The second quarter of 2022 was one for the books amid a tumultuous period of what I like to call market madness, and the evidence keeps stacking up for the crypto markets. Q2 was full of massive crypto “losses” across the web3 ecosystem, some 97% of which were the result of hacks, according to a new report.
Immunefi’s Crypto Losses in Q2 2022 report identified $670,698,280 worth of losses in Q2, up 52% from $440,021,559 in the same period for 2021.
Most of those losses were contained to just four hacks: Decentralized stablecoin protocol Beanstalk lost $182 million; layer-1 blockchain bridging protocol Harmony Horizon lost $100 million; and decentralized finance (DeFi) protocols Mirror and TribeDAO lost $90 million and $80.34 million, respectively.
“With every disruptive technology, there is a process of iteration, and building out a bigger and better DeFi platform is based currently more on speed than security.” Flux co-founder Daniel Keller
While $670 million is a whopping number, total crypto losses declined 45.5% from about $1.23 billion in the first quarter of 2022, according to a previous report by Immunefi.
However, it’s worth noting that the spike in the first quarter is a bit lopsided due to the largest DeFi hack to date – a sizable $625 million hack on the Ronin Network in March. Without that hack, the first-quarter losses would have been more in line with the second quarter.
But as we enter the third quarter of the year, some market players think hacks are a trend that will continue regardless of current market conditions.
“The DeFi ecosystem has remained a huge target for hackers,” Michael Shaulov, Fireblocks co-founder and CEO, said to TechCrunch.
In 2018, when crypto trading volumes were hitting all-time highs as new money entered the market, smart contracts enabled the development of liquidity protocols that would power decentralized exchanges (DEXs), Shaulov noted.
“Thousands of ERC-20 tokens were getting ready to be publicly traded, making for a record year of hacks that stole hundreds of millions of dollars from exchanges,” Shaulov said, referencing the tokens used for creating contracts on the Ethereum blockchain. “With DeFi hitting [all-time-highs] of over $250 billion in December 2021, naturally, hackers’ attention turned to DeFi protocols.”
There’s no reason for hacks to diminish, David Carvalho, CEO of Naoris Protocol, said to TechCrunch. “The only reason that it can diminish in the short term is because of a certain level of market depression.”
“We would love to say there is ‘no risk’ in disruptive technologies, but that would be false,” Daniel Keller, co-founder of Flux, said to TechCrunch. “With the adoption bell curve increasing, I expect the total amount will grow as more users are partaking in the platforms; however, as platforms continue to grow, develop and become more mature, the impacts will be less and less.”
At the moment, there is less money available to steal, but as more smart contracts are created, hacks are likely to increase, Carvalho said, adding that as more blockchains exist and interact with each other, through oracles and bridges and third parties, the higher the likelihood of vulnerabilities in the code or with the infrastructure that is supporting whole web3 environments.
“As the decentralized economy continues to grow and expand into new verticals, like gaming and entertainment, cybersecurity will become increasingly top of mind as the volume of user funds interacting with the technology will only increase exponentially from here on out,” Shaulov said. “Where the money’s headed, the hackers will follow, so we can anticipate more hacks as the DeFi industry continues to grow at rapid speed.”
And with speed, there are often mistakes made as people rush to production.
“With every disruptive technology, there is a process of iteration, and building out a bigger and better DeFi platform is based currently more on speed than security,” Keller said. “Security is often an afterthought, but as these hacks and exploits showcase, we are very early to the DeFi ecosystem’s maturity process.”
In order to protect users and protocols from hacks, developers must maintain strict control of digital asset operations both internally and across third-party providers to make funds more secure and resilient against hacks, Shaulov said.