The web3 space has lost $1.48 billion to various scams and attacks between January and May 2022, with only four incidents responsible for 81% of that number, a recent study by cybersecurity company Hacken revealed.
A total of 87 hacks, exploits, and scams were recorded from January to May. According to the study, four super hacks accounted for $1.20 billion, which equates to 81.3% of the total stolen amount.
The Ronin Network, Solana Wormhole, Beanstalk, and Qubit finance incidents are the four super hacks that account for $1.20 billion.
Qubit Finance hack took place in January 2022. The attacker exploited a vulnerability in the protocol to mind xETH without depositing any WETH. As a result, the protocol lost 206.809 BNB, which equates to $80 million.
In March, Axie Infinity’s Ronin Network hack appeared in the headlines. The attacker managed to obtain control of four Ronin Network validators and stole 173,000 ETH from the protocol. The amount made around $615 million at the time, making the Ronin hack the most costly of all four super hacks of 2022.
Finally, DeFi protocol Beanstalk’s flash loans were attacked in April. The attacker gained $80 million, while the protocol lost over $180 million.
Growth in attacks
The report starts from 2012 and examines the attacks up to May 2022. The numbers reveal that the amount lost to cyberattacks has grown exponentially, especially in the past two years.
Between 2012 and 2019, web3 lost around $700 million, with a 0.2% recovery rate of $2 million.
From January 2020 to the year-end, total losses to cyber attacks had increased to $300 million. While it is an incredible surge in one year, 18% of the funds were recovered, which made about $55 million.
Throughout 2021, the losses increased even more. From January to December 2021, a total of $2.3 billion was stolen via cyberattacks. Despite the size of the stolen amount, the recovery rate increased to 28%, equating to $652 million.
Lagging recovery rate in 2022
Another result the report pointed out was the worrying drop in the recovery rates.
Between 2012 and 2019, the recovery rates were almost nonexistent. This was partly due to the low awareness of cyberattacks and insufficient expertise in the field.
The recovery rates increased to about 20% in 2020 as the cybersecurity experts grew their knowledge of blockchain technology. However, they could not keep up with the same performance in 2022.
The report pointed out that only 4.5% of the total $1.478 billion loss was recovered, which equates to $68 million. The report states:
“In 2022, Web 3.0 projects lost more funds to hacks, scams, and exploits than for the whole period between 2012 and 2019. Perhaps, the most alarming is the recovery rate of just 4.5%. A far cry from the 28% of 2021, this recovery rate indicates that hacks and scams have grown in complexity.”