The whole of Web 3.0 was valued at 934 billion dollars in 2022. This sacred fortune has attracted many hackers and scammers in the past year. In all, an estimated $3.95 billion was stolen the previous year. In this month of January, it is an opportunity to take stock of the hacks and frauds in Web3.0 in 2022, a top 10 and an analysis of the lessons that emerge.
Source: Immunefi, one of the main players against hacks
Throughout this article, we will cite the excellent report of Immunefi published in January 2023. Immunefi is a key player in cybersecurity and the crypto universe. It is a bug bounty platform for Web 3.0 players. The bug bounty concept allows companies to fix flaws in their applications by rewarding users who report breaches. Concretely, Immunefi is an intermediary between Web3 companies (wanting to ensure the security of their code and their protocols) and ethical hackers (trying to identify security flaws against payment if they find any). In just two years, Immunefi claims to have paid out $60 million to ethical hackers, and prevented over $25 billion from being hacked. By the way, here is a very good article to learn more about hacks in crypto, bug bounty and Immunefi.
General review of the year 2022
In 2022, there are 168 fraud and hack cases successful or semi-successful. In total, these 168 cases represent $3.95 billion stolen from Web 3.0. Good news ! In fact, this figure represents a 51% drop from the $8.09 billion stolen in 2021. In addition, of all 2022, the fourth quarter was the most terrible with 1.62 billion losses in 55 incidents. So the Q4 accounts for 41% of total 2022 losses. Most of the amount stolen results from two specific projects: FTX of course and BNB Chain. Therefore, between them, they represent 1.22 billion losses.
Top 10 losses in 2022
- FTX: $650 million
- Ronin Network: $625 million
- BNB Chain: $570 million
- Wormhole: $326 million
- Nomad Bridge: $190 million
- Beanstalk: $182 million
- Wintermute: $100 million
- Harmony: $100 million
- Mango Markets: $100 million
- Mirror Protocols: $90 million
Thus, with this Top10, we see that in 2022 the industry suffered some of the biggest hacks of its existence. Besides, top five hacks of the year account for 59.8% of total losses and total $2.36 billion.
Who is most targeted by these hacks and frauds?
In terms of sector, DeFi (decentralized finance) is more a victim of these hacks and frauds than CeFi. Indeed, in 2022, DeFi accounts for 80.5% of total losses, compared to 19.5% for the CeFi. DeFi suffered $3.18 billion in losses in 2022, an increase of 56% compared to 2021. As for CeFi, it lost $0.77 billion, an increase of 87% compared to 2022.
In terms of blockchain, BNB Chain and Ethereum were the two most targeted chains in 2022. Indeed, BNB Chain suffered the most attacks with 65 incidents (compared to 43 in 2021). This represents 36% of the total attacks on all blockchains in 2022. As for the Ethereum blockchain, it suffered 49 attacks (compared to 45 in 2021). This equates to 27% of total attacks across all blockchains in 2022.
How are the funds stolen?
In 2022, hacks clearly remain the predominant cause losses from fraud, scams and rug pulls. Rug pulls refer to a malicious maneuver in crypto where the developers of a project disappear with investors’ funds. Finally, fraud is only responsible for 4.4% of total losses in 2022. Hacking constitutes 95.6%.
How much money could be recovered?
In addition, in 2022, $205 million could fortunately be recovered from the stolen funds during 12 particular cases. Although impressive, this amount represents only 5.2% of the total losses in 2022.
In 2023, more steps need to be taken to assure the many skeptics that they can invest in cryptocurrencies without fear that their funds will be lost. The crypto industry faces a big trust deficit. Indeed, the observation is clear and without appeal. And, in particular, the scams and hacks have just as much to do with it as the FTX and Three Arrows debacles. So, to remedy this, users are going to have to be provided with more security against the threat of scams and hacks. This will require better tools and software anti scam, more elaborate cybersecurity systems, stronger regulation to test the reliability and financial soundness of a project, and more internal and external audits (see the article on the failure of the entire chain of custody which caused the FTX disaster). In addition, in another register, we also did an article on the crypto fundraisings of 2022: Review, top 10, trends and lessons.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service ofdaily and weekly so you don’t miss any of the essential Tremplin.io!