Illustration by Alex Castro / The Verge

Web3 projects have lost more than $2 billion to hacks and exploits in the first half of the year.

CertiK released its quarterly Web3 security report covering the second quarter of this year. The report paints a sobering picture of a space still plagued by hacks, scam, andPhishing schemes while also facing relatively new threats.

The invention of flash loans is a category of threat that CertiK focuses on. If used recklessly, flash loans can be used to manipulate the value of a token on exchanges or buy up all of the governance token in a project and vote to withdraw all of the funds.

CertiK claims that a total of $308 million was lost across 27 flash loan attacks in the second quarter of the year, an enormous increase compared to just 14 million lost to flash loans in the first quarter.

Between Q1 and Q2 of this year, CertiK recorded an increase in the number of phish attacks compared with the first three months of the year. Despite security concerns, the social network of choice for the cryptocurrencies and NFT scene is still Discord.

rug pulls, where the founders of a project stop development and flee with the funds, are less common, though tens of millions of dollars were still lost in this way. According to a report by CertiK, a total of $37.46 million was lost to rug pulls in the second quarter of this year, down from the previous quarter, but the report attributes much of this decrease to the current crypto winter, which may be driving away the less experienced investors