Computer Hacker
Exploits and other security incidents in the web3 space in March 2024 resulted in losses of around $139 million. TheDigitalArtist/Pixabay

KEY POINTS

  • Overall losses in the web3 ecosystem reached $139 million in March, as per SlowMist
  • The blockchain security firm added that smart contract flaws also resulted in millions of losses last month
  • Among the biggest security hacks last month was at WOOFi and most recently, Prisma Finance

March saw 33 major security incidents in the web3 ecosystem that led to $139 million in total losses, and nearly 47% of the said incidents were linked to "insider" misconduct, a blockchain security firm said Monday.

"Insider malfeasance accounted for 46.9% of losses, emphasizing the need for stringent internal security measures," SlowMist said in its latest report that tracked security breaches in the web3 space last month.

In March there were three incidents linked to insider malfeasance that resulted in losses of $65.4 million, the blockchain security and analysis firm noted. "The SlowMist security team strongly advises projects to thoroughly review their internal security measures and strengthen access controls for sensitive information and assets," it said in the report.

Regulators have already started acting on security incidents linked to insider misconduct. Gary Gensler, chair of the U.S. Securities and Exchange Commission (SEC), said late last year that the regulator it will probe fraud in cryptocurrency community in the same way as it has investigated insider trading within the regulated community.

In mid-2022, the U.S. charged former Coinbase product manager Ishan Wahi for committing "insider trading in cryptocurrency assets by using confidential Coinbase information" for illegal trades in 25 different crypto assets" that gave them ill-gotten gains of around $1.5 million. It was the first insider trading case in the history of the country's crypto ecosystem.

While insider malfeasance made up for significant losses in the sector last month, smart contract vulnerabilities also had an impact on the industry as the said issues resulted in losses of about $36.89 million, as per SlowMist.

The blockchain security monitoring firm noted that its March report only represented "major" incidents last month and did not include incidents that affected individual crypto users.

Among the security breaches highlighted in SlowMist's report was the exploit of decentralized finance (DeFi) platform WOOFi, wherein a vulnerability that caused a price calculation error allowed the hacker to steal cryptocurrencies worth around $8.75 million.

Another significant hack last month was that of DeFi trading platform Unizen, which lost some $2.1 million due to an "external call vulnerability" first flagged by blockchain security firm PeckShield and SlowMist.

The report also discussed the exploit of liquid staking protocol Prisma Finance, which resulted in losses of $11.6 million. The hacker has since demanded a public apology from the protocol, saying its developer team did not take contract audits seriously and should take responsibility. The exploiter also demanded that the team behind Prisma reveal their true identities to the public and apologize properly for their mistakes in handling the system.