The number of attacks in the crypto industry has risen 192% year-over-year from 25 to 73 this past quarter, per research from Immunefi.
Despite this hefty rise, the total amount of money lost is actually down by 64.4%—likely due to market conditions.
Immunefi assessed the total amount of crypto funds lost by the community due to hacks and scams by reviewing, validating, and classifying publicly available data. They have been conducting similar reports since 2021.
Crypto losses fall into two categories in this report: losses that are the result of a contract flaw, known as a hack or exploit; or losses caused by human behavior such as a rug pull, scam, or fraud.
Biggest Crypto Exploits and Hacks of 2022
Blockchain analysis firm Chainalysis said 2022 was “the biggest year ever” in terms of the number of crypto projects hit with attacks and drained of funds—and that was in October. It certainly felt like it. 1/ After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from #DeFi protocols across 11 different hacks. pic.twitter.com/emz36f6gpK — Chainalysis (...
Another key insight the study revealed was that the BNB Chain was the prime target for exploits and scams. In fact, Immunefi reports that 73.3% of all rug pulls that the security firm surveyed occurred on the BNB Chain.
A rug pull refers to instances when a project raises funds, for example, for a new token or NFT collection, promising certain benefits to users, but then the developers abandon the project and fail to deliver the promised benefits, but retain the buyers' funds.
"BNB Chain still has a serious issue with developers using forked code," Immunfi’s triaging team lead Adrian Hetman Tech said in the report. "Its community lacks a security-first approach and attracts many users looking for a quick way to earn money. That's why we continue to see the biggest number of exploits and rug pulls in this ecosystem."
Black hat hackers 'have kept pace'
A total of around $440 million were stolen in Q1 2023 but luckily 40.5% of that was recovered through two specific instances Euler Finance and SperaxUSD.
This figure is likely higher now that the Euler attacker has officially returned all funds as of April 3.
13 Biggest DeFi Hacks and Heists
Decentralized finance (DeFi) refers to blockchain applications that cut out middlemen from financial products and services like loans, savings, and swaps. While DeFi comes with high rewards, it also carries plenty of risks. Since just about anyone can spin up a DeFi protocol and write some smart contracts, flaws in the code are common. And in DeFi, there are many unscrupulous actors ready and able to exploit those flaws. When that happens, millions of dollars are put on the line, often with no...
Hacks were the predominant cause of losses at 95.7%, in comparison to fraud, scams, and rug pulls which amount to only 4.3%.
"Projects have increased their security measures through audits and bug bounties in the past year, but blackhats have kept pace," a spokesperson from Immunefi told Decrypt via email. "They’ve been educating themselves on industry practices and improving their skills, and it’s showing in this spike in the number of successful hacks and rug pulls."
If black hat hackers are developing alongside the general crypto industry then surely the number of incidents shouldn't be increasing.
The question then arises: how are blackhats winning the war?
"In a bear market, blackhats are able to take advantage of projects that start deprioritizing security in favor of other budget items," the spokesperson said. "Blackhats only have to be right once in their attack, whereas developers have to be right in every step of the development process to make sure there isn’t a single hole. It’s a tough job, and almost an unfair fight."
