37 Major Security Attacks In Q3 2022, Total Losses About $405 Million
The latest report has shown that a total of 37 major vulnerability attacks in Q3 2022 caused approximately $405 million in losses, down approximately 43.6% from $718.34 million in Q2 2022, and a decrease of 59.6% from the loss of $1,002.58 million in Q3 2021.
In Q3 2022, 37 major attacks were monitored in the Web3 space, with a total loss of approximately $405 million. There were two attacks with losses of $100 million or more, three attacks with losses of $10 million or more, and 14 attacks with losses of $1 million or more. The security incidents with losses over $100 million were Nomad Bridge ($190 million) and Wintermute ($160 million).
In terms of each month, July saw a significant decrease in attacks, making it the least loss amount from attacks since 2022. Hacker activity increased significantly in August and September. In terms of the project types, 92% of the amount lost came from cross-chain bridges and DeFi protocols. 22 of the 37 attacks occurred in DeFi space.
August 2022 was the most active month for hackers in the quarter, with losses of around $210.62 million. Total losses from attacks in July were $30.05 million, making it the lowest amount of losses in a month since 2022.
In terms of attack types, 92% of the loss amount was caused by contract vulnerability exploits and private key compromise. In terms of fund flows, about $204.2 million of the stolen funds flowed into Tornado Cash, accounting for about 50.4% of the funds stolen in the quarter. Only about 4% of the stolen funds were recovered during the quarter.
In the third quarter of 2022, three cross-chain bridge attacks resulted in a total loss of approximately $190.25 million; 22 attacks in the DeFi space resulted in a total loss of $186.79 million. Approximately 92% of the attack loss amount came from the cross-chain bridge and DeFi protocols.
As of September 2022, there were 10 major cross-chain bridge security incidents in 2022, with over $1.4 billion in losses. Cross-chain bridges were the most affected area by attacks in 2022.
In addition to cross-chain bridges and DeFi protocols, other types of projects attacked this quarter included NFTs, exchanges, DAOs, wallets, and MEV bots, making their overall types more diverse than in the previous quarter.
On August 8, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, prohibiting U.S. individuals or organizations from interacting with it. In the third quarter of 2022, approximately $204.2 million in stolen funds still flowed into Tornado Cash, representing 50.4 percent of the funds stolen in that quarter, which is lower than in the second quarter.
In the third quarter of 2022, only about 4% of the stolen funds were recovered. About $16.6 million of assets were recovered through on-chain negotiations and unsolicited returns from whitehat hackers.
Around $1.92 million of stolen assets flowed into exchanges such as Binance and FixedFloat. Such incidents generally involved a small amount of assets (usually around $10K to $100K) and the hackers transferred the stolen funds to the exchanges immediately after the attack, resulting in the projects failing to contact the exchanges in time to freeze the funds.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Foxy
CoinCu News