Cointime

Cointime

Download App
iOS & Android

Review of Blockchain Security in Q4 2022

Validated Project

OVERVIEW

Overall, the crypto market witnessed a bear market through Q4 2022. Despite the bear market, attacks against the crypto ecosystem were still active. Crypto assets worth around US$587.57 million were exploited from October 2022 to December 2022.

Fairyproof studied 101 publicly reported security incidents that occurred in Q4 2022. This report is composed of findings, analysis and best practices of these incidents.

Overall, the crypto market witnessed a bear market through Q4 2022. Despite the bear market, attacks against the crypto ecosystem were still active. Crypto assets worth around US$587.57 million were exploited from October 2022 to December 2022.

Fairyproof studied 101 publicly reported security incidents that occurred in Q4 2022. This report is composed of findings, analysis and best practices of these incidents.

BACKGROUND

Before proceeding, the following terms and technologies are introduced in this report:

CCBS

CCBS stands for “Centralized Crypto or Blockchain Service”. A CCBS refers to a platform or service that provides crypto or blockchain related products or services, and is run by a conventional / centralized organization, entity or company such as conventional crypto exchanges (eg. Binance or Tether).

FLASHLOAN

Flash loans are a popular feature that hackers utilize when attacking EVM-Compatible smart contracts. Flash loans were developed by the team behind the famous DeFi application AAVE [1]. This feature “allows users to borrow any available amount of assets without putting up any collateral, as long as the liquidity is returned to the protocol within one block transaction” [2]. Flash loans are quite often used to borrow ERC-20 tokens [3] and attack DeFi applications. To initiate a flash loan, users will need to write a contract that borrows an available amount of assets and pay back the loan + interest + necessary fees all within the same transaction.

CROSS-CHAIN BRIDGE

A cross-chain bridge is an infrastructure that connects multiple independent blockchains and enables an exchange of cryptos, data or information from one blockchain to another.

As more blockchains have their own ecosystems, cryptos and dApps, the need for exchanging cryptos or data across different blockchains becomes increasingly high while the volume of cross-chain transactions dramatically increase. This causes cross-chain bridges to suffer more attacks.

FOCUS OF THIS REPORT

In this report we list our statistics collected from typical security incidents that happened in the blockchain industry in Q4 2022, give an in-depth analysis of their root causes, and present our recommended best practices.

STATISTICS AND ANALYSIS OF SECURITY INCIDENTS OF Q4 2022

We studied 101 publicly reported security incidents that occurred in Q4 2022 and present our statistics and analysis based on the targets and root causes.

In Q4, 2022 the total value of the exploited assets was US $587.57 million and the overall market cap of the cryptocurrency according to Tradingview was US $756.15 billion. The value of the exploited assets accounted for 0.08% of the total market cap of the cryptocurrency.

INCIDENTS CATEGORIZED BY TARGETS

Our researched incidents can be categorized into four types of targets:

  1. CCBS
  2. Blockchains
  3. DApps
  4. Cross-chain Bridges

A CCBS-related incident is one in which a centralized crypto or blockchain service platform is attacked by hackers resulting in the failure of its services or a loss of crypto assets under its custody.

A blockchain-related incident is one where a blockchain mainnet, side chain or layer 2 is attacked by malicious actors from inside, outside, or both, resulting in its operation going out of order, or that a blockchain fails to work properly due to issues related to software, hardware, or both. Attackers will then be able to exploit the consensus for profits.

A dApp-related incident is one where a dApp’s daily operation goes out-of-order or is attacked, leaving it open for attackers to exploit users and crypto assets under the custody of the dApp.

A cross-chain bridge-related incident occurs when a cross-chain bridge is attacked resulting in a loss of crypto assets under its custody or a failure of the exchange function between multiple blockchains.

There were 101 incidents in total. Here is a figure that shows the percentage for each of these targets respectively.

The number of dApp-related incidents account for more than 84.16% of the total incidents. Out of 101 incidents, 9 were CCBS-related, 3 were blockchain-related, 4 were cross-chain bridge-related, and 85 were dApp-related.

BLOCKCHAIN-RELATED INCIDENTS

Incidents that had occurred in blockchains can be further categorized into three sub-categories:

  1. Blockchain mainnets
  2. Side chains
  3. Layer 2 solutions

A blockchain mainnet, also known as layer 1, is an independent blockchain that has its own network with its own protocol, consensus, and validators. A blockchain mainnet can validate transactions, data, and blocks generated in its network by its own validators and reach a finality. Bitccoin and Ethereum are typical blockchain mainnets.

A side chain is a separate, independent blockchain which runs in parallel to a blockchain mainnet. It has its own network consensus and validators. It is connected to a blockchain mainnet (eg. by a two-way peg [4]).

A layer 2 solution refers to a protocol or network that relies on a blockchain as its base layer (layer 1) for security and finality [5]. Its main purpose is to solve scalability issues of its base layer. It processes transactions faster and costs less resources compared to its base layer. Since 2021, there has been a huge surge in the growth and development of layer 2 solutions for the Ethereum ecosystem.

Both side chains and layer 2 solutions exist to solve the scalability issues of a blockchain mainnet. The significant difference between a side chain and a layer 2 solution is that a side chain does not necessarily rely on its blockchain mainnet for security or finality whereas a layer 2 solution does.

There were 3 blockchain-related incidents in total in Q4 2022. The figure below shows the percentages of blockchain mainnet related incidents, side-chain related incidents, and layer 2 related incidents respectively.

The number of blockchain mainnet related incidents and layer 2 related incidents account for 33.33% (1) and 66.67% (2) of the total incidents respectively. No prominent side-chain related incidents were covered in our statistics. The layer 2 solutions that were attacked were Loopring [6] and zkSync [7], while the attacked blockchain mainnet was ZCash [8].

DAPP RELATED INCIDENTS

Among the 85 incidents that occurred toward dApps, 5 were rug-pulls, 39 were involved in exploitations and 41 were directly attacked. An attack against a dApp can specifically target its front-end, server side, or smart contract(s). We can therefore further classify these 41 incidents into three sub-categories:

  1. dApp’s front-end
  2. dApp’s server side
  3. dApp’s smart contract(s)

dApp’s front-end related incidents refers to events where vulnerabilities from the conventional client side are exploited, compromising on the account information and personal details of users which can be used to steal their crypto assets.

dApp’s server side related incidents are those where vulnerabilities present in the conventional server side are exploited, leaving on-chain and off-chain communication open for hijacking and crypto assets of users open for exploitation.

Smart contract related incidents refer to vulnerabilities in a smart contract’s design or implementation, which are leveraged to exploit crypto assets from users.

Here is a figure that shows the percentages of front-end, server-side and smart contract related incidents respectively.

The above figure shows the number of smart contract related incidents, server side related incidents, and front-end related incidents, accounting for 97.56%, 0%, and 2.44% of the total incidents respectively. Among 41 incidents, 1 was front-end related and 40 were smart contract related.

We further studied the amount of loss incurred from these sub-categories. Our study showed that the amount of losses in both front-end related incidents and server-side related incidents were 0, and the amount of loss in smart contract related incidents was US $83.36 million.

It is clear that smart contract related incidents were the biggest issue. Typical vulnerabilities we found pertaining to smart contracts in Q4 2022 include logic vulnerabilities, private key leaks, flash loans, re-entrancy attacks, and more.

We studied the 40 incidents in which smart contracts were directly attacked and derived the following figure based on vulnerability types:

The figure shows that the number of incidents with the highest percentages were flashloans and logic vulnerabilities. Logic vulnerabilities mainly include missing validations for parameters, missing validation for access control, etc. 11 projects suffered from flashloan attacks and 11 suffered from logic vulnerability attacks as well.

The following figure illustrates the amount of loss for each vulnerability type:

It is interesting to note that although the number of incidents that suffered from flash loans were the most, the amount of loss it caused only ranked fifth. 11 incidents were caused by flash loans, totaling a loss of US $4.73 million. The rank comes from 11 incidents caused by logic vulnerabilities totaling a loss of US $141.42 million, accounting for 74.72% of the total loss. Meanwhile, 5 incident caused by private key leaks totaled a loss of US $11.51 million and accounted for 6.08% of the total loss, ranking third.

INCIDENTS CATEGORIZED BY ROOT CAUSES

The root cause of these incidents can be categorized into the following:

  1. Attacks from hackers
  2. Rug-pulls
  3. Misc.

We studied these incidents and got the following figure.

The above figure shows that the number of attacks from hackers, rug-pulls and misc. incidents accounted for 93.07% (94), 4.95% (5) and 1.98% (2) of the total incidents respectively.

We studied the amount of loss of each category of incidents based on the root cause and got the following figure:

The above figure shows that the amount of loss in the incidents that suffered from attacks and the amount of loss in rug-pull incidents each accounted for 99.12% and 0.88% of the total loss respectively. The amount of loss in the incidents that suffered from attacks was US $582.41 million and the amount of loss in rug-pull incidents was US $5.16 million. This reveals that attacks from hackers posed the largest threat to the whole crypto ecosystem in Q4 2022.

ATTACKS FROM HACKERS

We studied the targets the hackers attacked and got the following figure:

The figure above shows that the number of attacks on dApps, CCBSs, cross-chain bridges and blockchains accounted for 84.16% (85), 8.91% (9), 3.96% (4) and 2.97% (3) respectively.

After we studied the amount of loss in each of them we got the following figure:

The amount of loss in attacks on CCBSs, cross-chain bridges, dApps and blockchains were 66.51%, 17.92%, 15.56% and 0.21%, resulting in a loss of US $390.82 million, US $105.3 million, US $91.45 million and US $1.26 million respectively.

RUG-PULLS

All rug-pulls that happened in Q4 2022 were against dApps. There were 5 incidents totaling a loss of US $5.16 million which were not as severe as losses caused by attacks.

RESEARCH FINDINGS

CCBS systems were the most prominent target for attacks in Q4 2022. Although the number of CCBS incidents only accounted for 8.91% of the total, the amount of loss in the CCBS incidents accounted for 66.51% of the total amount of loss and far surpassed the amount of loss in any other incidents. Among all the CCBS incidents the biggest one was when FTX’s crypto assets were abnormally transferred away. This incident was suspected to be closely related to FTX’s crash.

Compared to the data Fairyproof collected for Q3 2022, the number of attacks on cross-chain bridges rose a little bit. However the amount of loss in attacks on cross-chain bridges rose greatly, nearly tripling the loss in Q3. Clearly, cross-chain bridges were still a big honeypot to hackers. They still have a lot of challenges to face and issues to fix before they can show users confidence in security and safety 

Hackers proved to remain as the main threat to the crypto industry, accounting for 93.07% among all incidents. It far surpassed any other root causes such as rug-pulls, etc.

A dApp consists of three parts: a front-end, a server-side and smart contracts. Either one or multiple parts are targeted during dApp attacks. According to our statistics, smart contract(s) accounted for an extraordinarily higher percentage of attacks compared to the front-ends and server sides with regard to both attack frequencies and amount loss in Q4 2022. This shows that attacks on smart contracts still posed as the biggest threat to dApps. However, it is worth noting that the number of attack against smart contracts had increased greatly compared to that in Q3 2022, nearly doubling the number of attacks and quintupling the amount of loss.

All rug-pulls in Q4 2022 were dApps.

Finally, for smart contract related incidents, we found the number of attack sub-categories (except the misc incidents) to be ranked as the following:

Rank 1: Flashloan and logic vulnerability

Rank 2: Private key leaked

Rank 3: Re-entrancy attack.

In contrast, the amount of loss in the incidents that suffered from logic vulnerabilities far surpassed any one of these ranks.

TENTATIVE THOUGHTS

Both the number of attacks on layer 2 solutions and the amount of loss in these attacks decreased dramatically compared to that of Q3 2022. However, we don’t think this means the overall security situation of layer 2 solutions improved very much in Q4.

In addition, more project teams rushed to or planned to jump in the Zero Knowledge (zk) related applications including zk-rollup solutions for Ethereum, zk related social applications, and more. We think there will be an increasing demand for audits of zk related applications.

BEST PRACTICES TO PREVENT SECURITY ISSUES

In this section we present some best practices to help both blockchain developers and users manage the risks posed by the incidents that happened in Q4 2022, and support coordinated and efficient response to crypto security incidents. We would recommend both blockchain developers and users to apply these practices to the greatest extent possible based on the availability of their resources.

Note: “Blockchain developers” refers to both developers of blockchains and developers of dApps, and blockchains or systems pertaining to crypto cyrrencies. Here, “blockchain users” refer to everyone that participates in activities pertaining to crypto system’s management, operation, trading, etc.

FOR BLOCKCHAIN DEVELOPERS

Developers of cross-chain bridges need to pay closer attention to the bridges’ security as cross-chain transactions become increasingly popular. Cross-chain bridge solutions include handling of operations – not only on-chain but also off-chain. Naturally, the off-chain part would be more vulnerable to attacks. Hence, security solutions for cross-chain bridges should be particularly capable of handling off-chain activities safely and securely.

Awareness of security for layer 2 solutions should still be kept even though attacks on them were few with negligible losses as more layer 2 solutions will emerge in the coming years. Research and development for solutions to tackle security challenges in this area must be prompt.

A step to transfer an admin’s access control to a multi-sig wallet or a DAO to manage access control to crypto assets or critical operations is a must-have.

Attackers would employ flash loans to maximize their exploits when they detect vulnerabilities in smart contracts, including issues of re-entrancy, missing validations for access control, incorrect token price algorithm, and more. Proper handling of these issues should have the highest priority for a smart contract developer when designing and coding a smart contract.

Our statistics show that an increasing number of hackers have been using social media tools – especially Discord – to launch phishing attacks. This persisted through Q1, Q2, Q3 and Q4 and will very likely persist in 2023. Many users have suffered huge losses. Project developers and managers are advised to prioritize safely and securely managing social media accounts and finding security solutions for them on top of project implementation.   

FOR BLOCKCHAIN USERS

More users are varying their crypto portfolio across different blockchains. The demand for cross-chain transactions is rapidly increasing. Whenever a user participates in a cross-chain transaction, the user will have to interact with a cross-chain bridge – a popular target among hackers. Hence, before starting a cross-chain transaction, users are advised to investigate the bridge’s security condition and ensure they use a reliable, safe and secure bridge.

While it is necessary to pay great attention to the security for smart contracts when interacting with a dApp, the importance to also pay attention to the security of the user interface while exercising caution to detect suspicious messages, prompts, and behavior presented by the UI is increasing.

We strongly urge users to check whether a project has audit reports and read these reports before proceeding with further actions.

Use a cold wallet or a mutl-sig wallet where possible to manage crypto assets that are not for frequent trading. Be careful about using a hot wallet and make sure the hardware in which a hot wallet is installed is safe and secure.

Be cautious of a dApp where its team members are unknown or lack reputation. Such dApps may eventually be rug-pull projects. Be cautious of a centralized exchange which has not established a reputation or does not have tracked transaction data on third party media as it may also eventually prove to be rug-pull projects.

REFERENCES

[1] Aave. https://aave.com/

[2] Flash-loans.. https://aave.com/flash-loans/

[3] ERC-20 TOKEN STANDARD. https://ethereum.org/en/developers/docs/standards/tokens/erc-20/

[4] Sidechains. https://ethereum.org/en/developers/docs/scaling/sidechains/

[5] Layer-2. https://academy.binance.com/en/glossary/layer-2

[6] Loopring. https://loopring.org/#/

[7] zkSync. https://zksync.io/

[8] ZCash. https://z.cash/

Comments

All Comments

Recommended for you

  • American Bitcoin's Bitcoin reserves have increased by approximately 623 BTC in the past 7 days, bringing its current holdings to 4941 BTC.

    Emmett Gallic, a blockchain analyst who previously disclosed and analyzed the "1011 insider whale," posted on the X platform revealing updated data on the Bitcoin reserves of American Bitcoin, a crypto mining company supported by the Trump family. In the past seven days, they increased their holdings by about 623 BTC, of which approximately 80 BTC came from mining income and 542 BTC from strategic acquisitions in the open market. Currently, their total Bitcoin holdings have risen to 4,941 BTC, with a current market value of about 450 million USD.

  • The US spot Ethereum ETF saw a net outflow of $19.4 million yesterday.

    according to TraderT monitoring, the US spot Ethereum ETF had a net outflow of 19.4 million USD yesterday.

  • Listed companies, governments, ETFs, and exchanges collectively hold 5.94 million Bitcoins, representing 29.8% of the circulating supply.

    Glassnode analyzed the holdings of major types of Bitcoin holders as follows: Listed companies: about 1.07 million bitcoins, government agencies: about 620,000 bitcoins, US spot ETFs: about 1.31 million bitcoins, exchanges: about 2.94 million bitcoins. These institutions collectively hold about 5.94 million bitcoins, accounting for approximately 29.8% of the circulating supply, highlighting the trend of liquidity increasingly concentrating in institutions and custodians.

  • The Bank of Japan is reportedly planning further interest rate hikes; some officials believe the neutral interest rate will be higher than 1%.

    according to insiders, Bank of Japan officials believe that before the current rate hike cycle ends, interest rates are likely to rise above 0.75%, indicating that there may be more rate hikes after next week's increase. These insiders said that officials believe that even if rates rise to 0.75%, the Bank of Japan has not yet reached the neutral interest rate level. Some officials already consider 1% to still be below the neutral interest rate level. Insiders stated that even if the Bank of Japan updates its neutral rate estimates based on the latest data, it currently does not believe that this range will significantly narrow. Currently, the Bank of Japan's estimate for the nominal neutral interest rate range is about 1% to 2.5%. Insiders said that Bank of Japan officials also believe there may be errors in the upper and lower limits of this range itself. (Golden Ten)

  • OKX: Platform users can earn up to 4.10% annualized return by holding USDG.

    According to the official announcement, from 00:00 on December 11, 2025 to 00:00 on January 11, 2026 (UTC+8), users holding USDG in their OKX funding, trading, and lending accounts can automatically earn an annualized yield of up to 4.10% provided by the OKX platform, with the ability to withdraw or use it at any time, allowing both trading and wealth management simultaneously. Users can check their earnings anytime through the OKX APP (version 6.136.10 and above) - Assets - by clicking on USDG. Moving forward, the platform will continue to expand the application of USDG in more trading and wealth management scenarios.

  • The Federal Reserve will begin its Reserve Management Purchase (RMP) program today, purchasing $40 billion in Treasury bonds per month.

     according to the Federal Reserve Open Market Committee's decision on December 10, the Federal Reserve will start implementing the Reserve Management Purchase (RMP) program from December 12, purchasing a total of $40 billion in short-term Treasury securities in the secondary market.

  • Bitcoin treasury company Strategy's daily transaction volume has now surpassed that of payment giant Visa.

    according to market sources: the daily trading volume of Bitcoin treasury company Strategy (MSTR) has now surpassed the payment giant Visa.

  • The US spot Bitcoin ETF saw a net outflow of $78.35 million yesterday.

    according to Trader T's monitoring, the US spot Bitcoin ETF had a net outflow of $78.35 million yesterday.

  • JPMorgan Chase issues Galaxy short-term bonds on Solana network

     JPMorgan arranged and created, distributed, and settled a short-term bond on the Solana blockchain for Galaxy Digital Holdings LP, as part of efforts to enhance financial market efficiency using underlying cryptocurrency technology.

  • HSBC expects the Federal Reserve to refrain from cutting interest rates for the next two years.

    HSBC Securities predicts the Federal Reserve will maintain interest rates stable at the 3.5%-3.75% range set on Wednesday for the next two years. Previously, Federal Reserve policymakers lowered rates by 25 basis points with a split vote. The institution's U.S. economist Ryan Wang pointed out in a report on December 10 that Federal Reserve Chairman Jerome Powell was "open to the question of whether and when to further cut rates at next year's FOMC press conference." "We believe the FOMC will keep the federal funds rate target range unchanged at 3.50%-3.75% throughout 2026 and 2027, but as the economy evolves, as in the past, it is always necessary to pay close attention to the significant two-way risks facing this outlook."

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company