benny
@bennylada
Over the last few days, I spent some time adding protocol language info to DefiLlama's hack page (https://defillama.com/hacks) with 0xngmi's help. I used the opportunity to review the data and chart some stuff. ๐งต
1 reply
0 recast
1 reaction
benny
@bennylada
The page is a wonderful crowdsourcing effort and the most comprehensive structured dataset for crypto hacks around. Its "total value hacked" figure is an oft-cited reference in pieces about web3 security, but as high as it is...
1 reply
0 recast
0 reaction
benny
@bennylada
...it's better thought of as a lower bound. Small hacks and rugs (<$100k) are common but clearly underreported. The data focuses only on protocols so phishing or poisoning attacks on individuals are excluded, but some have caused losses of over $60m! (https://tinyurl.com/2j6d6jw5)
1 reply
0 recast
0 reaction
benny
@bennylada
Cross-referencing the hack list's chains with DefiLlama's tracked protocol list, we can get an estimate of the proportion of a chain's protocols that get hacked. Ethereum and Solana lead here, but the 2022 starting date favors younger chains.
1 reply
0 recast
0 reaction
benny
@bennylada
That's only one part of the story though, as hack amounts can vary a lot. Normalizing by chain TVL shows a different picture. Fantom and Base lead due to the Multichain hack and Bald rugpull, respectively. And Solana had a string of major hacks (Mango, Wormhole, Cashio).
1 reply
0 recast
0 reaction
benny
@bennylada
And since the hack data now has language info, we can also do language-based stats! Rust may be safe, but clearly not web3 safe. Solidity fares better but Vyper slithers ahead ๐. Java comes from a single data point on ICON.
0 reply
0 recast
0 reaction