Web3 projects have already lost billions to hackers this year

Phishing and exploits have done serious damage - but so have flash loans

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers and scammers have managed to steal more than $2 billion from Web3 projects in the first half of 2022, already more than the sum lost for the whole of 2021.

A report from CertiK found that whilevirusattacks, hacks, scams, phishing,identity theft, and other social engineering attacks, are all quite popular among threat actors, there’s a new rising threat that’s grown into quite the monster - flash loan attacks.

A flash loan is just as it sounds - a loan that people can take, and need to return, in a flash. But given the fact that people can get enormous amounts of money in flash loans, these can be abused to attack certain protocols and drain the funds.

Millions lost

Something similar happened to theBeanstalk protocolin April 2022. Entities with large amounts of the BEAN token get voting rights, allowing them to vote on important events, like fund withdrawals. With the help of a flash loan, an attacker managed to obtain large amounts of BEAN, and then use their newfound voting power to vote in favor of withdrawing almost $200 million from the protocol.

According to CertiK, the second quarter of 2022 saw 27 flash loan attacks, resulting in losses of $308 million - but just a few months earlier, “only” $14 million had been lost that way.

2FA compromise led to Crypto.com hack>HubSpot hacked, putting major crypto firms at risk>These are the best bitcoin wallets

The analysts are also saying that phishing attacks rose between the two quarters, from 106 in Q1, to 290, in Q2.

Most of the time, the attackers would try and compromiseendpointsvia Discord, as that’s one of the most popular social networking platforms for crypto and Web3 developers and enthusiasts.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Rug pulls”, a practice in which the “developers” would pull the rug on investors and disappear with their money, seem to be losing popularity. One of the reasons why rug pulls are no longer that popular is the deep bear market that’s currently being manifested.

Despite the good news, there were still more than $37 million lost that way in Q2 this year (down 16% quarter-on-quarter).

Via:The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI