In 2022, Web3 projects have already lost more money in cryptocurrencies to hacks and exploits than in all of 2021. Web3 projects have lost the equivalent of over $2 billion to hackers and scammers so far in 2022. This is reported by The Verge, citing a report by the security company Certik. This means that the total for the first half of 2022 already exceeds that for the whole of 2021.
According to the report, cryptocurrency projects suffer greatly from hacks, scams, and exploits. In the process, the security mechanisms of the projects are sometimes undermined. One of the biggest new threats is so-called flash loan attacks, in which attackers gain majority decision-making power over a large investment.
The most well-known case in 2022 where a flash loan attack was used is Beanstalk. The stablecoin project was robbed of cryptocurrency shares, which are said to have been worth the equivalent of over $182 million in total.
Beanstalk was overwhelmed by its organizational system
The attackers took advantage of the management system underlying Beanstalk: users have voting rights for code changes, the scope of which depends on their shares in Beanstalk. With a flash loan, in which large amounts of crypto money can be borrowed for just a few seconds, the attackers have secured a majority of the voting rights and transferred crypto money to their own wallets.
According to Certik, scammers lost $308 million in the second quarter of 2022 alone. In the first quarter of the year, it was just $14 million. Phishing attacks are also said to have increased sharply in the second quarter. Above all, phishing attempts are said to have been made on Discord.
So-called rug pulls, in which the founders close a project without prior notice and withdraw with the capital they have raised, have become rarer. It is conceivable that the downturn in the crypto market has meant that there are fewer inexperienced investors who are more likely to fall for a scam.