CertiK’s latest report reveals a noteworthy decline in cryptocurrency security incidents in 2023.

Total losses came down to $1.84 billion across 751 events, marking a 51% decrease from 2022. Moreover. each incident averaged $2.45 million in losses, with the top ten contributing $1.11 billion. Interestingly, the blockchain security firm found that the median loss per incident was a mere $101,132.

November claimed the highest amount lost at $363,367,327 from 45 incidents, while Q3 dominated with $686,558,472 losses from 183 hacks, scams, and exploits.

Private Key: Not So Private

Private key compromises accounted for nearly 50% of total losses, amounting to $880 million. CertiK’s report found that these numbers stemmed from just 47 incidents, representing only 6.3% of total security incidents throughout the year, yet over half of the losses.

Notably, six of the ten most costly security incidents throughout 2023 were due to private key compromises.

The compromise of Multichain in July caused a loss of $125 million. Despite asserting decentralization, it was disclosed that Multichain’s CEO had exclusive control over its multi-party computation servers and private keys. The vulnerability came to light with the CEO’s arrest, rendering $1.5 billion in Total Value Locked (TVL) on the Multichain bridge inaccessible to users.

As such, CertiK has informed users to implement certain private key management practices, which include:

• Employing multi-signature wallets to distribute control, reducing the risk of single-point failures.
• Opting for hardware wallets for secure key storage, preventing exposure in plain text.
• Storing private key backups offline in secure locations like safety deposit boxes.
• Defining strict access policies to limit key access to authorized personnel only.
• Safeguarding private keys with strong encryption in secure formats.
• Regularly audit and monitor key use to detect unauthorized access.
• Utilizing co