On January 28, 2022, the world’s leading blockchain security company – Fairyproof released Review of Blockchain Security in Year 2021（Hereinafter referred to as＂Report＂）． The report studied 189 publicly-reported security incidents that took place in 2021 and manifested its statistics and analysis based on the suffering targets and root causes.
The main reason for the frequent occurrence of DeFi attacks is the accumulation of huge amounts of assets. In the face of temptation, hackers will inevitably find ways to attack. Hence, no matter what part of the code goes wrong, it will be exploited by hackers. From a hacker’s point of view, an attack on the blockchain ecosystem is an ideal means. Because these systems are anonymous, the industry currently lacks technical regulation. This allows cybercriminals to profit by attacking less secure DeFi projects.
＂A coin has two sides. On one hand, we saw and experienced the boom of the cryptocurrency ecosystem and on the other hand, we experienced its dark side as well. Security issues were definitely its dark side.＂ said Mr.Tan， The Fairyproof CEO.＂There were 189 publicly-reported security incidents taking place in 2021. And more than 7.6 billion USDs of crypto-assets were exploited. These exploits not only caused huge losses to crypto holders but also extremely hindered the whole ecosystem’s long-term development. We studied these 189 incidents and compose our findings, analysis, and best practices in this report. We hope that through this report, we can help blockchain developers and users manage the risks brought by blockchain.＂
- Attacks from hackers were still the main threat to the whole crypto industry. With regard to the suffering types, attacks from hackers accounted for nearly 90% of the total incidents.
- Although the number of front-end related incidents didn’t account for a great percentage, there were cases each of which suffered a huge loss. For example, Vulcan Forged lost $140 million, BadgerDAO lost $120 million and Farmer World lost $15.70 million.
- Although the number of incidents that suffered from missing validation for access control was far less than the number of incidents that suffered from flash loan attacks, the amount of loss of the former was far more than the latter.
- The biggest challenges in security were flash loan attacks, missing validation for access control, and rug-pulls. These threats widely existed in smart contracts.
In the report, Fairyproof introduces its technological superiority and solutions to these threats. Firstly, a vulnerability detection system， in order to automatically monitor a project’s vulnerabilities, especially those related to flash loans, and validation for access control. The other one, is a token variance detection system, in a bid to automatically identify the variances of a token’s implementation to discover potential issues or risks based on the existing token standards specifically in the Ethereum ecosystem.
Additionally, Tan said, “In the report, there is an important section presenting some best practices to help both blockchain developers and users manage the risks posed by the incidents that happened in 2021 and support coordinated and efficient response to cryptocurrency security incidents. Both blockchain developers and users are recommended to apply these practices to the greatest extent possible based on the availability of their resources.”
Fairyproof, a pioneering blockchain security company with the slogan of Make It a Safer Place, was established in 2021 by a group of passionate blockchain experts who have been actively developing blockchain security solutions and Ethereum standards. Fairyproof, a pioneering blockchain security company, was established in 2021 by a group of passionate blockchain experts who have been actively developing blockchain security solutions and Ethereum standards.
For more updates, please consult the following channels:
Website – https://www.fairyproof.com
Telegram – https://t.me/Fairyproof_tech
Twitter – https://twitter.com/FairyproofT