Understanding the Major Causes of Web3 Crypto Losses
A recent report from blockchain security platform Immunefi revealed that nearly 50% of all crypto lost from Web3 exploits is attributed to security issues originating from Web2, such as leaked private keys. Released on November 15, the report analyzed the history of crypto exploits in 2022 and categorized them into different types of vulnerabilities. It was concluded that 46.48% of the crypto lost from exploits in 2022 resulted from “infrastructure weaknesses” or issues with the developing firm’s computer systems.
When looking at the number of incidents rather than the value of crypto lost, Web2 vulnerabilities accounted for 26.56% of the total, making it the second-largest category. The report excluded exit scams, frauds, and market manipulations, focusing solely on attacks resulting from security vulnerabilities.
The attacks were further categorized into three broad groups. First, some attacks occurred due to design flaws in smart contracts, while others happened because of flawed code implementation despite a well-designed smart contract. The third category included “infrastructure weaknesses,” such as IT-infrastructure vulnerabilities and private key leaks.
Identifying Vulnerabilities
Immunefi delved deeper into these categories, highlighting that infrastructure weaknesses were often caused by employee errors like leaking private keys or using weak encryption methods. Cryptographic issues like Merkle tree errors and predictable random number generation were also significant contributors to losses in 2022.
Additionally, weak or missing access control and input validation accounted for a large number of incidents but contributed less to the overall value of losses compared to other categories.
Hot Take: Securing Web3 Infrastructure Is Critical for Mitigating Losses
As seen from the report’s findings, securing Web3 infrastructure is crucial for preventing substantial crypto losses due to vulnerabilities originating from Web2. The prevalence of leaked private keys, weak encryption methods, and employee errors underscores the need for robust security measures to protect against infrastructure weaknesses and cryptographic issues. By addressing these vulnerabilities, individuals and organizations can help mitigate potential losses and enhance overall security within the Web3 ecosystem.
By
By
By
By
