Traditional Web2 Weaknesses Account for 46% of Crypto Losses – Insights by Immunefi
A recent analysis conducted by the blockchain security platform Immunefi has revealed a staggering statistic – almost half of all cryptocurrency losses resulting from Web3 exploits can be attributed to security issues originating from Web2, such as leaked private keys. The report, unveiled on November 15, involves a comprehensive review of crypto exploits throughout 2022, segmenting them into various vulnerability categories. The findings underscore a notable observation: a substantial 46.48% of crypto losses due to exploits did not stem from smart contract flaws but rather from what the report characterizes as “infrastructure weaknesses” or deficiencies within the operating firm’s computer systems.
When evaluating the frequency of incidents, as opposed to the monetary value of the crypto lost, Web2 vulnerabilities accounted for a relatively smaller proportion at 26.56%. Nevertheless, they remained the second-largest category.
The report by Immunefi explicitly excluded exit scams, other fraudulent activities, and exploits triggered solely by market manipulations, instead focusing solely on attacks resulting from security vulnerabilities. According to the analysis, these attacks broadly fall into three categories. Firstly, certain attacks occur due to inherent design flaws within the smart contract. The report provided the example of the BNB Chain bridge hack as a representative case of this type of vulnerability. Secondly, some attacks transpire despite a well-designed smart contract, owing to flaws in the code implementation of the design, with the Qbit hack serving as an illustrative instance in this category.
Subsequently, the report delineates a third category of vulnerability labeled as “infrastructure weaknesses,” encompassing the IT-infrastructure supporting a smart contract’s operation, which includes virtual machines, private keys, etc. The famous Ronin bridge hack is cited as an illustration of this vulnerability, wherein an attacker gained control of five out of nine Ronin nodes validator signatures.
Immunefi further dissects these categories into subcategories. In the case of infrastructure weaknesses, potential causes include employee-related incidents such as leaked private keys, deployment using a weak passphrase for a key vault, issues with two-factor authentication, DNS hijacking, BGP hijacking, compromise of a hot wallet, and utilization of weak encryption methods stored in plaintext.
Although infrastructure vulnerabilities resulted in the highest losses compared to other categories, “cryptographic issues” emerged as the second-largest cause of losses, accounting for 20.58% of the total value lost in 2022.
Furthermore, “weak/missing access control and/or input validation” was identified as another prevalent vulnerability, generating 4.62% of the overall losses in terms of value. Nonetheless, it constituted the primary contributor in terms of incident frequency, accounting for 30.47% of all incidents.
Understanding the Impact of Web2 Weaknesses on Crypto Exploits
The profound influence of traditional Web2 vulnerabilities on Web3 exploits cannot be understated. The root causes of crypto losses can often be traced back to weaknesses inherent within the infrastructure and security systems of the entities handling the smart contracts. The prevalence of issues such as leaked private keys, inadequate encryption methods, and compromised authentication mechanisms underscores the critical need for rigorous cybersecurity measures within the crypto space.
Implications for Crypto Security
The substantial portion of crypto losses attributed to traditional Web2 weaknesses emphasizes the urgent necessity for comprehensive security assessments and proactive measures. Organizations and developers operating within the crypto sphere must prioritize robust security protocols, encompassing meticulous key management, encryption practices, and stringent access controls. Heightened awareness of the potential vulnerabilities and associated risks is imperative for safeguarding against exploitation and fortifying the integrity of Web3 ecosystems.
Advancing Crypto Security Practices
Amidst the evolving landscape of digital assets and blockchain technology, reinforcing the security posture through continual advancements is imperative. Implementation of state-of-the-art encryption methodologies, multi-factor authentication mechanisms, and thorough audits of infrastructure components are pivotal in mitigating the vulnerabilities stemming from traditional Web2 weaknesses. Adherence to best practices and fostering a culture of proactive security consciousness are fundamental in sustaining the resilience of the crypto realm.
For the latest updates and insights on the crypto industry, visit Uber Crypto News.