Before a new year of crypto news headlines, companies are taking the first days of 2023 to reflect. 2022 has been the hardest year for the industry since its boom in popularity brought millions of new retail and institutional investors into the fold. The spectacular gains and billions in venture capital flowing into the market through 2021 were contrasted by hacks, scams and meltdowns, all inflicting severe pain atop a bear market correction. Blockchain security company CertiK has released its year-in-review for 2022, and the details show just how detrimental the year has been to the industry.
The report opens with a stark figure. Over $3.7 billion was drained from crypto projects throughout 2022. For reference, 2021 set a record for its $1.3 billion in assets stolen. The near-tripling of assets lost is a startling thing to reckon with, especially as more people than ever gain exposure to crypto and put their own money on the line for the chance of returns.
Perhaps more startling is how bad actors are stealing these assets. In 2021, the most popular methods of crypto theft came via deceiving investors themselves. Rug pulls, or exit scams, had been a favorite for stealing assets, luring in investors with the promise of big gains and simply vanishing with the money.
However, in 2022, these hackers developed more sophisticated methods. Rug pulls have fallen to the wayside in favor of attacking the Web 3.0 protocols directly. As CertiK reports, nearly one-third of all the crypto stolen in 2022 came from nine bridge exploits. Indeed, hackers are taking advantage of the technical weaknesses of blockchain bridges to take massive amounts of assets at once. Two of the most prominent bridge exploits — Harmony’s (ONE-USD) and Wormhole, netted hackers a total of $421 million.
Crypto News: As Hackers Become Sophisticated, Companies Must Act
Sure, CertiK’s crypto news is painting a dim picture of the crypto industry. But, as the company reminds investors, it doesn’t need to be this way.
With rug-pull scams, investors have the responsibility of due diligence. One must check to see if a project is audited before investing. They must look for other green flags, like a transparent development team rather than an anonymous one. Through this diligence, one can mostly avoid these scams.
However, flash loan exploits and bridge hacks are an entirely different beast. These types of thefts are not the fault of the investor but the security flaws of the project itself. A hacker must only find the slightest vulnerability to exploit, and it may allow access to hundreds of millions of dollars. In the case of the Ronin (RON-USD) hack, the criminals needed only to find a vulnerability in the vanity address to drain $625 million from the project.
This reality reinforces CertiK’s call to developers to undergo thorough reviews of their networks. “Security is a choice, and it’s one we all need to make to bring the benefits of [Web 3.0] to the widest user base possible,” the company says in its report. “There’s no fairness or freedom when your assets can be stolen overnight, which is why meaningful security is such a critical consideration.”
As a security company itself, CertiK performs auditing services for crypto projects. The firm combs through code for weaknesses that would otherwise open the gates for hacks. While CertiK and other auditing firms don’t actually fix the issues they find, these service providers typically provide advice regarding fixes.
Centralized Companies Take Unwanted Spotlight After Year of Meltdowns
The report, while focusing largely on hacks and scams, hones in on another problem that has been increasingly obvious in crypto. Centralized crypto companies are becoming a greater problem for end users than ever before.
Decentralized trading platforms have, to both their benefit and detriment, no central authority making decisions. Smart contracts are the end-all, be-all of these projects, processing trades with computer precision and nothing more. CertiK makes the pratfalls of security holes obvious time and again. But, non-reliance on humans is making DeFi all the more desirable amid a massive collapse of centralized companies.
Centralized companies can do a lot of things for their clients. They hold assets in custody, and investors can enter their funds into tools that invest the assets for them. In effect, one can use centralized products to generate gains for them, rather than using complicated and demanding DeFi tools.
Many new retail crypto investors prefer to use centralized tools like Binance (BNB-USD) for their ease of use. Yet 2022 has exposed these companies for being dangerous in a completely different way from DeFi platforms. The FTX collapse is the most recent and prominent example. While users thought their funds were in safe custody, FTX executives were breaching their own terms of service by investing those funds elsewhere.
On the surface, the company had been doing exceptionally well. It began 2022 with a popular Super Bowl ad, inked many sponsorship deals and conducted multiple major bailouts. But, as CertiK founder Ronghui Gu tells InvestorPlace, “flashy marketing and sponsorship deals can hide major problems behind the scenes. FTX did not give users any insight into what their deposits were being used for. Clients simply had to trust the firm to do the right thing.”
Can Investors Trust Centralized Exchanges? CertiK Founder Cautions Investors.
FTX isn’t the only company to flame out in such spectacular fashion in 2022. As CertiK’s report reminds investors, the year was chock-full of centralized crypto news stories, many of which were not good. The Celsius collapse, for example. Or, the Voyager Digital and Three Arrows Capital bankruptcies. Time and again centralized companies were caught up in fund mismanagement and the sudden crypto winter.
With all of this in mind, investors now see two sides of the same coin. DeFi platforms offer high performance and zero opportunity for corruption. But, hackers can easily manipulate or exploit them if they contain weaknesses. CeFi platforms provide the lowest barrier to entry in the space and the most ease of use. Yet, executives behind the scenes have proven to operate against their clients’ best interests.
DeFi holds a slight advantage in that security companies can audit bad code, but one can’t audit an executive’s trustworthiness. “Using a centralized exchange that publishes no proof of reserves is reliant on faith,” Gu says. “That’s not to say there’s no time or place when it might be the right choice, but users should be aware of the risks they’re taking with such platforms.”
This begs the question: Is 2023 the year for massive departure from CeFi companies? Maybe not, but Gu says investors must demand better from them. “[Users wronged by FTX] will vote with their wallets and demand that centralized organizations live up to the standards that make blockchain technology special,” he says.
CertiK closes its report with a round-up on crypto regulation in 2022. The U.S. has made some preliminary moves. Unfortunately, though, there’s nothing in the works pushing for CeFi transparency. Nor are there any requirements for DeFi project audits on the horizon. While these laws would certainly help bring order to the beleaguered space, Gu doesn’t expect investors to slow down on Web 3.0 adoption while they wait. With that in mind, the blockchain security executive says “crypto platforms should take it upon themselves to set the bar high by adopting secure and transparent operating procedures.”
On the date of publication, Brenden Rearick did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.