• There was a 170 percent surge in Web3 phishing attacks during Q2 2022 in comparison to the previous quarter.
• Hackers exploited social media accounts, especially on Discord and Telegram, and lured users into too good to pass up offers.

As the Web 3 industry continues to rise, the number of phishing attacks taking place has grown at double the speed. The latest report from Certik shows that with the growing Web3 adoption, hackers are becoming more active.

During the last quarter i.e. Q2 2022, phishing attacks have been on a sharp surge with exploiting social media platforms the most. The Certik report notes that there’s a staggering 170 percent in phishing attacks during the second quarter of 2022. The security firm notes that during the first quarter, there were 106 attacks recorded. This number jumped to 290 in the subsequent quarter.

During the last quarter, $308,579,156 were lost in flash loan attacks. This is also the most amount lost in flash loan attacks, recorded ever. During the second quarter, the team at Certik audited 628 projects across 432 new clients. In the report, Certik notes:

Over $2 Billion has been lost in Q1 and Q2 alone, meaning that 2022 has already lost more to hacks and exploits than the entirety of 2021. This means that 2022 is already the most expensive year for web3 by far. From these numbers, 2022 is forecast to see a 223% increase in the funds lost to attacks when compared with 2021.

Hackers exploiting social media platforms

As said, hackers have been exploiting social media platforms the most. The most vulnerable social media platforms are Discord and Telegram with a vast majority of attacks happening on them. However, unlike Twitter, which supports verification, these social media platforms don’t have verification.

This allows the hacker to clone accounts and trap users in the bait. Furthermore, the kind of giveaways offered by the hacker is too good to pass up. Interestingly, the Certik team adds that to target Web 3 enthusiasts, hackers are using the same old tricks of Web 2 to exploit centralization. Thus, they are largely counting on human error as a starting point of the attack.

This highlights Web3 ongoing relationship with the vulnerable infrastructures of Web2. The report states:

The vast majority of these attacks targeted projects’ Discord servers, which highlights both the dependence of NFT projects on the social media platform for marketing to and engaging with their communities, but also the huge security risks that this dependence entails.

Furthermore, the Certik team found that rug pulls and exit scams continue to be the most popular form of attacks. However, the rug pull attacks during Q2 2022 decreased in comparison to the previous quarter. Exploits, in general, constitute a broad category such as bugs and vulnerabilities in code, compromising multi-sig passwords, exploiting minting functions, reentrancy problems, or flaws in the ways that oracles are used.