A report from CertiK notes that web3 projects lost more than $2 billion to hacks in H1 2022 — more than all of 2021 combined.
“2022 is already by far the most expensive year for web3. Based on these figures, a 223% increase in resources lost to attacks is projected for 2022 compared to 2021,” CeriK wrote in their report.
CertiK’s sobering report highlights the difficulties of an industry that presents itself as a return to the decentralized ideals of Web1, as trust is restored after companies and authorities in the Web2 era played loose with individuals’ privacy and rights.
The biggest hack in web3 history happened in August 2021 at Poly Network. More than $600 million worth of tokens were stolen in that attack. The hacker eventually returned almost all the money, so it cannot be considered “lost”.
In March 2022, Ronin Network’s bridge was hacked and approximately $552 million in Ethereum and USDC were stolen.
Ronin’s hackers didn’t return the money, but in some karmic justice they tried to use their loot to “shorten” the network’s tokens with the aim of earning more after news of the hack broke, but it didn’t quite work out. as planned:
You can’t make this up
Hacker steals $600MM in ETH from Ronin blockchain, the underlying Axie
Hacker then shorts Ronin & AXS (Axie token) knowing as soon as news comes that tokens will drop
But NOBODY notices and they are liquidated shortly before the news breaks
— Eric Golden 🍌🦇🔊 (@ericgoldenx) March 29, 2022
Ronin’s hack earlier this year caused lasting losses to the rightful holders of the stolen goods. The devastating hack adds significantly to the record-breaking amount of value lost so far from exploits of web3 projects in 2022.
“There is some reason for slight optimism, as the amount lost to attacks is down 42% from the previous quarter. However, this data is distorted by the catastrophic attack on the Ronin network for $624 million at the end of March,” added CertiK.
CertiK observes a strong increase in the number of flash loan and phishing attacks targeting web3.
By far the largest flash loan attack targeted Beanstalk Farms, costing more than $182 million. The second biggest hit Fei protocol for over $79 million. DEUS Finance 2 was in a more distant third place, but still suffered more than $15 million in losses.
By contrast, the number of epidural and exit scams is “much lower than the dazzling losses in the previous year.”
By far the biggest exit scam in recent months has been that of Breedtech; resulting in over $9 million in losses. In a distant second, DIAOS was costing investors over $2 million.
You can find a full copy of CertiK’s report here (registration required)
Want to learn more about blockchain from industry leaders? Checking out Blockchain Expo takes place in Amsterdam, California and London. The event takes place in collaboration with the Cybersecurity and Cloud Expo.
Discover other upcoming business technology events and webinars powered by TechForge here.