Web3 projects have already lost billions to hackers this year

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

Hackers and scammers have managed to steal more than $2 billion from Web3 projects in the first half of 2022, already more than the sum lost for the whole of 2021. 

A report from CertiK found that while virus attacks, hacks, scams, phishing, identity theft, and other social engineering attacks, are all quite popular among threat actors, there’s a new rising threat that’s grown into quite the monster - flash loan attacks.

A flash loan is just as it sounds - a loan that people can take, and need to return, in a flash. But given the fact that people can get enormous amounts of money in flash loans, these can be abused to attack certain protocols and drain the funds.

Millions lost

Something similar happened to the Beanstalk protocol in April 2022. Entities with large amounts of the BEAN token get voting rights, allowing them to vote on important events, like fund withdrawals. With the help of a flash loan, an attacker managed to obtain large amounts of BEAN, and then use their newfound voting power to vote in favor of withdrawing almost $200 million from the protocol.

According to CertiK, the second quarter of 2022 saw 27 flash loan attacks, resulting in losses of $308 million - but just a few months earlier, “only” $14 million had been lost that way.

The analysts are also saying that phishing attacks rose between the two quarters, from 106 in Q1, to 290, in Q2. 

Most of the time, the attackers would try and compromise endpoints via Discord, as that’s one of the most popular social networking platforms for crypto and Web3 developers and enthusiasts. 

“Rug pulls”, a practice in which the “developers” would pull the rug on investors and disappear with their money, seem to be losing popularity. One of the reasons why rug pulls are no longer that popular is the deep bear market that’s currently being manifested. 

Despite the good news, there were still more than $37 million lost that way in Q2 this year (down 16% quarter-on-quarter).

Via: The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.