Crypto acceptance on a world-wide scale is an uphill battle of Sisyphean proportions. It’s difficult to sell investors on the “next big thing” if that thing is both intangible and nascent. With that in mind, getting investors on board with Web 3.0 seems like it will take years. But before this can even be addressed, there’s another issue at hand: the scarily high prevalence of crypto hacks and scams fueling the Web 3.0 Bogeyman.
Indeed, it will be nearly impossible to sell new people on this potentially world-changing technology if the trailblazers are constantly under siege. Nearly every week, there’s news of some hack or scam. This week, it’s Crema Finance; the DeFi platform lost almost $9 million through a bug in the protocol’s code. Last month, non-fungible token (NFT) collection Bored Ape Yacht Club was rocked by its third hack of the year. A crook was able to assume the identity of a community leader and scam holders out of their tokens.
Without addressing this issue, Web 3.0 loyalists are shooting their beloved project in the foot. The way many blockchain critics see it, the movement won’t grow further without more users — regardless of the amount of funding flowing into the space. Of course, the key to doing this is in improving existing products and innovating new ones. It also means patching the many security holes in what skeptics are blasting as a sinking ship.
But, just how bad is the blockchain security issue that plagues Web 3.0? As blockchain cybersecurity outfit CertiK reports, it’s only getting worse.
CertiK Releases Quarterly Web 3.0 Security Report
CertiK is one of the biggest names in blockchain security. It exists for the purpose of making the space as safe as it can. While blockchain code can’t be edited after it is executed, the company offers a pre-launch auditing service to help projects limit the amount of bugs. It also combs the existing Web 3.0 landscape for nefarious projects seeking to defraud investors.
This is all to say that CertiK is highly involved with the Web 3.0 community from an objective standpoint. It shows exactly what is going on without sugarcoating anything. It’s a refreshing outlook in a space that typically only arouses very binary attitudes — most are either all-in or complete naysayers.
So as CertiK releases its quarterly Web 3.0 security report today, investors are getting a no-frills evaluation of the landscape. As one might expect, crypto hacks and scams are a major pain point for the adolescent internet revolution. Unfortunately, it seems to be only getting worse.
Crypto Hacks and Scams Ran Rampant in 2022
The company’s eight-page Q2 evaluation sure paints a bleak picture of the blockchain landscape right now. As it points out, this is the biggest year of funds lost to crypto hacks and fraud by far.
In Q2 alone, Web 3.0 platforms have seen over $870 million in assets stolen through hacks and scams. This makes for a slight downtrend from Q1. However, there’s no reason to celebrate; with over $2 billion in crypto stolen this year, we are seeing far more assets stolen than in 2021, and we still have two quarters to go. CertiK forecasts a 223% increase year over year in funds lost to cybercrime.
Two of the most popular methods of stealing cryptocurrency, according to the report, are phishing scams and flash loan attacks. The first of these is a type of cybercrime which doesn’t even require technical prowess. By simply posing as somebody else or promising gains to unsuspecting victims, criminals can get targets to turn over their data and assets with little work. Some attacks can be more sophisticated, such as when a criminal hacked a Bored Ape community leader’s Discord account to steal $360,000.
Flash loan attacks are another easy way to steal crypto. These occur when a user borrows massive amounts of funds on platforms which don’t require collateral. They can manipulate the price of the crypto borrowed through these transactions and then sell them elsewhere for profits. Oftentimes, these exploits can be repeated several times, and perpetrators can disappear without leaving a trace.
Saved by the Bear: Rug Pull Success Dips
One interesting data point that CertiK highlights is a decline in rug pull schemes. These are perhaps the most labor-intensive scams; they involve bad actors creating entire cryptocurrencies and drumming up hype before selling off worthless tokens and leaving. They rely on finding a pool of victims to buy up tokens and pump the value.
Last year, these scams were immensely popular; they accounted for $2.8 billion in stolen assets throughout 2021. This year, they have only netted criminals $37 million. The firm chalks this decline up to the massive difference in investor attitude between 2021 and 2022. Last year, the global market capitalization of cryptocurrency topped $2.9 trillion. Nearly every project that cropped up was having money thrown at it by rabid speculative investors. However, throughout 2022, the market has shaved off $1.2 trillion.
Investors aren’t as willing to invest in new tokens with little to no utility anymore. Rather, they are buying only the top projects until the crypto winter blows over. The bear market has decimated some investors’ portfolios, but it is proving helpful in protecting them from rug pull scams.
Is There Any Hope for Securing Web 3.0?
The report isn’t entirely doom and gloom for the industry. CertiK provides several pieces of advice for securing projects and cutting down on these attacks for the betterment of Web 3.0 development.
Most importantly, developers must be held responsible for securing their own projects and ensuring holes don’t exist for exploitation. Plenty of auditing firms exist, from CertiK itself to companies like ConsenSys and Slowmist. By simply getting a professional team to take a look at a smart contract prior to launch, developers can drastically reduce the risk they put users at.
This extends to social media accounts, too. As the report points out, social media is a common avenue through which hackers can commit crimes. By securing Discord channels, Twitter accounts and Telegram communities with two-factor authentication, projects will be able to cut down on the frequency of phishing scams.
CertiK continues to roll out more robust products to help developers secure their projects as well. For example, new know-your-customer (KYC) verification checks can help put users at ease by ensuring the legitimacy of a project’s team, cutting down on rug pull scams, and other insider manipulation.
The world of Web 3.0 is being hindered now by security threats which could be easily eliminated through due diligence. As this report shows, crime will only continue to ramp up until developers take the necessary precautions to secure their platforms and make them safer for users. Until then, Web 3.0 loyalists cannot expect skepticism to go away.
On the date of publication, Brenden Rearick did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.