A graph depicting the percentage of crypto lost due to traditional Web2 flaws.
46% of crypto lost from exploits is due to traditional Web2 flaws — Immunefi

Web 2.0 vs Web 3.0

A recent report from blockchain security platform Immunefi has revealed that almost half of all cryptocurrency losses from Web3 exploits are due to Web2 security issues like leaked private keys. Released on November 15, the report looked back at the history of crypto exploits in 2022 and classified them into different types of vulnerabilities. It concluded that 46.48% of the crypto lost from exploits in 2022 was not from smart contract flaws, but from “infrastructure weaknesses” or issues with the developing firm’s computer systems.

When considering the number of incidents rather than the value of crypto lost, Web2 vulnerabilities still accounted for the second-largest category, at 26.56%. Immunefi’s report excluded exit scams or other frauds, as well as exploits that occurred only due to market manipulation. It only considered attacks that happened due to a security vulnerability. It found that these attacks can be divided into three main categories. The first is attacks that occur due to a design flaw in the smart contract, such as the BNB Chain bridge hack. The second is attacks caused by flaws in the code that implements the smart contract design, like the Qbit hack. Finally, the third category is “infrastructure weaknesses,” which Immunefi defines as “the IT-infrastructure on which a smart contract operates—for example virtual machines, private keys, etc.” The Ronin bridge hack, caused by an attacker gaining control of five out of nine Ronin nodes validator signatures, is an example of this type of vulnerability.

Web 2.0 and Web 3.0 are two different generations of the World Wide Web. Web 2.0 is characterized by social media, user-generated content, and interactive websites. Web 3.0, on the other hand, is built on blockchain technology and decentralized applications, and promises to revolutionize the way we interact with the internet. While there are many differences between the two, the main one is that Web 3.0 is much more secure than Web 2.0, due to its reliance on blockchain technology.

Infrastructure Weaknesses

Immunefi further broke down infrastructure weaknesses into subcategories, such as an employee leaking a private key, using a weak passphrase for a key vault, two-factor authentication problems, DNS hijacking, BGP hijacking, a hot wallet compromise, or using weak encryption methods and storing them in plaintext.

Cryptographic Issues

Cryptographic issues, such as Merkle tree errors, signature replayability and predictable random number generation, are the second-largest cause of losses, accounting for 20.58% of the total value of losses in 2022.

Weak/Missing Access Control and/or Input Validation

Weak/missing access control and/or input validation is the largest contributor in terms of the number of incidents, accounting for 30.47%, but only 4.62% of the losses in terms of value.

Categorized in:

Tagged in: