A report from CertiK finds that web3 projects lost over $2 billion to hacks in H1 2022—more than all of 2021 combined.
“2022 is already the most expensive year for web3 by far. From these numbers, 2022 is forecast to see a 223% increase in the funds lost to attacks when compared with 2021,” wrote CeriK in their report.
CertiK’s sobering report highlights the difficulties of an industry that pitches itself as returning to the decentralised ideals of web1 while rebuilding trust after companies and authorities in the web2 era played loose with the privacy and rights of individuals.
The biggest hack in web3 history occurred to Poly Network in August 2021. In that attack, over $600 million of tokens were stolen. The hacker ended up returning nearly all of the money so it cannot be considered “lost”.
In March 2022, Ronin Network’s bridge was hacked and around $552 million in Ethereum and USDC was stolen.
Ronin’s hackers did not return the funds but, in some karmic justice, they attempted to use their loot to “short” the network’s tokens with the aim of earning more after news of the hack broke but it didn’t go quite as planned:
The hack of Ronin earlier this year still resulted in permanent losses for the legitimate holders of the stolen assets. The devastating hack contributes significantly to the record-breaking amount of value lost by web3 project exploits in 2022 so far.
“There is some cause for slight optimism given that the amount lost to attack is down by 42% from the previous quarter. However, this data is skewed by the catastrophic attack against the Ronin Network for $624 Million in late March,” CertiK adds.
CertiK notes a steep rise in the number of flashloan and phishing attacks targeting web3.
By far the largest flashloan attack targeted Beanstalk Farms and cost over $182 million. The second-largest hit Fei Protocol for over $79 million. DEUS Finance 2 was in a more distant third place but still suffered more than $15 million in losses.
In contrast, the number of rugpulls and exit scams are “far lower than the eye-watering losses seen in the previous year.”
By far the largest exit scam in recent months was of Breedtech; resulting in more than $9 million in losses. In a distant second was DIAOS which cost investors over $2 million.
You can find a full copy of CertiK’s report here (registration required)
(Photo by Jackson Simmer on Unsplash)
Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London. The event is co-located with the Cyber Security & Cloud Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.