March 7, 2022 - We combed through the Hack and Scam Database and drilled down on the details of what we have observed across our data set for January - February 2022.

Here are what we have found.

The monthly counts of incidents appear to be consistent when the number of incidents from February is adjusted for the same basis as January (e.g. 45 counts vs. 43 counts-adjusted).

Total losses are also comparable when the major ponzi scheme (Dos Santos) from Brazil which was responsible $7B worth of losses is removed from the January total losses, resulting in $585M (January) vs. $441M (February).

YTD Scams and Contract Vulnerabilities continue to account for over 77% of the incidents observed with poor key management and governance running at 5.2% and 3% respectively.

When the same analysis is performed for January and February, we observed similar outcomes at least on two categories: Scams and Contract Vulnerabilities.

For those who may be interested in a deeper review, the following chart further decomposes the details of the common attack vectors into specific categorization.

Rug pulls remain a top specific vector accounted for 35.6% for the incidents. Logic error in smart contract follows with 9.7%, then private key leak and then remaining phishing specific vectors.