According to quarterly reports, reputable Web3 security firm Beosin has in its 2022 Q2 Web 3 Security Report, stated the latest hacks and exploits to impact the blockchain sphere. Beosin found that hackers made away with over $718 Million during that time – most of which occurred in the defi space.
Web3 Suffered 48 major hacks
This report – produced in collaboration with Footprint Analytics – cited 48 major “attacks” as responsible for those losses. These attacks were far from equal: three alone (Beanstalk Farms, Elrond, and Harmony) each accounted for over $100 million in losses, with 28 making up between $1 million and $10 million lost.
The report further stated that last quarter’s losses are technically a 40% drop from the near $1.2 million lost in Q1, 2022, but is still a 2.42 times increase from the $296.56 million lost in Q1 2021. Furthermore, losses in Q1 2022 were likely dominated by the infamous Ronin Bridge hack, which netted over $600 million for the attacker.
April was the worst month for Web3
Data shows that April was the most active month for hacking, with “19 major security incidents” and over $374 million lost. Losses significantly decreased in May alongside Bitcoin’s price, but saw an interesting spike in June despite the market’s continued decline.
“All chains and attacked projects saw a significant decrease in TVL values in May,” reads the report. “Most projects experienced a decrease in TVL immediately after they were attacked.”
The Most Common Modes of Attack
Decentralized finance (defi) was the overwhelming target among web 3 hackers. Defi allows crypto users to access financial services like borrowing and lending in a decentralized manner using self-executing smart-contract programs.
About 79.2% of attacks occurred in this space last quarter, accounting for 63.3% of losses. The most common attack method was to exploit vulnerabilities in smart contract code, netting hackers $138 million in total. These comprised 45.8% of attacks, compared to 50% of attacks in Q1.
The next most common attack method was through flash loans. These are defi loans that don’t require collateral but require debtors to pay back in short order. Hackers often use flash loans to amass vast control of a given protocol’s governance token, allowing them to pass malicious protocol changes. Such attacks netted $233 million in Q2 – more than any other hacking method.
DeFi lost another $131.15 million to compromised private keys, around which security “continues to be a concern.” Furthermore, Audited projects accounted for 52% of projects attacked. Audited projects still accounted for the vast majority (76.2%) of stolen funds.