Blockchain Security Analysis Report for the First Half of 2023

Blockchain Security Report H1 2023

Author: Bit Jungle

Preface

As digitalization continues to deepen, blockchain technology has become an important driving force in many fields. It has not only brought disruptive changes to traditional industries such as finance, healthcare, and logistics, but also brought more open and transparent experiences to participants. However, as blockchain technology is widely used, security issues related to it have become increasingly serious. In recent years, blockchain security incidents have occurred frequently, causing huge losses not only to individuals and businesses, but also posing challenges to the development of blockchain technology.

This report combs and analyzes the blockchain security incidents in the first half of 2023, aiming to explore the hidden dangers of blockchain security, analyze the causes of blockchain security incidents, and propose corresponding solutions and suggestions. We hope that this report will arouse the attention of all parties to blockchain security issues, promote the safe development of blockchain technology, and lay a solid foundation for the future of the digital world.

Overview of Economic Losses from Security Incidents

In the first half of 2023, a total of 192 major attack incidents occurred, with a total loss of about 920 million US dollars.

  • There were 4 security incidents with losses exceeding 100 million US dollars:

· Euler Finance lightning loan attack resulted in a loss of 197 million US dollars

· Blockchain for dog nose wrinkles fraudulent project caused a loss of 127 million US dollars

· BonqDAO & AllianceBlock price manipulation caused a loss of 120 million US dollars

· Atomic Wallet wallet was hacked resulting in a loss of 100 million US dollars

  • There were 12 events with losses in the range of 10 million US dollars to 100 million US dollars.

  • There were 40 events with losses in the range of 1 million US dollars to 10 million US dollars.

Overview of Attack Methods

According to the analysis of attack methods used in security incidents, the most frequent attack methods are Rug Pull and contract vulnerabilities, both of which occurred 32 times. The second most frequent is lightning loan attacks, which occurred 20 times, accounting for 14.93% of all events.

Among the top eight attack methods, the Lightning Loan suffered the largest losses, causing a total of $250 million in losses. Following that is blockchain scams, which occurred only seven times but led to losses of $230 million.

While contract vulnerabilities and Rug Pull occurred relatively frequently, accounting for 47.76% of all attack methods, their losses were far less than the first two, totaling only $66.49 million. The high occurrence rate and huge losses of these attack methods once again highlight the risks in the cryptocurrency market. Although blockchain technology has great potential and application prospects, it still faces security risks and technical challenges.

Rug Pull incidents occur frequently, with 75% of projects running away with less than $10 million and 28% with less than $1 million. Such projects usually lack information on their official website, Twitter, Telegram, Github, and have no Roadmap or white paper. The information of team members is suspicious, and the project runs away within three months from its launch to the end.

The losses caused by such security incidents cannot be ignored, and it is necessary to strengthen the investigation of project background, improve the awareness of preventing unfamiliar information, and enhance the prevention ability through early prevention to avoid losses.

Overview of the types of attacked projects in security incidents

1 On-chain Application

On-chain Application, also known as Decentralized Application (DApp), is an application built on blockchain or distributed ledger technology. It uses the characteristics and functions of blockchain for data storage, transaction processing, and smart contract execution.

  • In the first half of 2023, On-chain Applications had 157 security incidents, accounting for 81% of the total number of incidents. The total loss amount of On-chain Applications reached $740 million, accounting for 79% of the total loss amount. On-chain Applications are the type with the highest frequency of attacks and the most losses in the first half of the year.

  • The security incidents of On-chain Application types occurred at almost the same frequency in the first six months, and the top three reasons for security incidents were Rug Pull, contract vulnerabilities, and Twitter being hacked.

Suggestion:

  • The project team must fully consider the security of the project when designing and building it, and check whether the verification function can be bypassed or whether there are defects while implementing the functionality. A security audit should be conducted prior to project launch.

  • Users should carefully investigate and make decisions from multiple angles before using applications on the investment chain and invest cautiously.

2 Exchange

An exchange is a platform or institution that provides digital asset trading and transaction services. It allows users to exchange one digital asset (such as Bitcoin, Ethereum, etc.) for another digital asset, or to buy or sell digital assets with fiat currency (such as US dollars, euros, etc.).

  • In the first half of 2023, exchanges ranked second in terms of the number of security incidents, with a total of 11 security incidents in the exchange sector, resulting in a loss of $73.18 million. The main reason for the attack was a contract vulnerability.

  • Security incidents related to exchanges occur every month, and the amount of losses due to security incidents is also not small.

Suggestions:

  • Users should be careful when dealing with phishing and malicious links: avoid clicking on untrusted links, especially links received through email or social media.

  • Regularly check account activity; do not store all funds in one place; update and protect devices; choose a trusted security company to conduct advance audits.

3 Public Chain/Side Chain

A public blockchain is a consensus blockchain that anyone in the world can enter and read at any time, and anyone can send transactions and get valid confirmations. A sidechain is a blockchain parallel to the main chain, which can be understood as an extension protocol of the blockchain, in order to meet specific business needs, such as cross-chain asset exchange, private chain extension, and blockchain solutions for specific industries.

  • In the first half of 2023, public chains/side chains ranked third in terms of the number of security incidents. The main reason for the attack was a smart contract vulnerability.

Suggestions:

  • Choose a reliable consensus mechanism.

  • Use secure encryption algorithms to generate and store keys, and use multi-signature technology to increase the security of transactions.

  • Conduct regular security audits, including code reviews, security testing, and vulnerability scanning, to identify potential security vulnerabilities and weaknesses.

4 Cross-Chain Bridge

A Cross-Chain Bridge is a technical solution that allows for the transfer of digital assets between different blockchain networks. Cross-chain bridges typically lock or destroy tokens in the originating chain’s smart contract, and unlock or mint tokens through another smart contract on the target chain. Cross-chain communication essentially requires balancing security, trust, and flexibility. Due to the complexity of these factors, cross-chain bridges have become a primary target for attacks in the Web3 space.

  • In the first half of 2023, there were 8 cross-chain bridge security incidents resulting in a loss of $11.37 million.

  • In 2022, 12 cross-chain bridge security incidents resulted in losses of approximately $1.89 billion, ranking first among all project types in terms of losses. Compared to last year, cross-chain bridges have experienced a more serious trend of development with 7 security incidents occurring in the first half of this year, and 10 security incidents occurring with the recent Poly Network and Multichain events. The main reasons for the attacks were smart contract vulnerabilities, flash loans, and so on.

Recommendations:

  • When designing cross-chain message transmission protocols, project parties should prioritize security.

5 Wallets

A blockchain wallet is an important component of a blockchain, it is a digital currency storage and management tool that allows users to securely store, receive, and send various cryptocurrencies such as Bitcoin, Ethereum, and other tokens. Wallet security has always been a hot topic in the blockchain industry. Once a wallet is attacked, attackers can easily steal sensitive information such as users’ private keys and mnemonic phrases, and then take control of users’ digital assets. The value of these digital assets can be very high, and once stolen, the losses can be very significant. Therefore, in order to maximize the security of users’ digital assets, we recommend that users take some security measures.

  • In the first half of 2023, the number of wallet attacks was relatively small compared to other types, but when wallets are attacked, the losses are higher. For example, the Atomic and MyAlgo wallet incidents resulted in losses of up to $109 million from two attacks.

  • The third most common type of event in terms of total number is wallets, with most incidents in this category resulting from leaks of private keys and mnemonic phrases.

Recommendations:

  • Choose a trusted wallet provider: Choose a wallet provider with a good reputation and reliable track record. Make sure you understand their security practices, such as how they protect user data and sensitive information like private keys.

  • Use two-factor authentication: Enabling two-factor authentication can increase the security of your account. This method requires you to enter a second form of authentication, such as a verification code or fingerprint recognition, in addition to your username and password when logging in.

  • Do not share your private keys: Private keys are proof of ownership of your cryptocurrency. Do not share your private keys with anyone, including wallet providers. If someone asks you to provide your private keys, it is likely a scam.

  • Regularly back up your wallet: Regularly backing up your wallet can ensure that you can recover your cryptocurrency in case your wallet is lost or attacked. You can save backups in a secure location, such as an offline device or hardware wallet.

  • Handle unknown emails or messages with care: Do not open or download emails or messages from unknown sources. These may contain malware or links that can lead to attacks on your wallet.

  • Ensure that your computer and mobile devices are secure: Ensure that your computer and mobile devices have the latest antivirus and security updates to protect your devices from attacks.

  • Avoid using unknown Wi-Fi networks in public places, as these networks may be insecure and may be used by hackers to attack your wallet.

  • Ensure that your wallet software is up-to-date: Ensure that your wallet software is the latest version. Newer versions often contain security updates and fixes that can help protect your wallet from attacks.

  • Stay up-to-date on the latest information about wallet security: Stay informed about the latest information and events related to wallet security to help you stay aware of wallet security and take appropriate preventive measures.

Summary of Blockchain Security Incidents in the First Half of 2023

Through the analysis of blockchain security incidents in the first half of 2023, it was found that chain applications were the most frequently attacked and the most costly project type in the first half of the year. In the field of chain applications, there were 157 security incidents, of which 32 were based on contract vulnerabilities.

Faced with frequent security incidents, developers should further follow secure coding practices, audit contract code, use mature security libraries, and other measures to protect user rights. As a user who uses smart contracts, one should also carefully choose contracts and check their code and security before using them. Choose a professional security company for auditing. When security incidents occur, users can do very little. Only by continuously improving their security awareness, discovering vulnerabilities in advance, solving vulnerabilities, and taking preventive measures can they avoid being attacked as much as possible.

The information provided in this report is for reference and research purposes only. The information comes from public channels. The author has tried his best to verify the accuracy and completeness, but cannot guarantee its accuracy and completeness, nor does he assume any responsibility for any loss or damage caused by the use or reliance on this information. This report should not be regarded as a recommendation or suggestion for any specific blockchain project or cryptocurrency investment, and readers should conduct their own research and decision-making. The content of this report cannot replace the reader’s judgment and decision-making, nor can it guarantee the continued existence or implementation of the stated situation.

How to change the music album for ERC-6551?
Interview with ERC6551 founder: Full decent...
Starbucks has been exploring Web3 for half ...
a16z’s Latest Revelation: How Success...
DigiFT Research Report: Two Paths for Maker...
On-chain intelligence platform Arkham is ab...
Views

Views

Gain diverse perspectives and expert insights on blockchain's impact on society, economics, and governance, illuminating the potential opportunities and challenges that lie ahead.