top of page
GenerativeAI_728x90 (4).png


  • Philip Osadebay - Tech Journalist

Web3 loses $2 billion in phishing attacks in 2022

The first half of this year has already seen more significant losses for blockchain and cryptocurrency schemes, losing over $2 billion in assets. Many crypto investors witnessed more breaches in 2022 than in 2021, making it the most costly year for Web3 projects.

Projects include blockchain-based efforts and cryptocurrency schemes that have lost $870,802,424 due to hacks, frauds, and attacks over the past three months. The blockchain auditing and security firm CertiK released its quarterly Web3 security report earlier this week. It suggested cybercriminals are stealing hundreds of millions of dollars worth of cryptocurrency. Google Cloud confirms it is assembling a team precisely to assist Web3 developers, and Microsoft publishes a study of Web3's' ice phishing' assault.

Inverse Finance, an open-source protocol for lending and borrowing assets, Beanstalk, a decentralized stable coin protocol built on the Ethereum blockchain, and bDollar, an algorithmic multi-peg stable coin operating on the Binance smart chain, are a few examples of Web3 initiatives. In comparison to 2021, it is predicted that the thousands of Web3 projects currently under construction will lose 223 percent more money to cyberattacks during 2022.

Despite expectations, the amount lost due to attacks is down 42% from the prior quarter. However, the researchers acknowledged that late March's $624 million catastrophic attacks against the Ronin Network tainted the data. Flash loan assaults are decentralized finance attacks where someone obtains a brief-term loan known as a "flash loan."

Attackers can influence the price of particular tokens on exchanges and the market in this situation. The second quarter of this year had the biggest amount ever lost due to flash loan attacks, with 27 attacks resulting in a loss of $308,579,156.

The amount of money lost increased by 2000% between the first and second quarters. However, the greatest profit flash loan attack ever, in which a hacker took $182 million after targeting Beanstalk Farms, skews these most current numbers. This was the cause of 59% of the whole loss in only the previous quarter.

Another critical element was the $79 million flash loan attack against the Fei protocol. The $3 million attacks against Deus Finance in Q1 was the most significant flash loan attack.

Rising Web3 phishing assaults

Additionally, phishing attempts have grown by 170 percent since the previous quarter, according to CertiK, which also emphasises the importance of social media platforms for Web3 initiatives. In Q2, there were 290 attacks as opposed to 106 in Q1.

These assaults mostly targeted Discord servers for projects. Discord and Telegram don't support account verification, although Twitter does, according to CertiK. This enables hackers to create account clones and use freebies and token offers as lures.

From the standpoint of Web3 security, what's annoying about these intrusions is that the hackers are employing tried-and-true Web2 techniques that prey on centralisation and human mistake as a starting point, then using this to make lateral moves to exploit Web3 in turn, according to CertiK in its report. In this sense, the frequency of phishing attempts demonstrates Web3's continued and problematic interaction with the outdated and exposed infrastructures of Web2. Many of Web3's negative reputation as a digital "wild west" stems from where it depends on Web2 technologies and their risks.

Carving out an exit strategy

Another common attack type is rug pulls and exit scams, which resulted in losses of $37,462,472 across 90 incidents. This is where a project's creators halt work and vanish with the funding. This is where a project's creators halt work and vanish with the funding. For instance, rug pulls, and exit scams cost $2,650,234,662 in the second quarter of 2021.

While this reduction is undoubtedly beneficial, CertiK stated that it is probably the result of the ongoing bear market. The types of inexperienced investors who are likely to fall prey to the extravagant promises of bad faith ventures become less prevalent when the flow of new money entering the Web3 economy slows. In comparison, the typical Web3 investor surviving the so-called crypto-winter is more challenging to con and much less ready to part with their hard-earned money.

It is understandable why we have not seen a surge of new investors enter the industry, given all of the tragic events that happened in Q2, including the demise of Terra, Three Arrows Capital, and Celsius's financial difficulties.

Last but not least, 39 attacks involving exploits cost approximately $520 million in Q2. This represents a 57% decrease from the $1.2 billion lost in the first quarter over 33 attacks, even though the Ronin Network attack again distorted these numbers.


bottom of page