Over $2 billion was lost by Web3 projects between January and June due to hacks. In just six months, cybercriminals have managed to make these projects lose more money than in the whole of 2021.
Touted as the next major Internet revolution, Web3 is whetting the appetite of cybercriminals. Indeed, the year 2022 got off to a flying start with more than $2 billion lost by Web3 projects between January and June due to hacks and exploits of security vulnerabilities, according to the latest quarterly report. from the firm of CertiK, a company renowned for its audits in the blockchain sector. In just six months, cybercriminals have already managed to make these projects lose more money than in the whole of 2021.
Among the methods used by the criminals, there are in particular scams via flash loans. This decentralized financing mechanism allows borrowers to access extremely large amounts of cryptocurrency for very short periods of time. Used maliciously, flash loans can be used to manipulate the value of a token on exchanges or buy all governance tokens for a project and then withdraw all funds.
This is particularly what happened to Beanstalk, the protocol behind the stablecoin Bean. The latter lost $182 million last April in a governance attack. A total of $308 million was lost in 27 such attacks in Q2 2022, compared to $14 million in Q1.
Flash loans and phishing are popular
Another method favored by cybercriminals, attacks of phishing (phishing) have increased sharply since the beginning of the year. CertiK detected 106 between January and March, then 290 over the past three months. In this context, the Discord messaging platform appears to be the main target of attempts to phishing.
On the other hand, the method of rug sweater, an English term that translates into French as “carpet pulling”, has been used a little less in recent months. This designates a scam where the founders of a project abandon it and flee with the funds provided by the investors. According to CertiK, this scam technique lost $37.5 million in the second quarter, down 16.7% from the first three months of the year.
However, this decline is partly attributable to the difficult period experienced by the cryptocurrency and NFT sector, which is one of the components of Web3. Against the backdrop of collapsing crypto-asset values and sluggish investments, opportunities for scams have become rarer lately. However, there is no doubt that crypto-criminals will be on the lookout when the recovery of the sector takes place. CertiK thus expects a 223% increase in lost funds in the Web3 sector over the whole of 2022.