Immunefi, the leading bug bounty and security services platform for web3, protecting over $60 billion in user funds, published its Crypto Losses in Q3 2023 Report. The crypto industry lost 685,510,444 in Q3 of 2023. Total losses across the ecosystem reached $1,388,475,506 YTD.

  • In Q3 2023, the number of attacks spiked: the number of single incidents increased 153% YoY from 30 to 76 in Q3 2023. The total losses are up 59.9% from Q3 2022. Overall, Q3 has witnessed the highest loss in 2023.

  • The 2 major exploits of the quarter, Mixin Network and Multichain, totaled $326,000,000  alone, accounting for 47.5% of all losses in Q3 2023.

  • The Lazarus Group was responsible for $208,600,000 stolen, representing 30% of the total losses in Q3 2023. The group was allegedly behind the high-profile attacks on CoinEx, Alphapo, Stake, and CoinsPaid.    

  • In Q3 2023, hacks continued to be the predominant cause of losses at 96.7% in comparison to frauds, scams, and rug pulls, which amounted to only 3.3% of the total losses.

  • In Q3 2023, DeFi continued to be the main target of successful exploits at 72.9% as compared to CeFi at 27.1% of the total losses.

  • The two most targeted chains in Q3 2023 were Ethereum and BNB Chain. Ethereum suffered the most individual attacks, with 35 incidents, while BNB Chain witnessed 25 incidents. Base followed with 4 incidents and Optimism with 3 incidents. Polygon, Avalanche, Arbitrum, zkSync Era, and Fantom each had 2 incidents. Solana and others followed with 1 incident each.

  • In total, $61,169,000 has been recovered from stolen funds in 6 specific situations. This number makes up 8.9% of the total losses in Q3 2023.

“Q3 witnessed the highest loss in this year, driven by large-scale attacks such as the one on Mixin Network and Multichain”, said Mitchell Amador, CEO of Immunefi. “State-backed actors played a crucial role as they were allegedly behind several cases this quarter. Their particular focus on CeFi led to a sharp surge in losses within this sector.”

Immunefi is the largest and most widely adopted bug bounty platform in web3 which is trusted by established, multi-billion dollar projects like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, and more. Immunefi has paid out the most significant bug bounties in the software industry, amounting to over $80 million, and has saved over $25 billion in user funds. 

The full report is available on Immunefi’s website. Recently, Immunefi published the Crypto Losses in Q2 2023, a display of the volume of crypto funds lost by the crypto community due to hacks and scams in Q2 2023, and the Crypto Losses in Q1 2023, respectively. In addition, Immunefi published the Hacker Ecosystem Survey 2023, a survey of the whitehat community displaying the top challenges, interests, and motivations at play in the web3 security industry, the Hacks & Token Prices Report, an overview of the impact of hacks on the prices of protocols’ native tokens, and the Top Crypto Bounty and Ransom Payouts Report, detailing the most important industry bug bounty payments to date, as well as ransom payments.

About Immunefi

Immunefi is the leading bug bounty and security services platform for web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds across projects like Synthetix, Chainlink, SushiSwap, Polygon, Bancor, MakerDAO, TheGraph, Wormhole, Optimism, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $80 million, and has pioneered the scaling web3 bug bounties standard. For more information, please visit