In early January, a major study “Global Web3 Security Report 2022 & Crypto Regulatory Compliance Research" was published. It was jointly created by the companies Beosin, Buidler DAO, Legal DAO and Footprint Analytics. The study consisted of an overview of the ten largest security incidents of 2022 in Web3, global statistics on crypto crimes and regulatory policies of different countries in relation to crypto. Also, this document contains instructions that will help protect yourself in Web3 and the authors' forecasts for 2023.
According to the study, in 2022 there were more than 167 major attacks in Web3. The total losses from attacks of all types were about $3.6 billion, which is 47.4% higher than in 2021 (approximately $2.44 billion). Most of the losses were caused by attacks on cross-chain bridges – 12 incidents with losses totalling $1.89 billion. And most other attacks (113) were directed at the DeFi sector.
If we take into account all crimes related to crypto, including pyramid schemes, scams, money laundering, attacks/exploits and others (without financial crimes), the losses for 2022 amount to more than $13.7 billion.
The report linked the decrease of global TVL in 2022 to these events. As we can see from the graph below, the events such as Beanstalk, Luna Crash, Harmony, Nomad, Tornado Cash Sanction, The Merge, Wintermute, BNB Chain, Mango Markets, FTX collapse were all followed by withdrawal of capital from the crypto markets.
Furthermore, the study presents a list of the ten largest security incidents for 2022. We have summarised this list, highlighting data about the type of attack and the amount of losses incurred:
- Ronin Network (Loss: $624 Million; Attack Type: Social engineering)
- BSC Token Hub (BNB Chain) (Loss: $560 Million; Attack Type: Blockchain vulnerability)
- FTX hack (Loss: $440 Million; Attack Type: Suspected rugpull)
- Wormhole (Loss: $326 Million; Attack Type: Contract vulnerability - validation issue)
- Nomad bridge (Loss: $190 Million; Attack Type: Contract vulnerability - validation issue)
- Beanstalk (Loss: $182 Million; Attack Type: Flashloan)
- Wintermute (Loss: $160 Million; Attack Type: Private key compromise)
- Mango markets (Loss: $116 Million; Attack Type: Price manipulation)
- Elrond (Loss: $113 Million; Attack Type: VM issue)
- Harmony (Loss: $100 Million; Attack Type: Private key compromise)
As for the chains that were victims of the attacks, number one for losses went to the Ethereum blockchain with losses mounting to more than $2.01 billion and 59 incidents. The second place was taken by the BNB Chain, which lost about $0.8 billion, but was ahead in the number of incidents – 72. The third place was held by the Solana blockchain with losses of about $0.51 billion and 7 incidents.
In 2022, according to the study, 243 rug pulls were carried out. The total amount of damage to the industry from rug pulls was about $425 million (excluding $440 million FTX incident)
As for the regulation of cryptocurrencies, in 2022, countries like the United States, EU member countries, Hong Kong SAR, Singapore, Japan, South Korea, Malaysia and the United Arab Emirates actively participated in this legislative sphere. The authors of the study note that in 2023 the main trend in regulatory policy will be “systematization".
“In 2022, crypto 'bombshells' exploded frequently, accompanied by a dramatic market downturn that caused severe turmoil in the industry. 2023 will certainly see a response from global regulators. A number of regulatory trends are already emerging in 2022. In our view, one of the overarching themes of global crypto regulatory developments in 2023 is likely to be the "systematisation of the regulatory framework". A large number of jurisdictions with rapidly growing crypto industries (e.g. the US, UK, Canada, etc.) have not yet developed a systematic regulatory framework. In these jurisdictions, there have been a large number of regulations issued by various regulatory or enforcement bodies, but the fragmentation has left many of the underlying legal concepts poorly answered and has made practice difficult. The good news is that we are seeing a clear trend towards 'systematisation' in 2022.”
The authors of the study also talked about what can be expected in the security sector in 2023. They wrote that the global regulatory system will develop, the entire infrastructure will be strengthened, stolen funds will be returned more often, more attacks will be blocked before they begin, and users will be more aware of basic security rules.
In conclusion, we recommend you familiarize yourself with the third chapter of this study, which describes security guidelines for Web3 users. And we continue to observe.