported in Q1 2022 (by USD value)

Top 5 hacking techniques reported in Q1 2021 (by USD value)

1 Flashloan donate function logic exploit ($197 million) Private key compromised – social engineering ($624 million) Flashloan pool shares exploit ($37.5 million)
2 Access control exploit ($9.6 million) Signature exploit ($326 million) Drained contracts ($34.5 million)
3 Cloudflare key compromised ($9.2 million) Transfer Logic Exploit ($80 million) Infinite Mint and Dump ($27 million)
4 Flashloan reentrancy attack ($9.1 million) Private key compromised – unknown method ($51.6 million) Flashloan price oracle attack ($15 million)
5 Reentrancy ($6 million) Collateral Validations Exploit ($48 million) Delegatecall exploit ($14 million)



Ethereum blockchain reported the highest amount lost in Q1 2023 – $204.2 million which is 81% of the overall amount lost in the first quarter.

The Ethereum blockchain reported the highest number of hacks in 2022 (23 in total), six of which took place in the first quarter, amounting to $685 million – more than half (58%) of the total amount stolen in Q1.