Web3 Projects Have Lost More Than $2 Billion To Hacks This Year (theverge.com) 19
In the first six months of 2022, Web3 projects have lost more than $2 billion to hacks and exploits -- more than all of 2021 combined. The Verge reports: That's according to research from blockchain auditing and security company CertiK, which on Thursday released its quarterly Web3 security report covering Q2 of this year. The report paints a sobering picture of a cryptocurrency space still plagued by hacks, scams, and phishing schemes while also facing relatively new threats like flash loan attacks. CertiK puts particular focus on this last category of threat, which has been created by the invention of flash loans: a decentralized finance mechanism that lets borrowers access extremely large amounts of cryptocurrency for very short periods of time. If used maliciously, flash loans can be used to manipulate the value of a certain token on exchanges or buy up all of the governance tokens in a project and vote to withdraw all of the funds, as happened to Beanstalk in April.
In total, CertiK's report claims that a total of $308 million was lost across 27 flash loan attacks in Q2 2022 -- an enormous increase compared to just $14 million lost to flash loans in Q1. Phishing attacks also increased in frequency between Q1 and Q2 of this year, with CertiK recording 290 in the most recent quarter compared with 106 in the first three months of the year. Discord was the vector for the vast majority of phishing attempts, a signal of its continuing popularity as the social network of choice for the cryptocurrency and NFT scene, despite ongoing security concerns. CertiK also found that so-called "rug pulls" -- where the founders of a project halt development and abscond with the funds -- were down 16.5 percent from the previous quarter.
In total, CertiK's report claims that a total of $308 million was lost across 27 flash loan attacks in Q2 2022 -- an enormous increase compared to just $14 million lost to flash loans in Q1. Phishing attacks also increased in frequency between Q1 and Q2 of this year, with CertiK recording 290 in the most recent quarter compared with 106 in the first three months of the year. Discord was the vector for the vast majority of phishing attempts, a signal of its continuing popularity as the social network of choice for the cryptocurrency and NFT scene, despite ongoing security concerns. CertiK also found that so-called "rug pulls" -- where the founders of a project halt development and abscond with the funds -- were down 16.5 percent from the previous quarter.
Scams as a sign of life (Score:3)
Re: (Score:2, Troll)
That sounds a bit ass-backwards. Although if I drink enough I can seem me being unsure whether this may actually have some validity. But then I would probably remember that scammers primarily go for easy victims, you know, low effort and low risk as long as the pay-off is reasonable. Also, scammers are not very flexible, because any change in mode is risky to them. Hence they will continue to beat a dead horse for quite a while.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Also in the news, smashing windows is good for the economy.
Re: (Score:2)
My favorite Web3 reporting website (Score:5, Insightful)
For all my Web3 reporting needs, I just go to web3isgoinggreat.com [web3isgoinggreat.com].
I find its cynical views resonate strongly with me. Particularly its tagline: "[Web3 is going just great]...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet."
Re: (Score:2)
I prefer my smoldering to be limited to watching Dwayne "The Rock" Johnson.
Wrong career choice (Score:2)
Will not fix (Score:1)
Ha ha ha! =D (Score:2)
Good. (Score:2)
Web3 is a non-starter due to electricity usage and should never have been suggested.
web3 = DOA (Score:3)
I guess it's impossible now to put this glittered turd back in its box.
The entire concept was flawed from the outset, a goal to "sock it to big tech" and decentralise the internet.
It was doomed the moment speculation on "assets" entered the equation, hell, it was doomed even before that.
Even if it could somehow succeed, it's not going to be decentralised - it will simply be in the hands of those with the deepest pockets and best organisation. Where there's money to be made, it tends to get filtered down to the biggest players.
So, if we look at the concept of PoS and running nodes - guess what, nodes that handle the largest volume of traffic, will be whittled down to a handful of the biggest players. If you are going to "speculate" and put your "tokens" into a pool, you are going to choose the biggest one with the most traffic.
And where are these nodes going to be hosted? - are the people that run the nodes going to create their own data centres? - racks of servers?
Or will we see the wonderful irony of the biggest nodes being hosted on AWS or Azure cloud?
It's like someone drank a whole lot of coolaid when coming up with these hair brained schemes.
About the best analogy I can think of, is deciding to build your own roads, because you are sick of the "big guys" having all the control over the roads and so you start an idea of a "decentralised road network", where anyone can build their own road.
But you haven't built any yet, except maybe a mile or two of road that goes from nowhere to nowhere - a useless road.
That doesn't stop people buying in and speculating in a frenzy, most not actually giving a damn except to make money.
We already have the ability to build a decentralised internet without any of this cryptocurrency bullshit, it's just that it is massively impractical.
The evolution of Web (Score:4, Insightful)
Web1: You make the content and you will profit.
Web2: You make the content, we make the profit.
Web3: ??? and somehow we profit.
I predict Web4 will be something along the lines of "Screw all of this, but gimme profit!"
Re: (Score:2)
"Web 1.0" was html rendered on the server.
"Web 2.0" was "AJAX" and single page applications.
"Web 3.0" was just a scam from crypto-bro's trying to seem legit
Article title needs updating (Score:2)
Actual title should be "Online scams have lost more than $2B to other online scams this year".
"Flash loans", in particular, are designed for market manipulation - by having huge short-term leverage that a few insiders use to set up some situation that they can profit from. They have no other use. The scammers, who built a market they could manipulate and tricked fools into giving them money, got scammed by smarter scammers who manipulated the market faster.
No sympathy here.
Maybe (Score:2)
We should skip to web 4.0