Half of Crypto Lost in 2022 was Due to Web2-based Security Flaws

Infrastructure weaknesses like leaked private keys were the leading cause of crypto lost from exploits in 2022, accounting for 46.48% of losses.
Cryptographic issues caused the second greatest amount of crypto losses in 2022 at 20.58%, though weak access control and input validation caused the most incidents.
Despite the rise of Web3, neglecting traditional Web2 security practices like infrastructure and cryptography can still enable costly exploits even with well-designed smart contracts.

A new report from blockchain security platform Immunefi suggests that nearly half of all crypto lost from Web3 exploits is due to traditional Web2 security issues. The report provides insight into the different categories of vulnerabilities behind crypto exploits.

Immunefi’s Categorization of Web3 Vulnerabilities

Immunefi broke down crypto exploits into three broad categories:

Smart Contract Design Flaws

Some attacks occur because the smart contract code contains design flaws. Immunefi cited the BNB Chain bridge hack as an example of this vulnerability.

Smart Contract Implementation Bugs

Even well-designed smart contracts can contain bugs in the implementation code that lead to exploits. Immunefi cited the Qbit hack as an example.

Infrastructure Weaknesses

This refers to issues with the IT infrastructure like private keys, virtual machines, etc. that smart contracts run on. The Ronin bridge hack that involved compromised validator nodes was an example.

🚨 NEWS: ~50% of crypto lost in 2022 exploits stem from Web2 security flaws, says Immunefi report.

Infrastructure weaknesses like leaked private keys and computer system vulnerabilities are the main culprits. pic.twitter.com/YEIZdfQtsy
— BlockNews.com (@blocknewsdotcom) November 16, 2023

Infrastructure Weaknesses: The Leading Cause

Infrastructure weaknesses accounted for 46.48% of crypto lost from exploits in 2022, making it the leading cause. These can stem from leaked private keys, weak encryption, DNS hijacking, hot wallet compromises, and more.

Other Key Vulnerability Types

While infrastructure weaknesses were the top cause of losses, cryptographic issues caused the second greatest amount of losses at 20.58% in 2022. Weak or missing access control and input validation was the top vulnerability type by number of incidents.

Conclusion

The report highlights that despite the growth of Web3, traditional Web2 security practices remain highly relevant. Neglecting these can lead to costly exploits even if smart contracts are well-designed. As the space matures, shoring up infrastructure and cryptographic weaknesses will be key.