we are a little more than three months deep into 2022, and with each month it seems that the scale of crypto exploits is growing as the industry continues to grow.
Just last week, Axie Infinity’s Play-to-Earn Ronin Network announced it was being exploited for approximately $625 million, making it the largest decentralized finance (DeFi) hack to date.
While that was the biggest hack in history, 2022 also saw some massive multimillion-dollar exploits. As people and capital flood into crypto, the losses grow, Adrian Hetman, a DeFi expert at web3 bug bounty and security services platform Immunefi, told Marketingwithanoy.
This year’s hacking history
Wormhole, one of the largest cryptocurrency platforms that provides bridges to Solana and other blockchains, was hacked on Feb. 2 for about $320 million or 120,000 ether. A week before the Wormhole hack, DeFi protocol Qubit Finance was hit by hackers who used 206,809 Binance Coin of Qubit’s QBridge protocol, worth about $80 million at the time.
“The Wormhole and Ronin hack, both massive in nature, represent serious vulnerabilities or flaws in the crypto ecosystem,” Anthony Georgiades, co-founder of NFT and web3 blockchain provider Pastel and general partner at Innovating Capital, told Marketingwithanoy.
According to a report from Immunefi, there will be a “loss” of about $1.23 billion on the web3 ecosystem in the first quarter of 2022. That number accounts for any money lost due to hacks and fraudulent events, Hetman said.
That total is 695% higher than losses of $154.6 million in the year-ago quarter, the data shows.
As of April 4, there is approximately $230 billion in total value locked (TVL) across a number of DeFi protocols. That TVL is 170% higher than a year ago date of $84.91 billion, according to data from DefiLlama.
“So given this number, and the fact that a single flaw in the code could mean hackers gaining instant access to hundreds of millions of dollars, it makes sense that blackhats would be interested in a slice of that pie,” Hetman said.
Aside from the rise of adoption, DeFi is still relatively new and developers are still learning how to write secure code, Hetman noted.
“Many users are still not well educated on how to securely interact with different projects — or even which projects to interact with,” Hetman said. In addition, many developers are still “copying and pasting code from other projects”, so a vulnerability in one project’s code can often be spread to many other projects.
A matter of trust
While hacks and exploits lead to financial and asset losses, they also cause discomfort in the overall ecosystem, Georgiades said. Hacks and exploits can lead to a loss of trust and confidence from users, consumers and institutions, which in turn can stunt user growth and discourage new entrants to the market, Georgiades added.