Global Blockchain Ecosystem Security Analysis for Q3 2022: Total Losses Approximately $405 Million

In the third quarter of 2022, global Blockchain ecosystem security incidents occurred frequently, resulting in total losses of approximately $405 million. Although the number of attack incidents decreased compared to the previous quarter, the security situation remains severe.

Overview of Major Security Incidents

This quarter, there were more than 37 major attack incidents, among which the three with the highest losses are:

1. The Nomad cross-chain bridge was attacked, resulting in a loss of approximately $190 million.
2. Wintermute suffered a hack, resulting in a loss of approximately $160 million.
3. Harmony cross-chain bridge Horizon was attacked, resulting in a loss of approximately $100 million.

The losses from these three incidents account for over 85% of the total losses for this quarter, highlighting the significant impact that a single event can have.

Analysis of Attacked Project Types

In the attacked projects, cross-chain bridges and decentralized finance ( DeFi ) projects became the main targets, accounting for 92% of the total loss amount. The specific distribution is as follows:

• Cross-chain bridge project: a loss of approximately $291 million, accounting for 72%
• DeFi project: loss of about 80 million USD, accounting for 20%
• Other types of projects: losses of approximately $34 million, accounting for 8%

This data indicates that cross-chain bridges and DeFi projects remain key targets for hacker attacks, requiring more security measures.

Affected Chain Analysis

The Ethereum network has become the most severely attacked Blockchain, with losses amounting to $374.28 million, accounting for 92% of total losses. Other attacked Blockchains include BNB Chain, Harmony, Avalanche, etc. This phenomenon is closely related to Ethereum's status as the main DeFi ecosystem.

Attack Method Analysis

The attacks this quarter were mainly focused on two methods:

1. Exploit of contract vulnerabilities: Caused a loss of approximately $213 million, accounting for 53%.
2. Private key leakage: resulted in a loss of approximately $159 million, accounting for 39%.

Other attack methods such as permission management issues and flash loan attacks account for a relatively small proportion. This indicates that smart contract security and private key management are still key security areas that blockchain projects need to focus on.

Stolen Fund Flow

Approximately $204 million of the funds stolen this quarter flowed into the Tornado Cash mixer. This amount accounts for about 50% of the total losses, indicating that hackers tend to use mixing services to hide the flow of funds.

Project Security Audit Status

Data shows that only 40% of the attacked projects underwent security audits before the incidents occurred. This ratio reflects that blockchain projects still have a significant room for improvement in terms of security audits. Although security audits cannot completely eliminate risks, they can effectively reduce the likelihood of projects being attacked.

Conclusion and Recommendations

The blockchain security incidents in the third quarter of 2022 once again highlighted the security challenges faced by the industry. To improve project security, the following measures are recommended:

1. Strengthen the security auditing of smart contracts, especially for cross-chain bridges and DeFi projects.
2. Improve the private key management mechanism and enhance security by adopting technologies such as multi-signature.
3. Regularly conduct security vulnerability scans and fixes
4. Enhance the team's security awareness and establish a comprehensive security response mechanism.
5. Consider introducing an insurance mechanism to provide additional protection for user assets.

With the continuous development of Blockchain technology, security issues will continue to be the focus of industry attention. Only by continuously improving security standards can we lay a solid foundation for the healthy development of the Blockchain ecosystem.