The web3 ecosystem lost over $428.7 million to 39 exploits in the third quarter — down 62.9% compared to over $1 billion lost in the same period of 2021. The Nomad Bridge and Wintermute hacks account for 79.85% — $350 million — of all recorded losses.
Leading Bug bounty firm Immunefi detailed in its Crypto Losses report that about $398.9 million was lost to 30 incidents of hacks, while nine fraud cases claimed approximately $29.8 million, including $24.5 million lost to project rug pulls.
Over 98% of the losses occurred on DeFi platforms, amounting to $423.4 million across 36 incidents. CeFi exchanges suffered a $5.2 million loss across 3 cases.
The majority of DeFi platforms attacked (51.8%) lived on the BNB and Ethereum chains. Attacks on Solana and Avalanche chains represented 6.8% of all losses.
Nomad & Wintermute hacks
On Aug. 2, cross-chain protocol Nomad Bridge suffered an exploit that drained 100% of its liquidity worth approximately $190 million. A hacker stole some 100 WBTC from the bridge and exposed the exploit code for hundreds of attackers to drain the protocol by “copy-pasting” their addresses.
Market maker Wintermute lost $160 million to a hot wallet compromise, on Sept. 20. The exploit was linked to a profanity vanity address flaw that the attacker leveraged to drain some 90 crypto assets.
2022 losses in numbers
Since the start of 2022, the crypto ecosystem has lost approximately $2.3 billion to hackers and fraudsters.
By the end of the first quarter, total crypto losses had reached $1.2 billion, with Ronin Network and Wormhole bridge accounting for over 70% of the losses. The second quarter saw over $670 million flow out, with Beanstalk and Harmony Horizon losing a cumulative of $282 million.
Many affected projects worked with blockchain security firms to recover up to $93.8 million, representing 4% of the total losses. Some of the hardest hit projects, including Axie Infinity and Nomad bridge, recovered $30 million and $36.4 million, respectively.