According to Cointelegraph, a new report from blockchain security platform Immunefi suggests that 46.48% of all crypto lost from Web3 exploits in 2022 is due to Web2 security issues such as leaked private keys. The report, released on November 15, analyzed the history of crypto exploits in 2022 and categorized them into different types of vulnerabilities. It found that Web2 vulnerabilities accounted for 26.56% of the total number of incidents, making them the second-largest category.
Immunefi's report excluded exit scams, frauds, and exploits that occurred solely because of market manipulations, focusing only on attacks that occurred due to a security vulnerability. The report identified three broad categories of vulnerabilities: design flaws in smart contracts, flawed code implementing the design, and infrastructure weaknesses. Infrastructure weaknesses, which include issues with virtual machines, private keys, and other IT infrastructure, were responsible for the largest amount of losses.
The report further broke down these categories into subcategories, highlighting various causes of infrastructure weaknesses such as employee leaks of private keys, weak passphrases for key vaults, problems with 2-factor authentication, DNS hijacking, BGP hijacking, hot wallet compromises, and weak encryption methods. The second-largest cause of losses was cryptographic issues, accounting for 20.58% of the total value of losses in 2022. Weak or missing access control and input validation were also common vulnerabilities, contributing to 30.47% of all incidents, but only 4.62% of the losses in terms of value.