It’s no secret that in 2022 the world of Web3 and decentralized finance (DeFi) experienced a slew of major exploits and attacks. From the Ronin bridge attack to the Nomad hack, the top 10 exploits alone saw over $2 billion lost. In the Beosin Global Web3 Security Report 2022, it revealed that of 167 major security incidents over the last year those rooted in DeFi were the most vulnerable. DeFi projects were attacked 113 times, which accounted for approx. 67.6% of recorded attacks. This is followed by attacks on exchanges, nonfungible token (NFT) projects, cross-chain bridges and wallets in that order. According to the report, DeFi projects came in second in terms of monetary losses with a total of $950 million in losses. This follows the $1.89 billion lost in cross-chain bridge exploits in the last year. In total 2022 saw $3.6 billion lost from all attacks on all project types. This is an increase of 47.4% from the previous year’s total of $2.4 billion lost in security exploit related-incidents. Already alarm bells are going off for DeFi project to be wary of even more exploits in this upcoming year as well. Experts say that a combination of the amount of DeFi projects that spring up, the lack of security testing prior to going live and the value these projects attract are reasons hackers are inclined toward the space. Additionally blockchain security companies are urging users to hold on to their private keys, as funds lost to private key compromises in 2023 will be due to poor management thereof.
Full report : DeFi-type projects received the highest number of attacks in 2022.
While these are the web3 hacks that have happened in 2022, OODA has been compiling a comprehensive Web3 incident database based on our research to categorize what compromises are taking place as well as document the root causes that plague Cryptos, DeFi, NFTs, and Web3 in general. Tracking root causes provides comprehensive insights into how innovators can create robust cyber risk management approaches and reduce the potential for consequential attacks. You can access the OODA comprehensive Crypto Incident tracker here.