Top 10 Web3 Hacks that Took Place in 2022 So Far

Web3 promised us a new era of privacy and security, but a series of recent major Web3 hacks make all that look like a lie.

Web3 promises that we’ll get all the stuff we like about the internet, but with more privacy and a blockchain-based architecture to keep our data more secure than before. Well, that’s the theory. In reality, Web3 is becoming a security nightmare as a slew of recent Web3 hacks has left some wondering if they should just turn our money and data over to Mark Zuckerberg and call it day. In the first six months of 2022, Web3 projects have lost more than $2 billion to hacks and exploits — more than all of 2021 combined. In total, CertiK’s report claims that a total of $308 million was lost across 27 flash loan attacks in Q2 2022 — an enormous increase compared to just $14 million lost to flash loans in Q1. This article features the top 10 Web3 hacks that took place so far in 2022.


Beanstalk Farms

Amount Stolen: US$182,284,430

Beanstalk Farms is appealing to the hacker that stole $182 million in cryptocurrency on Sunday, offering a $1.8 million “Whitehat bounty” if the exploiter returns 90% of the stolen funds. Hackers stole the crypto by exploiting the decentralized finance project’s governance system. Blockchain analytics company PeckShield was the first to spot the incident, and provided the $182 million estimate, noting the attackers took over 24,000 in Ethereum and 36 million in Bean, the company’s stablecoin.


Fei Protocol

Amount Stolen: $79,348,386

Decentralized finance (Defi) platforms Rari Capital and Fei Protocol suffered a more-than-$80 million hack early Saturday.

The hacker exploited a reentrancy vulnerability in Rari’s Fuse lending protocol, according to a tweet by smart contract analysis firm Block Sec. It is one of the Web3 hacks that took place so far in 2022.


DEUS Finance 2

Amount Stolen: $15,700,000

Deus Finance, a Defi platform, acknowledged reports that an attacker stole millions of dollars through unlawful means. CertiK and PeckShield, two blockchain security startups, reported that Deus Finance was the victim of a “flash loan attack.”


Elephant Money

Amount Stolen: $11,340,000

Elephant Money, the decentralized finance (Defi) protocol behind the ELEPHANT token and the TRUNK stablecoin, announced in April 2022 that hackers stole $11.3 million worth of Binance Coin.

The company said it was facing an “automated attack” against its treasury and in a Medium post, its founder said they are working with their partners – blockchain security company CertiK and Defi insurance protocol InsurAce – to address the issue. It is one of the Web3 hacks that took place so far in 2022.



Amount Stolen: $10,984,288

Saddle Finance has lost more than $10 million after a recent hack. The assault was recognized and spread on Twitter by Saddle Finance’s development staff. Scammers and hackers have continued their onslaught, and various platforms have been harmed as a result of their activities. Analysts have advised major security measures.

These malevolent individuals, on the other hand, are constantly devising new ways to carry out their schemes.


FEG token 2

Amount Stolen: $1,857,000

The Fegtoken ecosystem has been hacked more than once over the last couple of days. On 16 May, the Defi project’s FEGexPRO contract on both Ethereum and BNB Chain was exploited for approximately 3,280 BNB and 145 Ethereum via a flash loan attack. During the early hours of Tuesday second week of May, the Fegtoken ecosystem was attacked again, by an alleged new attacker. This time, funds worth close to $1.9 million were drained.It is one of the Web3 hacks that took place so far in 2022.


FEG token

Amount Stolen: $1,315,638

As such, Fegtoken is a decentralized transaction network on Ethereum and Binance Smart Chain and it is driven by its native deflationary FEG token.

The attackers had exploited the Swap-to-Swap functionality in the Fegtoken swap contract on Binance Smart Chain and Ethereum and in all have managed to drain approximately $3.188 million in total.


Inverse Finance

Amount Stolen: $1,231,571

Ethereum-based decentralized finance (Defi) tool Inverse Finance was exploited for more than $1.2 million worth of cryptocurrency in June 2022, on-chain data appears to show.

Exploiters seemed to use a flash loan attack to trick the protocol and steal more than 53 bitcoin, worth $1.1 million, and 10,000 tethers (USDT), a stablecoin backed on a 1-1 basis with U.S. dollars. The exploit comes just over two months after attackers stole $15 million worth of cryptocurrencies from Inverse Finance in a similar attack, as previously reported. It is one of the Web3 hacks that took place so far in 2022.



Amount Stolen: $6 million

Blockchain-based audio streaming platform Audius has learned the hard way that hackers can steal community funds, despite being online for two years and having passed their security audits long ago. While users and AUDIO token holders are unaffected, this attack reminds the industry that even a well-audited project that has been live for years can still possess a sneaky vulnerability that’s waiting to be discovered and exploited by a clever hacker.



Amount Stolen: $730,000

On April 30, 2022, Beijing time, Knownsec Blockchain Lab detected that the dollar project on the BSC chain was attacked by price manipulation, resulting in a loss of about $730,000.Knownsec Blockchain Lab tracked and analyzed this incident for the first time. It is one of the Web3 hacks that took place so far in 2022.