New technologies create new risks. Ever since the cryptocurrency rose to prominence following the launch of Bitcoin in 2008, cybercriminals have been looking for ways to separate users from their hard-earned money. Now that the Web3 ecosystem is growing, fraud is becoming an even bigger threat.

Today, Web3 bug bounty provider Immunefi published new research estimating that $3,160,153,849 in crypto funds were lost across the entire Web3 ecosystem due to hacking and scams in 2022. The report also found that the two web3 chains Blocks most attacked last year were BNB Chain and Ethereum, with 65 and 49 unique security incidents each.

The good news is that while crypto fraud across the space is still common, the general losses decreased 60.9% from the 2021 total of $8,088,338,239.

In any case, this latest research highlights that organizations that interact with the Web3 ecosystem need to implement a highly developed security strategy to address these new threats, or risk leaving their data exposed.

Web3 and the risk of ‘novelty’ attacks

The report comes as researchers anticipate the Web3 market to grow from $3.2 billion in 2021 to $81.5 billion in 2030, increasing at a compound annual growth rate of 43.7%.

Inevitably, as the value of this market increases, more and more cybercriminals will innovate new scams and threats to try to capitalize on their popularity and steal user funds. This poses novel challenges, as the nature of these attacks in digital spaces will be different than those faced in the traditional Web2 sphere.

“Web3 is still a whole new world, full of unknown paths,” said Mitchell Amador, founder and CEO of Immunefi. “That novelty, by definition, brings a level of inexperience and danger to the game. Also, due to the very nature of the Web3 ecosystem, where the smart contract code contains large amounts of capital, the environment is much harsher compared to traditional Web2 applications.”

Users who are just getting familiar with and experimenting with Web3 solutions are also vulnerable to emerging scams.

“On Web3, users are still adapting to the technology and many barely know how to properly use wallets and sign transactions,” Amador said. “With all the new projects and technologies coming out every week, it’s no surprise that bad actors can exploit the inexperience and naivety of new users.”

As a result, Amador recommends that CISOs and security leaders who interact with these technologies invest in security education, not just on phishing threats, but also on how to use infrastructure like wallets, private keys, and common DeFi applications.

Going forward, leaders and researchers in the space have a critical role to play in supporting users and keeping them aware of the techniques fraudsters are using to steal their data.