15 Jul Over $718 Million Lost to Web 3 Hacks in Q2 2022: Report
Web 3 security firm Beosin recently released its 2022 Q2 Web 3 Security Report, analyzing the latest hacks and exploits to impact the blockchain sphere. It found that over $718 Million were lost to related schemes during that time – most of which occurred in the defi space.
Breaking Down the Numbers
The report – produced in collaboration with Footprint Analytics – cited 48 major “attacks” as responsible for those losses. These attacks were far from equal: three alone (Beanstalk Farms, Elrond, and Harmony) each accounted for over $100 million in losses, with 28 making up between $1 million and $10 million lost.
Last quarter’s losses are technically a 40% drop from the near $1.2 million lost in Q1, 2022, but is still a 2.42 times increase from the $296.56 million lost in Q1 2021. Furthermore, losses in Q1 2022 were likely dominated by the infamous Ronin Bridge hack, which netted over $600 million for the attacker.
Data shows that April was the most active month for hacking, with “19 major security incidents” and over $374 million lost. Losses significantly decreased in May alongside Bitcoin’s price, but saw an interesting spike in June despite the market’s continued decline.
“All chains and attacked projects saw a significant decrease in TVL values in May,” reads the report. “Most projects experienced a decrease in TVL immediately after they were attacked.”
The Most Common Attacks
Decentralized finance (defi) was the overwhelming target among web 3 hackers. Defi allows crypto users to access financial services like borrowing and lending in a decentralized manner using self-executing smart-contract programs.
About 79.2% of attacks occurred in this space last quarter, accounting for 63.3% of losses. The most common attack method was to exploit vulnerabilities in smart contract code, netting hackers $138 million in total. These comprised 45.8% of attacks, compared to 50% of attacks in Q1.
The next most common attack method involved the use of flash loans – defi loans that don’t require collateral but must be paid back in short order. Hackers often use flash loans to amass vast control of a given protocol’s governance token, allowing them to pass malicious protocol changes. Such attacks netted $233 million in Q2 – more than any other hacking method.
Another $131.15 million were lost to compromised private keys, around which security “continues to be a concern.”
52% of attacked projects had reportedly been audited. Audited projects still accounted for the vast majority (76.2%) of stolen funds.
BNB Chain: King of Hacks
As the longtime king of defi, Ethereum was home to $381.35 million in losses last quarter – more than any other chain. According to Defi Llama, nearly $48 billion is still locked in defi protocols on Ethereum, out of $77.11 billion across the entire ecosystem.
The network saw a significant recovery in defi’s market share following Terra’s collapse – the former number 2 defi network. The new runner-up is Binance Smart Chain (BSC; aka BNB Chain), which holds just $6.21 billion locked.
However, when broken down by the volume of major attacks, BNB chain accounted for 26 – more than half of them. The chain joins Ethereum, Fantom, and Cronos as having suffered major attacks for two quarters in a row. By contrast, Solana was walloped with $374 million in losses across two exploits in Q1 but suffered no major attacks in Q2.
Unsurprisingly, over half of the stolen funds in Q2 ($418.89 million) were transferred to Tornado Cash – a cryptocurrency mixing service that helps thieves cover their tracks on the blockchain. Of those funds, $131 million in assets were recovered.
Post is imported from RSS feed, by one of our guest editors. G6 does not edit or moderate the content. G6 is not responsible for your actions. No rights owned by G6. To remove the post, please email us at [email protected]