Blockchain circle

One stop hot information platform

About us:

Blockchain circle provides the latest information about blockchain, digital currency, digital wallet, exchange, metauniverse, bitcoin, Ethereum, contract, financial management and so on, and always pays attention to the latest market...

Gu Lumi's observation: Interpretation of the report: blockchain security situation in the first half of 2022

Time : 10/07/2021 Author : thbirg Click : + -
        In the past two years, global social and economic development has encountered unprecedented challenges under the influence of various factors, such as the continuous outbreak of the epidemic, economic recession, energy shortage, the escalation of geographical conflicts, and the intensification of international competition. At the same time, the global blockchain industry is also experiencing an accelerating transformation: the efficiency, security and scalability of blockchain technology have been continuously improved, and the rise of emerging fields such as metauniverse and NFT has officially entered the 3.0 era. According to the statistics of slowmist blockchain hacked event archive, as of June 30, there were 187 security incidents in the first half of 2022, with a loss of $1.976 billion.
        Among these security incidents, about 77% (144) were exploited by attackers due to the vulnerability of the project itself, with a loss of about 1.84 billion US dollars, accounting for 93% of the total loss of security incidents; About 21% (39 cases) of them originated from the products containing phishing & amp; For scams of rugpull, the loss amount is about 130 million US dollars, accounting for 6% of the total loss of security incidents. As the infrastructure of the blockchain industry, the public chain carries people's expectations for the blockchain as the underlying network of Web3. With the rise of generation after generation of public chains, ecological upsurge such as NFT, defi, gamefi and metauniverse has also burst out one after another. At the same time, these projects have also promoted the development and value improvement of public chains, making the multi chain world from ideal to reality.
        According to the data of footprint analytics, the accumulated number of public chains included by June was 119, compared with 31 in June 2021, a year-on-year increase of about 284%. However, the rapid development of the public chain is also a double-edged sword. While promoting industrial progress, the security problems of the blockchain caused by it have also increased significantly. We analyze them from three aspects, namely, profi, NFT and cross chain bridge. NFT based on blockchain technology also needs to be focused on. With the rise of a number of head NFT projects and the participation of various celebrities, NFT has developed rapidly. According to the data of duneanalytics, the trading volume of opensea reached the peak of US $284 million in the first half of the year in January. With the changes of the cryptocurrency market, the trading volume of opensea in June was only US $15.58 million, down 94%.
        In the upsurge of NFT, at present, the market value and trading volume of NFT of Ethereum ecology still occupy the mainstream of the market, with the trading volume exceeding 90%. In addition to Ethereum, from the short-term data of the trading volume in the last 30 days and the trading volume in the last 7 days, the NFT of Solana, flow and other ecosystems are also developing rapidly and performing brilliantly. The Multi Chain era is getting closer and closer to us. The vigorous development also means that there are not a few safety accidents on the track. According to the incomplete statistics of slowmisthacked, as of June 30, there were about 48 safety accidents on NFT track, with a loss of more than 62.81 million US dollars. Among them, 33.4% (16 cases) originated from vulnerabilities in the project itself that were exploited by attackers, 20.8% (10 cases) originated from rugpull, and phishing attacks accounted for the majority, accounting for 45.8% (22 cases), most of which were due to phishing links released by hackers after discord / twitter and other media platforms were hacked.
        With the passage of time, attacks by lawless elements have become increasingly rampant. According to the report released by trmlabs, in May and June, chainabuse, a fraud reporting platform led by the trmlabs community, received more than 100 reports on discord hacking attacks; Since May, NFT community has lost about 22 million US dollars; In June, hackers released NFT related phishing attacks in discord, which was hacked, with a year-on-year increase of 55%. With the development of blockchain, it has entered a situation in which Ethereum is the core and multiple chains coexist. The asset transfer between chains and the cross chain interaction of smart contracts have become the daily activities on the chain. The status of cross chain bridge as the infrastructure of blockchain has become more and more prominent.
        According to data from duneanalytics, as of June 30, the total locking value (TVL) of 15 main cross chain bridges in Ethereum was about US $8.39 billion. At present, the highest TVL is polygonbridges (US $3.5 billion), followed by arbitrumbridge (US $1.893 billion), followed by avalanchebridge (US $1.241 billion). Due to the large amount of liquidity, low degree of decentralization, and the characteristics of multi signature wallets, the cross chain bridge has become a "hot cake" in the eyes of hackers. According to the statistics of slowmisthacked, as of June 30, there were 7 cross chain bridge security incidents, with a loss of US $1.043 billion, accounting for 64% of the total loss of defi in the first half of the year and 53% of the total loss in the first half of the year.
        It is worth noting that in the first half of the year, three of the four incidents with losses of hundreds of millions of dollars came from cross chain bridges. As an important infrastructure of Multi Chain ecology, the cross chain bridge, on the one hand, undertakes a huge amount of capital flow and brings great convenience to users; on the other hand, it faces many challenges in terms of security and decentralization, which requires the project party to improve its security and risk control capabilities. The cryptocurrency industry has been in the regulatory vortex, and the first one to bear the brunt is the cryptocurrency trading platform. The analysis of security accidents on the trading platform is as follows: take binance, the platform with the largest trading volume in the world, for example. Since 2021, binance has received regulatory warnings from dozens of countries and regions, including Europe, America and Asia.
        Under the strong global regulatory signal, binance has successively obtained regulatory licenses and registered in Spain, France, Abu Dhabi, Dubai, Italy, Bahrain and other countries or regions, gradually promoting its compliance process. On January 9, the LCX technical team detected an unauthorized access on the LCX trading platform, and a total of about 7.94 million US dollars of encrypted assets were stolen. On January 17, a few users suffered unauthorized withdrawals, resulting in a loss of about 34 million US dollars, including 4836.26eth, 443.93btc and other cryptocurrencies of about 66200 US dollars. On February 8, the lockbit blackmail software Gang claimed that it had stolen a large amount of customer data from the cryptocurrency trading platform paybito.
        On February 12, irafinancial trust, which provides independent retirement accounts in South Dakota, filed a lawsuit against Gemini, a crypto trading platform, accusing Gemini of stealing 36 million US dollars of crypto assets held by Gemini and belonging to the customer's retirement accounts. The slow fog security team recommends that all major trading platforms improve their internal management and technical mechanisms, and strengthen the security protection of digital assets by introducing security audit mechanisms, zero trust mechanisms, and hot and cold asset security solutions. Illegal elements are interested in the anonymity of cryptocurrency. Blockchain has become a new outlet of network black industry, showing an increasingly obvious trend of organization and specialization. "Blackmail", "fraud" and "theft" have become a huge security threat to cryptocurrency.
        According to the data of the payment and Settlement Department of the people's Bank of China, among the payment methods of the money involved in fraud in 2021, the use of cryptocurrency is second only to bank transfer, ranking as high as US $750 million; However, in 2020 and 2019, it was only US $130 million or US $30 million, with an obvious trend of substantial growth year by year. It is worth noting that cryptocurrency transfer is growing rapidly in the "pig killing plate" fraud. In 2021, US $139 million of the swindled funds of "slaughtering dish" were paid in cryptocurrency, which was 5 times that of 2020 and 25 times that of 2019. In the above 187 security incidents, the attack methods are mainly divided into four categories: attacks caused by the design defects of the project itself and various contract loopholes; Scam including rugpull and fishing attacks; Asset loss caused by private key leakage; Front end malicious attacks, these four main attack methods account for 95% of the total number of security incidents.
        In the first half of the year, there were 92 attacks caused by the project's own design defects and various contract loopholes, resulting in a loss of 1.06 billion US dollars, including 19 attacks caused by lightning loans, resulting in a loss of 61.33 million US dollars. The asset loss rate caused by private key theft was about 4%, but the loss amount reached US $720 million. With the rapid development of Web3, attacks against users and developers emerge in an endless stream, especially phishing attacks against media platforms such as discord and twitter. Hackers usually disguise themselves as administrators and publish phishing links after obtaining administrator or account permissions. Moreover, the production cost of these phishing websites is very low. After copying the well-known NFT projects, the users are induced to authorize through the words of "free" and "free", so as to transfer the user's assets.
        While rugpull is the initiative of the project party. In the first half of the year, there were 42 rugpull incidents, most of which occurred in the BSC chain. Although the blockchain technology is rapidly developing and gradually improving in 2022, the endless cryptocurrency attacks pose new challenges to the ecological security situation of the blockchain. According to the statistical data, the months with more safety incidents in the first half of the year are mainly may and June; From the ecological point of view, security incidents occur most frequently on BSC; From the point of view of the track, the cross chain bridge suffered the most losses. For institutions and enterprises, it is better to establish a comprehensive network security protection system to protect network security threats from all levels, and quickly obtain security information including viruses and Trojans, phishing and fraud, network security early warning and vulnerability report through the threat perception system. Once a security threat occurs, it can be handled in a timely manner.
        Here, it is highly recommended to read and master China's first blockchain textbook, blockchain technology and application (), published by higher education press. The development of blockchain has a long way to go. It is expected that with the continuous improvement of the industry, the blockchain can burst out greater strength and go to a larger stage. Return to Sohu and see more.
Previous:A week of mutual gold, blockchain concept stocks raised the trading limit; The whole family bucket of KFC in Canada can be paid in bitcoin
Next:No more

Related articles:

© 2005-2032 | Blockchain Circle & & All Rights Reserved    Sitemap1 Sitemap2 If there is infringement, please contact us at: