After cross-bridges (used for transferring crypto from one blockchain network to another), the second favourite target in 2022 were the decentralized finance (DeFi) platforms. Both audited and unaudited Defi services suffered almost equally, with a total of 113 out of 167 major incidents in 2022, a little over 65%. These and other findings were revealed in the Global Web3 Security Report 2022 by Beosin.

Attacks on DeFi increased by over 47% from year 2021. As per the report, these exploits are likely to continue in 2023.

In terms of cause of loss, exploiting vulnerabilities in blockchains and platforms scored the highest, with 87 attacks targeting inherent flaws and bugs.

Cross-bridge exploits (12 reported cases) led to the largest siphoning off of crypto assets, totalling around $1.89 billion. Well known among these are Ronin, BSC Token Hub, Wormhole, Nomad and Harmony. Exchanges (21 reported cases) and wallets were also hacked or attacked, with a total loss of around $600 million. The modus operandi included private keys, flaws in smart contracts and social engineering.

Rug pulling – where the crypto project is shut, disappears or funds are misused – was reported across 2022 with 243 reported incidents amounting to over $400 million. The biggest blow was the FTX case.

Which blockchains bore the brunt of these attacks? The report cites 20 public blockchains that suffered security flaws last year – the top three being Ethereum, BNB and Solana.

Where do stolen funds go, and how do hackers hide them?

Tornado Cash is a site where legal and illegal crypto gets mixed (like in a tornado), so it can’t be distinguished. The site was banned for US users in October 2022. As per the Beosin report, $1.3 billion worth of stolen crypto went into Tornado Cash in 2022. Of this, around $289 million (8%) was recovered.

The full report can be accessed here: https://beosin.com/resources/Global_Web3_Security_Report_2022_.pdf