Report Interpretation: Blockchain Security Situation in the First Half of 2022

Blockchain security posture

In the past two years, under the influence of various factors such as the raging epidemic, economic recession, energy shortage, escalating geopolitical conflicts, and intensifying international competition, the global social and economic development has encountered unprecedented challenges. At the same time, the global blockchain industry is also undergoing an accelerating change: the efficiency, security, and scalability of blockchain technology have been continuously improved, and the rise of emerging fields such as the Metaverse and NFT has enabled blockchain The industry has officially entered the 3.0 era.

According to statistics from SlowMist Hacked, as of June 30, there were 187 security incidents in the first half of 2022, with a loss of $1.976 billion.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Security events in the first half of 2022)

Among these security incidents, about 77% (144 incidents) were caused by the vulnerability of the project itself being exploited by attackers, and the loss amounted to about 1.84 billion US dollars, accounting for 93% of the total loss of security incidents; about 21% (39 incidents) were caused by including Phishing & Rug Pull’s Scams, the loss amounted to about 130 million US dollars, accounting for 6% of the total loss of security incidents.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Cause distribution of security incidents in the first half of 2022)

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Comparison of losses caused by security incidents in the first half of 2022)

Blockchain Ecological Security Overview

According to the different attacked objects, we divided 187 security incidents into three parts: public chain track, trading platform and others.

  • public chain track

     

As the infrastructure of the blockchain industry, the public chain carries people’s expectations for the blockchain as the underlying network of Web3. With the rise of public chains from generation to generation, ecological booms such as NFT, DeFi, GameFi, and Metaverse have also erupted one after another. At the same time, these projects have also promoted the development and value enhancement of public chains, making the multi-chain world from ideal to reality. . According to the data of Footprint Analytics, as of June, 119 public chains have been included, compared with 31 included in June 2021, a year-on-year increase of about 284%.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Comparison of the number of public chains in 2021 and June 2022)

However, the rapid development of the public chain is also a double-edged sword. While promoting the progress of the industry, the security problems of the blockchain have also increased significantly. We analyze it from three aspects: DeFi, NFT, and cross-chain bridges.

DeFi Ecosystem

As the most popular programmable blockchain in the world, DeFi’s development trend in 2022 should not be underestimated. According to DeFi Llama data, the total locked value of DeFi on June 30 was $143.2 billion, of which the ETH chain was worth $94.55 billion in TVL (Total Value Locked) accounts for half of the capital precipitation, followed by the BSC chain with $11.08 billion. Since 2021, many emerging public chains such as Solana, Avalanche, etc. have rapidly developed the on-chain ecosystem by embracing DeFi, which has also attracted a large number of users and funds. Solana TVL on June 30 was $2.64 billion, up 77% year-on-year; Avalanche TVL was $5.54 billion, up 96% year-on-year.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(DeFi TVL in the first half of 2022)

With the rise of the DeFi craze, this field has naturally become the focus of hackers. According to SlowMist Hacked statistics, as of June 30, there were about 100 DeFi security incidents, with losses exceeding $1.63 billion. Among them, the number of security incidents on BSC, ETH, Fantom, Solana, Polygon, Avalanche, and cross-chain bridges were 47, 29, 8, 5, 2, 1, and 7, respectively. $140 million, $308 million, $54.91 million, $63.83 million, $13.1 million, $8.3 million, $1.043 billion.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(DeFi security incident distribution in the first half of 2022)

NFT Ecology

NFTs based on blockchain technology are also objects that need to be focused on. With the rise of a number of leading NFT projects and the participation of celebrities, NFTs have developed rapidly. According to data from Dune Analytics, OpenSea’s trading volume peaked at $284 million in the first half of the year in January, and as the cryptocurrency market changed, OpenSea’s trading volume in June was only $15.58 million, a 94% decline. In the upsurge of NFTs, the NFTs in the Ethereum ecosystem still occupy the mainstream market value and transaction volume, and the transaction volume exceeds 90%. In addition to Ethereum, judging from the short-term data of the transaction volume in the past 30 days and the transaction volume in the past 7 days, the ecological NFTs such as Solana and Flow are also developing rapidly, and their performance is dazzling. The multi-chain era is getting closer and closer to us.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Changes in OpenSea transaction volume in the first half of 2022)

The booming development also means that there are not a few safety accidents on the track. According to the incomplete statistics of SlowMist Hacked, as of June 30, there were about 48 safety accidents on the NFT track, with a loss of more than 62.81 million US dollars. Among them, 33.4% (16 cases) were caused by the vulnerabilities existing in the project itself being exploited by attackers, 20.8% (10 cases) were caused by Rug Pull, and phishing attacks accounted for the majority, accounting for 45.8% (22 cases), most of which were It is due to hackers posting phishing links after media platforms such as Discord/Twitter were hacked.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Cause distribution of NFT attacks in the first half of 2022)

And with the passage of time, the attacks of criminals have become rampant. According to the report released by TRM Labs, in May and June, the scam reporting platform Chainabuse led by the TRM Labs community received more than 100 reports on Discord hacking; Since May, the NFT community has lost about $22 million; in June, hackers posted a 55% year-on-year increase in NFT-related phishing attacks on the hacked Discord.

cross-chain bridge

With the development of blockchain, it has now entered a situation where multiple chains coexist with Ethereum as the core. Asset transfer between chains and cross-chain interaction of smart contracts have become daily activities on the chain. The status of blockchain infrastructure is becoming more and more prominent. According to Dune Analytics data, the total value locked (TVL) of the 15 major cross-chain bridges in Ethereum as of June 30 was about $8.39 billion.Currently the highest TVL is Polygon Bridges ($3.5 billion), followed by Arbitrum Bridge ($1.893 billion), followed by Avalanche Bridge ($1.241 billion).

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(TVL of Ethereum’s 15 major cross-chain bridges)

Due to the large amount of liquidity and the low degree of decentralization, the authority is almost controlled by the multi-signature wallet and other characteristics, and the cross-chain bridge has also become a “sweet pastry” in the eyes of hackers. According to SlowMist Hacked statistics, as of June 30, there were a total of 7 cross-chain bridge security incidents, with losses as high as $1.043 billion, accounting for 64% of DeFi’s total losses in the first half of the year and 53% of the total losses in the first half of the year. It is worth noting that in the first half of the year, 3 out of 4 incidents with losses of hundreds of millions of dollars came from cross-chain bridges. As an important infrastructure of the multi-chain ecosystem, on the one hand, the cross-chain bridge bears a huge amount of capital flow and brings great convenience to users. On the other hand, it faces many challenges in terms of security and decentralization. To improve safety, risk control and other capabilities.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Cross-chain bridge security incident in the first half of 2022)

  • trading platform

The cryptocurrency industry has been in the midst of a regulatory whirlpool, with cryptocurrency trading platforms bearing the brunt of it. The analysis of security incidents on trading platforms is as follows: Take Binance, the world’s largest trading platform, as an example. Since 2021, Binance has been subject to regulatory warnings from dozens of countries and regions, including Europe, America, and Asia. . Under the strong global regulatory signals, Binance has successively obtained regulatory licenses and registered in Spain, France, Abu Dhabi, Dubai, Italy, Bahrain and other countries or regions, and gradually promoted its compliance process.

In the first half of the year, a total of 4 trading platform security incidents occurred globally, with losses exceeding US$77.7 million, as follows:

  • On January 9, the LCX technical team detected an unauthorized access on the LCX trading platform, which resulted in the theft of a total of approximately $7.94 million in crypto assets.
  • On January 17th, a small number of Crypto.com users suffered unauthorized withdrawals that resulted in losses of approximately $34 million, including 4,836.26 ETH, 443.93 BTC, and approximately $66,200 in other cryptocurrencies.
  • On February 8, the LockBit ransomware gang claimed to have stolen a large amount of customer data from cryptocurrency exchange PayBito.
  • On February 12, IRA Financial Trust, which provides self-directed retirement accounts from the U.S. state of South Dakota, filed a lawsuit against crypto trading platform Gemini, alleging the theft of $36 million in crypto assets held by Gemini and belonging to customer retirement accounts.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Comparison of losses from trading platform attacks in the first half of 2022)

The SlowMist security team recommends that major trading platforms improve their internal management and technical mechanisms, and strengthen the security of digital assets by introducing security audit mechanisms, zero-trust mechanisms, and hot and cold asset security solutions.

  • other

Lawbreakers are interested in the anonymity of cryptocurrencies. Blockchain has become a new outlet for online black production, showing an increasingly obvious trend of organization and specialization. “Extortion”, “fraud” and “theft” have become encrypted Currency is a huge security threat. According to the data of the Payment and Settlement Department of the People’s Bank of China, among the payment methods for fraudulent payments in 2021, the use of cryptocurrency for payment is second only to bank transfers, ranking second, reaching as high as 750 million US dollars; in 2020 and 2019, only 1.3, 30 million US dollars, and the trend of substantial growth year by year is obvious. It is worth noting that cryptocurrency transfers have grown rapidly in “killing pig” scams. In 2021, $139 million of the “killing pig” fraudulent funds will be paid in cryptocurrency, which is 5 times that of 2020 and 25 times that of 2019.

Overview of Attack Techniques

Among the above 187 security incidents, the attack methods are mainly divided into four categories: attacks caused by the project’s own design flaws and various contract loopholes; Scam including Rug Pull, phishing attacks, etc.; asset loss caused by private key leakage; front-end Malicious attacks, these four main attack methods account for 95% of the total number of security incidents.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Comparison of the number of attack methods in the first half of 2022)

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Comparison of the loss of attack methods in the first half of 2022)

In the first half of the year, there were 92 attacks caused by the project’s own design flaws and various contract loopholes, resulting in a loss of US$1.06 billion, of which 19 were attacks caused by the use of flash loans, resulting in a loss of US$61.33 million. The rate of asset loss caused by the theft of private keys is about 4%, but the amount of loss reached 720 million US dollars. With the rapid development of Web3, attacks on users and developers emerge in an endless stream, especially phishing attacks on media platforms such as Discord and Twitter. Hackers usually disguise themselves as administrators and publish phishing attacks after obtaining administrator or account permissions. Link. In addition, the production cost of these phishing websites is very low. After copying well-known NFT projects, users are induced to authorize by words such as gift and free, thereby transferring user assets. And Rug Pull is the initiative of the project party to be evil. In the first half of the year, there have been 42 Rug Pull incidents, most of which occurred in the BSC chain.

Summarize

Although the blockchain technology is developing rapidly and gradually improving in 2022, the emerging cryptocurrency attacks have posed new challenges to the ecological security situation of the blockchain. From the statistical data, the months with more security incidents in the first half of the year are mainly in May and June; from the perspective of various ecosystems, BSC has the most security incidents; from the track, the cross-chain bridge has the most losses.

Report Interpretation: Blockchain Security Situation in the First Half of 2022

(Distribution of ecological track events in each month in the first half of 2022)

In this regard, the SlowMist security team recommends:

For institutions and enterprises, it is best to establish a comprehensive network security protection system to protect against network security threats intruding from all levels, and quickly obtain virus Trojans, phishing scams, network security warnings, and vulnerability reports through the threat awareness system. Security intelligence, once a security threat occurs, it can be dealt with in a timely manner.

For individual users, most risks can be avoided by complying with the following security rules and principles:

Two safety rules:

  • Zero trust. Simply put, be suspicious, and always be suspicious.
  • Continuous verification. If you want to believe, you must have the ability to verify your doubts and make this ability a habit.

Safety principles:

  • Knowledge on the Internet, everything is based on at least two sources of information, corroborating each other, and always maintaining suspicion.
  • Do a good job of isolation, that is, don’t put eggs in one basket.
  • For wallets with important assets, do not update easily, just enough.
  • What you see is what you sign. That is, what you see is what you expect to sign. When you sign and send it out, the result should be what you expected, and it will never break your thigh afterwards.
  • Pay attention to system security updates, and act immediately when there are security updates.
  • Don’t mess with the program.

Here, it is highly recommended to read and master the “Blockchain Dark Forest Self-Saving Handbook” (https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook/blob/main/README_CN.md).

The development of the blockchain is long and difficult. It is expected that with the continuous improvement of the industry, the blockchain can burst out with greater power and move towards a larger stage.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/report-interpretation-blockchain-security-situation-in-the-first-half-of-2022/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-08-08 12:25
Next 2022-08-08 12:27

Related articles