Web3 and the world of decentralized financial technology evolve rapidly, but security flaws and hacks come with them. The lack of security in Web3 has become a billion-dollar problem that needs to be solved.
Decentralized finance (DeFi) has taken the world by storm thanks to its boundless opportunities and applicational use cases. Instead of being just a concept, "Web3" is steadily coming to realization with continuous innovation and institutional adoption. According to DeFilLama, the Web3 industry exceeded $200 billion in total value locked (TVL, including staking) as of late 2021 - early 2022.
The total value locked is expected to grow in the coming years, and the necessity for the security of the locked funds cannot be underestimated. The Web3 space experienced hundreds of individual hack incidents across projects and applications throughout the recent growth and decline seen in the above chart. Adding to that, 130 hacks have been recorded in 2023, over two incidents every single day.
In essence, the rapid evolution of financial technology in the Web3 space has led to increased security vulnerabilities and a corresponding rise in hacking incidents. Specifically, $3.1 billion was lost from hacks of well-established projects and protocols in 2022. If we include rug pulls where a project isn't hacked but created maliciously, the number for 2022 rises to $3.6 billion!
- Bridges accounted for 50% of all funds affected by hacks.
- Smart contract exploits accounted for an astonishing 50% of all hack incidents.
There was a high percentage of smart contract exploit incidents, while the attack on bridges caused the most extensive devastation. This shows us two things. First, bridges do an important job in the crypto space enabling communication between blockchains. For this reason, they also become hugely popular, with a vast amount of funds locked up. It is critical that bridges are secured with the most up-to-date technology. Most bridges in 2022 were not, and that is why bridges accounted for 50% of the funds lost.
Second, exploits in smart contracts accounted for 50% of all hacking incidents. This shows that the prevention of hacks should be focused on smart contract vulnerabilities and how to prevent them.
Smart contracts: The primary factor in Web3 hacks
Auditing is a widely used practice in the web3 space to eliminate bugs, but despite its prevalence, smart contract vulnerabilities remain the primary source of exploitation. Smart contracts are often complex and open to interpretation, making them vulnerable to exploitation. Hackers can exploit these vulnerabilities by finding and exploiting errors in the code, leading to the loss of funds or unauthorized access to sensitive information.
The above photo shows the percentage of hacks by the incidents accounted for by Cyvers in 2022. Smart contracts function as self-executing contracts with the terms of the agreement written directly as code; they are often used on blockchain networks and can be hacked in various ways. Some common methods include exploiting vulnerabilities in the contract’s code or the logic of the contract. It can also include manipulating the input data used by the contract and using deception to trick users or other smart contracts into interacting with a malicious contract.
Smart contract auditing VS real-time monitoring
One notable statistic about smart contract auditing in 2022 shows us that roughly the same number of audited protocols got hacked as non-audited. It could indicate that audits alone are not enough to prevent hacks. This does not mean that smart contract audits do not work, but that they alone are not enough as a security measure to prevent hacks. At Cyvers, we believe that proactive security measures should be implemented by all Web3 dApps, primarily real-time smart contract monitoring.
The average Web3-based attack usually takes more than one hour to complete, yet 98% of all hacked protocol operators do not respond within the first hour. This highlights the importance of having a solution for monitoring smart contracts that can add safety, give out alerts and ensure that preventative measures can be taken before the exploit occurs.
The lack of adequate security solutions and safety in Web3 is why the Cyvers founders,
The Cyvers Web3 Security Report
Our recently released and comprehensive report is more than suitable for anyone who wants to stay ahead of the curve in Web3 security. In the report, you will find all the information above and more that keeps you fully updated with everything Web3 security. We analyzed the major events, types of threats, and best practices for protecting assets in the DeFi space. The report documents 61 of the most significant hacks in Web3 and provides industry participants with practical guidance for minimizing risk and protecting assets.
Some of the most important points mentioned in the report:
-
Total hacked in DeFi applications reached over $3.1 billion.
-
98% of projects and applications do not respond within the first hour of an attack.
-
Many victims got hacked due to smart contract vulnerabilities but also had their smart contracts audited before, sometimes even more than once.
-
Real-time monitoring of smart contracts by Cyvers is needed, demonstrated to provide better security.
-
Hackers are also targeting individuals through scam tokens. (In the report, you find tips to protect yourself against this).
-
2022 saw a lot of innovation and continued adoption by big brands such as Starbucks, Reddit, and Nike.
-
Frequent and multiple smart contract audits are necessary, not just one. However, audits alone are not enough to prevent hacks.
It is important to adopt proactive monitoring of smart contracts and other related on-chain activities to help detect and prevent any potential exploits in real-time. We believe that Real-time analysis is the key to preventing hacks and will become a security standard, indicated by institutions like the FBI. Finally, Web3 protocols should adopt best practices in internal security procedures to further enhance the security of their decentralized applications. All of this, and much more, is mentioned in the Cyvers Web3 Security report.
The impact of security incidents in the Web3 space cannot be overstated. They have the potential to tarnish its reputation and hinder its growth. Billions of dollars are at stake, and the number will only increase. Therefore, the industry must take proactive measures to prevent these attacks and protect all participants!
Conclusion
The Web3 space has seen significant growth and adoption in recent years, but with this growth comes increased security vulnerabilities. As the Web3 space continues to evolve, it is important to have a trusted partner like Cyvers to ensure the safety and security of your assets. Cyvers has developed a comprehensive platform to address those needs, providing real-time detection and proactive protection for the Web3 space. Learn about Cyvers.
Check out the
Alternatively, take a dive into our thread about Web3 Security. 👇
https://twitter.com/Cyvers_/status/1630509488766873600?s=20&embedable=true