July 18, 2022

Q2 2022 Web3 Security Report: 48 Major Exploits, $718.34M Lost | Beosin & Footprint Analytics

Total losses in Q2 reach $718.34 million, down approximately 40 percent from $1.2 billion in Q1

In the second quarter of 2022, 48 major attacks were monitored in the Web3 space, with total losses of approximately $718.34 million, down approximately 40 percent from $1.2 billion in the first quarter and approximately 2.42 times the losses in Q1 2021 ($296.56 million).

Click here to download the full Q2 web3 security report, or read the summary below.

From January to June 2022, assets lost in the Web3 space due to attacks totaled $1,912.87 million.

Key takeaways:

  • April was the most active month for hacking. May saw a significant decrease in the number of attacks and losses; hacking activity increased in June.
  • By project type, DeFi continues to have the greatest rekt frequency; approximately 79.2% of attacks occur in the DeFi domain.
  • All chains and attacked projects saw a significant decrease in TVL values in May. Most projects experienced a decrease in TVL immediately after they were attacked.
  • By chain, the greatest loss this quarter was on Ethereum, $381.35 million. The most frequently attacked chain was the BNB Chain, with 26 exploits.
  • The most common hacking techniques continue to be contract vulnerability exploitation and flash loans. Approximately 45.8% of attacks were contract exploits. The greatest losses were caused by flash loans, totaling $233 million.
  • Approximately $418.89 million in stolen funds were transferred to Tornado.cash by hackers, representing 58.3% of the total amount stolen during the quarter.
  • Only 52% of the attacked projects were audited.
  • Forty-three major rug pull incidents on the chain were monitored this quarter, with total losses of approximately $34,266,402. From incomplete statistics, Discord servers were hacked more than 151 times. Rug pull and phishing security incidents were frequent in May and June.

All charts and graphs in this report can be viewed at:

https://www.footprint.network/@Beosin/Footprint-Beosin-Q2-Report

Summary

DeFi security remained a focus of concern in Q2 2022, with approximately 79.2% of attacks occurring in the Defi space. For two consecutive quarters, DeFi has been the focus of hacker attacks. Although NFT, cross-chain bridges, and exchange security incidents are not as frequent as DeFi incidents, several incidents involved large losses. Web3 projects of all types should strengthen security.