A recent report by the blockchain security platform Immunefi has shed light on the significant impact of Web2 security issues on the world of Web3 exploits. The report, released on November 15th, 2022, analyzed the history of crypto exploits throughout the year, categorizing them into different types of vulnerabilities. According to the report, a substantial 46.48% of the crypto lost from exploits in 2022 was attributed to “infrastructure weaknesses” or issues with the developing firm’s computer systems, rather than smart contract flaws.
While the percentage of incidents caused by Web2 vulnerabilities was lower at 26.56%, it remained the second-largest category of vulnerabilities, emphasizing the significant impact of Web2 security issues on the overall landscape of Web3 exploits.
Immunefi’s report focused specifically on security vulnerabilities and excluded exit scams, fraud, or market manipulations as contributing factors to the crypto exploits. The report outlined three broad categories of security vulnerabilities. Firstly, attacks could result from design flaws within the smart contract itself. The BNB Chain bridge hack was cited as an example of this type of vulnerability. Secondly, attacks could occur due to flawed code implementation, even if the smart contract is well-designed. The Qubit hack was referenced as an example in this category. Lastly, infrastructure weaknesses were identified as a third category of vulnerability, encompassing the IT infrastructure on which a smart contract operates, such as virtual machines, private keys, and more. The Ronin bridge hack was cited as an example of this type of vulnerability.
Infrastructural weaknesses were further broken down into subcategories, including issues such as employee leakage of private keys, weak passphrase usage, problems with two-factor authentication, DNS hijacking, BGP hijacking, hot wallet compromise, and weak encryption methods. These infrastructure vulnerabilities were found to contribute to the greatest amount of losses compared to other categories, underscoring the critical need for improved infrastructure security within the Web3 ecosystem.
Related Post
Furthermore, the report highlighted “cryptographic issues” as significant contributors to the total value of losses in 2022, accounting for 20.58% of the losses. These issues included errors in Merkle trees, signature replayability, and predictable random number generation. Additionally, “weak/missing access control and/or input validation” was identified as a common vulnerability, resulting in a large number of incidents, although it caused only 4.62% of the losses in terms of value. In fact, it was found that 30.47% of all incidents were caused by this specific flaw, emphasizing the importance of implementing robust access control and input validation measures to enhance security.
The report’s findings serve as a powerful reminder of the critical role that both Web2 and Web3 security play in maintaining the integrity and safety of the crypto ecosystem. As the industry continues to evolve, addressing these vulnerabilities and implementing robust security measures will be vital in safeguarding the future of blockchain technology and cryptocurrency.
In conclusion, Immunefi’s report has highlighted the pervasive impact of Web2 security issues on the landscape of Web3 exploits, emphasizing the need for heightened security measures to address infrastructure weaknesses, cryptographic issues, and access control vulnerabilities. By raising awareness of these critical vulnerabilities, the report serves as a call to action for the industry to prioritize security and ensure the resilience of the crypto ecosystem.
