This year, hackers have cost Web3 projects more than $2 billion

Web3 projects have lost more than $2 billion to hacks and exploits in the first six months of 2022, more than in the entire year of 2021.

CertiK, a blockchain auditing, and security business released its quarterly Web3 security report for the second quarter of this year on Thursday. The research presents a bleak picture of a cryptocurrency market still beset by breaches, frauds, and phishing attempts, as well as relatively new risks like flash loan assaults.

CertiK focuses specifically on this last type of threat, which was generated by the introduction of flash loans: a decentralized financing system that allows borrowers to access extraordinarily huge sums of cryptocurrency for very short periods of time. Flash loans can be used maliciously to influence the value of a certain token on exchanges or to buy up all of the governance tokens in a project and vote to remove all of the funds, as happened to Beanstalk in April.

According to CertiK’s study, a total of $308 million was lost across 27 flash loan attacks in Q2 2022 – a massive rise from the $14 million lost to flash loans in Q1.

Between Q1 and Q2 of this year, the number of phishing assaults increased, with CertiK recording 290 in the most recent quarter compared to 106 in the first three months of the year. Despite persistent security concerns, Discord remained the vector for the great majority of phishing attempts, indicating its continued appeal as the social network of choice for the cryptocurrency and NFT community.

In slightly better news, so-called “rug pulls,” in which project founders halt work and disappear with the funds, are becoming less prevalent, though tens of millions of dollars are still squandered in this manner. CertiK discovered that a total of $37.46 million was lost to rug pulls in the second quarter of this year, a decrease of 16.5 percent from the previous quarter. However, the report attributes much of this decrease to the current crypto winter, which may be driving away less experienced investors who are more likely to be duped by scam projects.