We’re a little over three months deep into 2022, and with each month it seems the scale of crypto exploits grows as the sector continues to expand.
Just last week, play-to-earn Axie Infinity’s Ronin Network announced it was exploited for about $625 million, making it the largest decentralized finance (DeFi) hack to date.
While that was the biggest hack in history, a number of massive multimillion-dollar exploits also transpired in 2022. As people and capital flood into crypto, losses are becoming larger, Adrian Hetman, a DeFi expert at web3 bug bounty and security services platform Immunefi, told TechCrunch.
This year’s hacking history
Wormhole, one of the biggest cryptocurrency platforms that offers bridges to Solana and other blockchains, was hacked for about $320 million, or 120,000 ether, on February 2. A week prior to the Wormhole hack, DeFi protocol Qubit Finance was hit by hackers who stole 206,809 Binance Coin from Qubit’s QBridge protocol, worth about $80 million at the time.
“The Wormhole and Ronin hack, both massive in nature, represent serious vulnerabilities or failures in the crypto ecosystem,” Anthony Georgiades, co-founder of NFT and web3 blockchain provider Pastel and general partner at Innovating Capital, told TechCrunch.
There has been a “loss” of about $1.23 billion across the web3 ecosystem in the first quarter of 2022, according to a report by Immunefi. That number accounts for any funds lost due to hacks and fraudulent events, Hetman said.
That total is up 695% from the year-ago quarter’s losses of $154.6 million, the data showed.
As of April 4, there is about $230 billion in total value locked (TVL) across a number of DeFi protocols. That TVL is 170% higher than the year-ago date of $84.91 billion, according to data from DefiLlama.
“So given this number, and the fact that a single mistake in code could mean hackers get immediate access to hundreds of millions of dollars, it makes sense that blackhats are interested in getting a slice of that pie,” Hetman said.
Aside from the rise of adoption, DeFi is still relatively new and developers are still learning how to write safe and secure codes, Hetman noted.
“Many users are still not well educated on how to safely interact with different projects — or even which projects they should interact with,” Hetman said. Additionally, many developers are still “copying and pasting code from other projects,” so a vulnerability present in one project’s code can oftentimes be spread to many other projects.
A matter of trust
Although hacks and exploits lead to financial and asset losses, they also cause unease in the overall ecosystem, Georgiades said. Hacks and exploits can result in the loss of user, consumer and institutional confidence and trust, which in turn can hamper user growth and discourage new entrants into the market, Georgiades added.