Bitcoin lost more than 60% of its value in 2022.

Image Credit: Aleksi Räisä on Unsplash.com

New technologies create new risks. Ever since cryptocurrency rose to prominence after the release of Bitcoin in 2008, cybercriminals have been looking for ways to separate users from their hard-earned money. Now as the Web3 ecosystem grows, fraud is becoming an even bigger threat. 

Today, Web3 bug bounty provider Immunefi released new research calculating that $3,948,856,037 in crypto funds was lost across the Web3 ecosystem to hacks and scams in 2022. The report also found the two most targeted blockchains last year were BNB Chain and Ethereum, with 65 and 49 unique security incidents each. 

The good news is that while crypto fraud across the space remains common, the overall losses decreased 51.2% from the 2021 total of $8,088,338,239. 

In any case, this latest research highlights that organizations interacting with the Web3 ecosystem need to implement a highly-developed security strategy to address these new threats, or they risk leaving their data exposed.  

Web3 and the risk of ‘novelty’ attacks 

The report comes as researchers anticipate the Web3 market will grow from $3.2 billion in 2021 to $81.5 billion in 2030, increasing at a compound annual growth rate of 43.7%. 

Inevitably, as the value of this market increases, more and more cybercriminals will innovate new scams and threats to try and capitalize on its popularity and steal users’ funds. This raises novel challenges, as the nature of these attacks in digital spaces will be unlike those faced in the traditional Web2 sphere. 

“Web3 is still a brand new world, full of unknown paths,” said Mitchell Amador, founder and CEO at Immunefi. “That novelty, by definition, brings about a level of inexperience and danger to the game. Furthermore, due to the very nature of the Web3 ecosystem, where smart contract code holds huge amounts of capital, the environment is far more adversarial compared to traditional Web2 applications.” 

Users who are just finding their feet and experimenting with Web3 solutions are also vulnerable to emerging scams.  

“In Web3, users are still adjusting to the technology and many barely even know how to properly use wallets and sign for transactions,” Amador said. “With all the new projects and technology coming out by the week, it’s no surprise that bad actors are able to exploit the inexperience and naivety of new users.” 

As a result, Amador recommends that CISOs and security leaders interacting with these technologies invest in security education — not just on phishing threats, but also how to use infrastructure like wallets, private keys and common DeFi applications. 

Going forward, leaders and researchers in the space have a critical role to play in supporting users and keeping them up to speed on the techniques scammers are using to steal their data.