A 0-day exploit is an exploit which is not yet known to the public, specifically the vendor. As such, statistics about such exploits are difficult to make. But in order to make this answer more satisfactory, we can have a deeper look into how 0-day exploits are dealt with.
When would you use a 0-day exploit?
Most likely, you will use a 0-day exploit when you feel like you can gain more value out of using it than out of selling it. Why? Because every usage has a risk associated with it. In the "worst" case, the 0-day exploit will be detected, reported to the vendor and fixed. The value of the exploit then decreases to basically nothing, because the exploit at this point becomes known public and with a fix attached, and nobody will buy it from you anymore.
So you will only use it if you think you will benefit from it.
How often are 0-day exploits used?
That's hard to estimate. In all likelihood, very rarely. As mentioned above, it's a risk to the individual or group who uses the exploit. You might think it's equally risky to not use them, as with every passing day, the vulnerability could be found independently and reported to the vendor.
The reason why you can't have good statistics about it is simple: If I knew about a vulnerability since 2017, and early 2020 it is fixed, who else would know that I knew about it? How would anybody gather that data?
In essence, it's impossible to say for sure.