2022 Year in Review
first level title
2022 Year in Review
The blockchain industry in 2022 can be said to be a year of rapid changes and changes. During this year, Ethereum has entered the 2.0 era from POW to POS. The gradual growth of Layer 2 and new public chains has brought fresh blood to the market, and the successive thunderstorms of Terra, Three Arrows Capital and FTX have also brought new challenges to the industry. Affected by the earthquake level, the NFT market, which has been brilliant for a long time, has also ushered in a slump.Regardless of whether these changes are good or bad, they are all new to hackers. They are always looking for new opportunities, and they will continue to attack without letting go of any gap, and the means of attack are also continuous innovation. This has led to further weakening of market confidence. If lessons cannot be learned from these attacks, there will be more difficulties and challenges in the blockchain in 2023.Know Chuangyu Blockchain Security Lab
first level title
secondary title
according tototal dataKnow Chuangyu Blockchain Lab [Hacked Event Archives]
According to incomplete statistics, in 2022, there will be about 427 security incidents related to the blockchain that can be queried, causing direct losses of about 3.52 billion US dollars. Excluding losses caused by market turmoil, the number of security incidents in 2022 will increase by approximately 37.3% compared to 2021, but the amount of losses will decrease by approximately 64.8% compared to the $10 billion lost in 2021.
secondary title
Compared with the data of previous years, although the number of security incidents has increased significantly, the amount of losses has dropped significantly. This may be related to the downturn in the overall industry environment, otherwise the amount of losses will increase even more than 2021.
In terms of security incidents, we still take the form of monthly reports and collect them in stages. Four latitudes are mainly used for statistics, namely DeFi security type events, scam security type events, phishing security type events, and other security event types. Among them, DeFi security-type incidents are particularly prominent this year, accounting for 41% of the total.
secondary title
In terms of financial losses, DeFi security-type incidents lost the most, exceeding US$3.2 billion. This was followed by scam security-type incidents, with losses of approximately $210 million. There are many DeFi security incidents and losses. But for our ordinary users, compared with Defi security incidents, the economic losses caused by scam security incidents are actually more serious.
(Ps: Scam security incidents are mainly caused by the project side’s problems such as excessive Owner authority, too many tokens initially given to Owner, contract upgradeability, DAO ratio manipulation, etc. Therefore, the backtracking on the project side has become critical.)
Timeline of Major Security Incidents
first level title
Review of typical security incidents
secondary titleThe largest amount of loss
Key words:Largest amount of loss, cross-chain bridge, private key stolen
Event description:Event evaluation:
The private key of the verification node was stolen, and hackers used the private key to forge withdrawals. Developers and partners lacked attention to the cross-chain bridge, and the response was too slow.
secondary titleThe most influential industry
Key words:The industry has the greatest impact and the stablecoin is unanchored
Event description:Event evaluation:
Attackers took advantage of the withdrawal interval of the UST-3 Crv pool to launch attacks. The long-term unanchoring of stablecoins made users lose confidence and a large amount of funds fled. Although it is not a typical attack, it has far-reaching impact on the industry.
secondary titleThe largest amount defrauded
Key words:Running scams, token prices plummet
Event description:Event evaluation:
The defrauded amount was huge, and the tokens fell by more than 80% within 24 hours.
secondary titleThe largest amount of fishing
Key words:Phishing, Malicious Tokens
Event description:Event evaluation:
The attacker sends the malicious token "UniswapLP" for phishing, and the authorization operation needs to be cautious.
secondary titleTypical flash loan attack
Key words:Flash loans, reentrancy attacks
Event description:Event evaluation:
first level title
text
text
text
The cryptocurrency field has entered a long winter starting from the collapse of Luna/UST, but the number of security incidents remains high, and innovative attack methods are common. The security of DeFi projects needs to be carefully audited by security companies. The security of cross-chain bridges has become particularly prominent this year. Being deceived by high-yield or castle-in-the-air ecology, of course, phishing security incidents cannot be ignored. Don’t click malicious links at will, and don’t authorize others at will to protect the security of our wallets. The safety of the industry requires the joint efforts of users and professionals.
