2022 was a crazy year for hackers and scammers, as the Global Web3 Security & AML Report 2022(https://beosin.com/resources/Global_Web3_Security_Report_2022_.pdf), co-produced by Beosin(https://beosin.com/), Buidler DAO, Legal DAO and Footprint, shows that over 167 major attacks in Web3, with a total loss of $3.6 billion, an increase of 47.4% from 2021. 10 security incidents lost over $100 million and losses of 21 incidents ranged from $10 million to $100 million.
In 2022, 12 cross-chain bridge security incidents caused a total loss of $1.89 billion, the highest loss among all project types. 5 cross-chain bridge projects lost over $100 million in a single incident: Ronin( https://beosin.com/resources/beosin-is-tracing-the-flow-of-the-funds-in-the-ronin-attack )($624 million), BSC Token Hub($560 million), Wormhole($326 million), Nomad( https://beosin.com/resources/beosin-web30-classroom-cross-chain-bridge-ii–introduct )($190 million) and Harmony( https://beosin.com/resources/harmony-bridge-hacked-due-to-suspected-private-key-leak )($100 million). The attack types mainly included social engineering, private key compromise, and blockchain/contract vulnerabilities, etc.
20 blockchains have experienced major security incidents in 2022, with the top 3 by amount lost being Ethereum, BNB Chain( https://beosin.com/resources/how-did-the-bnb-chain-exploiter-pass-iavl-proof-verification ), and Solana( https://beosin.com/resources/beosin-detailed-analysis-of-solana-attack ); and the top three by number of attacks being BNB Chain, Ethereum, and Solana.
Vulnerability exploits saw the highest frequency and loss amount throughout the year. $1,458 million was lost from vulnerability exploits in 87 attacks.
$1,396 million of stolen funds were transferred to Tornado Cash( https://beosin.com/resources/how-to-quickly-track-assets-laundered-in-tornado-cash )in 2022, representing 38.7% of all funds lost in attacks. Since Tornado Cash was sanctioned by the US OFAC in August, stolen funds transferred to the mixer have fallen significantly from the first half of the year.
Global crypto crimes amounted to $13.76 billion for 2022 (excluding financial crimes), with money laundering accounting for $7.33 billion, attacks/exploits $3.6 billion, pyramid schemes $1 billion and scams $830 million.
There were 243 rug pulls throughout 2022, involving a total amount of $425 million (excluding FTX incident). Among them, a total of 8 projects rugged for more than $10 million, while 210 projects (approximately 86.4%) rugged with amounts between $1K-$1M.
In 2022, the crypto market has seen a series of black swan events represented by Three Arrows Capital, Terra LUNA and FTX, ending the year with TVL down approximately 80% from its peak at the beginning of the year.
2022 was a tough year for global Web3 security ecosystem and will place higher and more urgent demands on crypto regulatory compliance in 2023.
Read and download the full report: Global Web3 Security & AML Report 2022(https://www.beosin.com/resources/Global_Web3_Security_Report_2022_.pdf)