We’re a little over three months deep into 2022, and with each month it seems the scale of crypto exploits grows as the sector continues to expand.
Just last week, play-to-earn Axie Infinity’s Ronin Network announced it was exploited for about $625 million, making it the largest decentralized finance (DeFi) hack to date.
While that was the biggest hack in history, a number of massive multimillion-dollar exploits also transpired in 2022. As people and capital flood into crypto, losses are becoming larger, Adrian Hetman, a DeFi expert at web3 bug bounty and security services platform Immunefi, told TechCrunch.
This year’s hacking history
Wormhole, one of the biggest cryptocurrency platforms that offers bridges to Solana and other blockchains, was hacked for about $320 million, or 120,000 ether, on February 2. A week prior to the Wormhole hack, DeFi protocol Qubit Finance was hit by hackers who stole 206,809 Binance Coin from Qubit’s QBridge protocol, worth about $80 million at the time.
“The Wormhole and Ronin hack, both massive in nature, represent serious vulnerabilities or failures in the crypto ecosystem,” Anthony Georgiades, co-founder of NFT and web3 blockchain provider Pastel and general partner at Innovating Capital, told TechCrunch.
There has been a “loss” of about $1.23 billion across the web3 ecosystem in the first quarter of 2022, according to a report by Immunefi. That number accounts for any funds lost due to hacks and fraudulent events, Hetman said.
That total is up 695% from the year-ago quarter’s losses of $154.6 million, the data showed.
As of April 4, there is about $230 billion in total value locked (TVL) across a number of DeFi protocols. That TVL is 170% higher than the year-ago date of $84.91 billion, according to data from DefiLlama.
“So given this number, and the fact that a single mistake in code could mean hackers get immediate access to hundreds of millions of dollars, it makes sense that blackhats are interested in getting a slice of that pie,” Hetman said.
Despite declines, the value of crypto assets in DeFi protocols is up 3x from a year ago
Aside from the rise of adoption, DeFi is still relatively new and developers are still learning how to write safe and secure codes, Hetman noted.
“Many users are still not well educated on how to safely interact with different projects — or even which projects they should interact with,” Hetman said. Additionally, many developers are still “copying and pasting code from other projects,” so a vulnerability present in one project’s code can oftentimes be spread to many other projects.
A matter of trust
Although hacks and exploits lead to financial and asset losses, they also cause unease in the overall ecosystem, Georgiades said. Hacks and exploits can result in the loss of user, consumer and institutional confidence and trust, which in turn can hamper user growth and discourage new entrants into the market, Georgiades added.
Since crypto transactions by nature are often irrevocable, the loss of funds is basically permanent unless the hacker is caught or another organization backs the losses, like Jump Crypto did when Wormhole was hacked.
But bailouts from investors are “far from sustainable and are the exception, not the rule, particularly as these networks reach a state, size and decentralization,” Georgiades said. “You wouldn’t be able to ‘bail out’ Ethereum or Bitcoin; it would be a permanent impairment to the network’s trust and efficacy.”
Over the next 12 months, more and more big players will enter the space, but they will make more careful decisions as to which infrastructure partners they select, Georgiades said.
“They’ll have more at stake, and be cautious about their assets,” he said. “This will serve as a model for smaller businesses migrating to or being developed in the blockchain space, who will learn to make careful considerations as well.”
Amid the loss of billions of dollars, there is a somewhat silver lining.
“The silver lining is that these hacks bring security issues to light, and point developers in the right direction to create more robust, secure tech,” Georgiades said. “Projects and blockchains will take more and more time to better secure their networks and write strong, bug-free code.”
However, as developers develop and projects grow, hackers will simultaneously get smarter and more sophisticated, Georgiades said. “It is a symbiotic relationship that will continue to persist perpetually.”
Comment