Immunefi’s Crypto Losses 2022 report found over $3.9 billion was “lost” last year. While that might seem like a whopping amount of capital to lose track of, it’s down 51.2% compared to 2021, when over $8 billion was stolen, the report found.
Crypto losses are defined as a combination of hacks and alleged fraud incidents, Adrian Hetman, tech lead of the triaging team at Immunefi, previously told TechCrunch. In 2022, the majority of losses, or $3.77 billion, were from hacks across 134 specific incidents. About $175 million was lost to fraud across 34 incidents in the same time frame.
Both decentralized finance (DeFi) and centralized finance (CeFi) experienced major catastrophic events, including the implosion of the Terra/LUNA ecosystem and the downfall of centralized crypto exchange FTX. But overall, DeFi was the main target for (successful) exploits at over 80%, Immunefi stated.
DeFi losses increased 56.2% from over $2 billion across 107 incidents in 2021 to $3.18 billion across 155 incidents in 2022. CeFi losses, meantime, fell 87.3% from $6 billion across nine incidents in 2021 to $768.8 million across 13 incidents in 2022.
The two most targeted blockchains last year were BNB Chain — crypto exchange Binance’s blockchain ecosystem — and the layer-1 blockchain Ethereum, with 65 and 49 incidents, respectively. Together, BNB Chain and Ethereum represented over half of the blockchain attacks at 63.3%. Trailing behind the two was Solana, with 12 incidents, or 6.7% of total attacks in 2022.
Looking back, every quarter had a handful of multimillion-dollar losses, some bigger than others. While each quarter had its losses, the fourth quarter saw the most, with $1.62 billion in total losses across 55 incidents, accounting for almost half of the total losses in the year.
But five major exploits — Ronin Bridge’s $625 million, Wormhole’s $326 million, Nomad’s $190 million, BNB Chain’s $570 million and FTX’s $650 million — accounted for about 60% of all losses in 2022.
Roughly 5%, or $204 million, of total losses were recovered in 2022.
Looking forward to 2023, it’s expected that crypto “losses” will be in the billions again as more players enter the space and capital continues to pour in. Fixing this long-term will be a product of enhanced security measures, something not all projects, blockchains, protocols and other digital asset entities have prioritized.
There are also bug bounty and security services platforms that aim to protect web3 businesses and their users — but until these are implemented across the industry as a standard, more will fall to these hacks and fraudulent activities.