Immunefi, the leading bug bounty and security services platform for web3, protecting over $60 billion in user funds, published its Crypto Losses in 2022 Report. The crypto industry lost $3,948,856,037 in 2022.
The 5 major exploits of the year totaled $2,361,000,000 alone, accounting for 59.8% of all losses in 2022.
In 2022, hacks continued to be the predominant cause of losses at 95.6%, in comparison to frauds, scams, and rug pulls which comprised only 4.4% of the total losses. In total, we have seen a loss of $3,773,906,837 to hacks in 2022, in 134 specific incidents. This number represents a 58.3% increase compared to 2021, when losses caused by hacks totaled $2,384,164,452, in 102 incidents.
In 2022, DeFi continued to be the main target of successful exploits at 80.5% as compared to CeFi at 19.5% of the total losses. DeFi has suffered $3,180,023,103 in total losses in 2022, across 155 incidents. This number represents a 56.2% increase compared to 2021, when DeFi lost $2,036,015,896, in 107 incidents.
The two most targeted chains in 2022 were BNB Chain and Ethereum, representing more than half of the chain attacks in 2022, at 63.3%. BNB Chain surpassed Ethereum and became the most targeted chain in 2022, with 65 incidents, representing 36.1%, while Ethereum witnessed 49 incidents, representing 27.2%.
In total, $204,157,000 of stolen funds have been recovered across 12 specific instances. This number represents just 5.2% of the total losses in 2022.
Crypto Losses in Q4 in focus
In Q4 2022 alone, the industry lost $1,620,138,807. These numbers show an increase to Q4 2021, when hackers and fraudsters stole $739,243,793.
Most of last quarter’s amount was lost by two specific projects: FTX and BNB Chain, totaling $1,220,000,000; together, they represent 75.3% of Q4 losses alone.
In Q4 of 2022, hacks continued to be the predominant cause of losses as compared to fraud, scams, and rug pulls. Fraud accounted for only 7.4% of the total losses in Q4 2022, while hacks accounted for 92.6%.
DeFi continued to be the main target of successful exploits as compared to CeFi. DeFi accounted for 57.6% of the total losses, while CeFi accounted for 42.4% of the total losses.
The two most targeted chains in Q4 2022 were BNB Chain and Ethereum, representing more than half of the chain attacks in 2022, at 64%. BNB Chain suffered the most individual attacks with 18 incidents, representing 36% of the total attacks across targeted chains, while Ethereum witnessed 14 incidents, representing 28%.
“Looking at the losses suffered by the community in 2022 is a reminder of the importance of prioritizing security and implementing robust and consistent measures moving into 2023”, said Mitchell Amador, CEO of Immunefi. “By proactively identifying and addressing vulnerabilities, we can protect the community from harm and build trust in the field. As we make the industry safer, everything else can flourish.”
Immunefi is the largest and most widely adopted bug bounty platform in web3. Immunefi boasts a massive community of whitehat hackers who review projects’ blockchain and smart contract code, find and responsibly disclose vulnerabilities, and get paid for making crypto safer. The platform now supports 301 projects across multiple crypto sectors, and collectively offers $144 million in bounties to whitehat hackers. Immunefi has also facilitated the largest bug bounty payments in the history of software, including $10 million for a vulnerability discovered in Wormhole, a generic cross-chain messaging protocol, and $6 million for a vulnerability discovered in Aurora, a bridge and a scaling solution for Ethereum.
The full report is available on Immunefi’s website. The company has been tracking crypto losses since the beginning of 2022. Earlier reports can be found here. In addition to that, Immunefi published the Bored Ape Yacht Club Report highlighting stolen Bored Ape NFTs, and the Top Crypto Bounty and Ransom Payouts Report, detailing the most important industry bug bounty payments to date, as well as ransom payments.
Immunefi is the leading bug bounty and security services platform for web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds across projects like Synthetix, Chainlink, SushiSwap, PancakeSwap, Bancor, MakerDAO, Compound, Alchemix, Nexus Mutual, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $65 million, and has pioneered the scaling web3 bug bounties standard. For more information, please visit https://immunefi.com/.