Blockchain security platform Immunefi has recently released a report on the causes of crypto losses in 2022. The report highlights the significant role of Web2 security issues, such as leaked private keys, in contributing to the loss of nearly half of all crypto from Web3 exploits. This article critically analyzes the findings of the report, covering the different types of vulnerabilities and their impact on the crypto ecosystem.
Web2 Vulnerabilities: A Significant Concern
According to the report, 46.48% of the crypto lost from exploits in 2022 can be attributed to infrastructure weaknesses and issues with the developing firm’s computer systems. This statistic indicates a concerning trend in the security of Web2 systems that support the functioning of smart contracts. Despite the significant emphasis on Web3 security, it is evident that Web2 vulnerabilities still pose a substantial threat to the crypto space.
Immunefi identified three broad categories of vulnerabilities that led to crypto exploits. The first category refers to design flaws present within the smart contract itself. An example provided in the report is the BNB Chain bridge hack. This type of vulnerability highlights the importance of conducting rigorous security audits and testing during the development phase to identify and address any design flaws.
The second category involves flaws in the code implementation of an otherwise well-designed smart contract. The Qbit hack serves as an example in this context. It underscores the need for developers to pay careful attention to the quality of their code, ensuring that it aligns with the intended design of the smart contract.
The third category, referred to as “infrastructure weaknesses,” pertains to vulnerabilities within the IT infrastructure that supports smart contracts. This includes virtual machines, private keys, and more. The Ronin bridge hack is cited as an example, emphasizing the critical need for robust security measures to safeguard the infrastructure that underpins the smart contract ecosystem.
Immunefi further breaks down the category of infrastructure weaknesses into subcategories. These include employees leaking private keys, usage of weak passphrases for key vaults, issues with two-factor authentication, DNS hijacking, BGP hijacking, compromises of hot wallets, and weak encryption methods. It is evident that these vulnerabilities can have severe consequences and lead to significant losses within the crypto space.
Another noteworthy finding from the report is the impact of cryptographic issues on crypto losses. This category encompasses Merkle tree errors, signature replayability, and predictable random number generation. Although cryptographic issues accounted for only 4.62% of the losses in terms of value, they were responsible for the largest number of incidents, contributing to 30.47% of all attacks. This highlights the need for improved cryptographic practices and rigorous audits to prevent such issues from being exploited.
The report from Immunefi undoubtedly sheds light on the significant role of Web2 security issues in crypto losses. Web2 vulnerabilities accounted for a considerable portion of the total losses in 2022, emphasizing the need for enhanced security measures in this area. Developers must prioritize thorough security audits, testing, and code quality to mitigate the risks associated with design flaws and code implementation. Additionally, bolstering the security of the infrastructure supporting smart contracts and addressing cryptographic issues will play a crucial role in safeguarding the crypto ecosystem moving forward. It is essential for the crypto community to continually strive for stronger security practices to combat the ever-evolving threat landscape.