So far in 2022, $2,338,910,183 billion has been “lost to various scams and exploits in the Web3 world and a total of ~377 attacks recorded this year,” according to an update shared by CertiK.
Just like in July, August has “seen the same number of major incidents with 31 major attacks recorded.” On the other hand, exit scams, flashloans, Discord and NFT scams “have all decreased compared to last month.” Out of the 44 exploits recorded this month, CertiJ reveals that “33 were deemed exit scams, 7 were analyzed as flashloan attacks, and 4 fell into other incident categories.”
Flashloan attacks “have significantly decreased compared to July with a drop of 95% for these sorts of attacks cumulating to a $745,244 USD loss, the second lowest number logged this year after the month of February.”
Additionally, this month’s rug pulls and exit scams also “have decreased from last month’s recorded incidents with a 25.9% drop, totalling a loss of $10,040,624.” Finally, Discord hacks and NFT scams “have also dropped compared to last month’s statistics with 86 incidents reported in August, a ~30% decrease from July’s numbers.”
In August, there “were 33 exit scams resulting in a total loss of $10,040,624, a 25.9% decrease from July.” Nineteen were “considered as a major exploit with profits over $100k which is a 5% increase from last month.”
The CertiK report further noted that the largest exit scam “was the Day of Rights $AMO token.”
Wallets associated with the project “sold off large portions of the token which was sent to a wallet where the funds were aggregated.” In total, ~$2m was “taken from investors.”
There was one outlier in the rug pull statistics in July that “skewed the figures.” Raccoon Network pulled off “an IDO/fund raising exit scam which cost investors $25.2m, making it the most profitable exit scam this year as well as the 3rd highest attack over the past 12 months.”
If we subtract that from last month’s figures we get “the figure of $13,533,928 which is $3,493,304 difference between July and August.” By discounting the Raccoon Network and Freedom Protocol exit scam, we see “no significant divergence in trends between July and August.”
CertiK added:
“We have seen many examples of tokens washing funds this month which we have not included in our monthly stats. This is because we associate these examples with likely money laundering activities that occur multiple times a day. Most of examples have all been found on the BNB Smart Chain and it’s currently unclear whether this increase is related to the sanctioning of Tornado Cash by OFAC.”
They also mentioned that the month of August “presents a hopeful outlook for flashloan security. August boasts the lowest total amount lost since February this year and did not even break $1 million in loss.”
They further noted:
“Over the course of 7 attacks, we recorded $745,244 in damages, an immense 95% decrease compared to the previous month of July. The average loss per attack this month was $106,463 the lowest amount we at CertiK have ever recorded for flashloans.”
They added that “the most significant flashloan attack occurred on XStable where the attacker utilized price manipulation to secure approximately $366,975 in total.” The protocol has since been “self-destructed.” Overall, flashloans remain “a threat and this month may just be a statistical outlier but at the very least it shows progress in a positive direction.”
Certik also noted:
“Our current projection for the amount of loss strictly from flashloan attacks in 2022 based on current data is: $511,601,181. Down over $80,000 since our last prediction.”
They continued:
“In the month of August there have been a total of 31 major attacks. This is equivalent to the number of attacks in July. An average of $7,013,378 was lost per attack, which is a significant increase from the average of $2,120,816 per attack in the month of July.”
The total amount of money lost in August compared to June’s exploits also “increased in overall recorded attacks.” The report added that the largest exploit this month “was the Nomad Bridge exploit.”
In August, most attacks “were reported between the 8th-13th, with a total of 12 attacks.” Of those incidents, 6 “were considered exploits, 4 were exit scams and 0 were flash loan attacks.” Three of these major incidents “stood out as they showed the most significant reported losses.”
For more details on this update, check here.