BEOSIN’s Review — Losses From Crypto Attacks Reach $15.3 Billion in 2021

BEOSIN
5 min readJan 6, 2022

The past year 2021 has seen a great number of shocking crypto attacks related to blockchain ecology. Today let’s do a recap on what happened in the blockchain security ecology in 2021.

1.

Overview of the Blockchain Security Ecology in 2021

According to the incomplete statistics from the data monitored by BEOSIN Eagle-Eye, in 2021, the number of typical security incidents related to the entire blockchain ecology has exceeded 332, with an increase of over 22% compared to 270 in 2020 ; the economic loss of the entire blockchain ecology in 2021 exceeded $15.3 billion, increasing by 26% compared to 2020.

It is worth noting that, according to BEOSIN’s statistics, the economic loss in the blockchain ecology exceeded $2 billion in 2018, $6 billion in 2019, $12.1 billion in 2020, and $15.3 billion in 2021, which shows that the blockchain security issue has become more and more serious over the past few years.

Since 2016, economic losses in blockchain ecology have increased year by year, stemming from the fact that the blockchain industry has witnessed a rapid development in recent years. While the underlying blockchain technology is gradually becoming mature, the value of blockchain applications has been widely recognized, resulting in huge economic benefits flowed into blockchain ecology, posing a great challenge of preventing security risks.

2.

Statistics of blockchain security incidents in 2021

Number of typical security incidents

According to the incomplete statistics from BEOSIN Eagle-Eye, the number of typical security incidents related to the entire blockchain ecology in 2021 has exceeded 332. The peak of the security incidents outbreak is seen in August, and the security situation in June and July is also serious.

Proportion of different aspects

Security incidents mainly include areas like exchanges, DeFi, rug pull/scams, ransomware/mining Trojans, dark web, and others, with 101 DeFi security incidents and 95 rug pulls/scams being the main sources of security incidents for the year.

Amount of economic losses

Economic losses resulted from security incidents in 2021 exceed $15.3 billion, higher than $12.1 billion in 2020. The hugest economic losses are from rug pulls/scams.

3.

Security risks by area and suggestions

DeFi

Due to the rise of the DeFi, this area is also a target for hackers in 2021.

Suggestions:

Before the project goes live, DeFi project owners should do precautionary work such as strict security audits by third-party security companies. As a user, when choosing a project, you should pay attention to whether the project has been audited by a third-party security company and whether it has an authoritative security audit report.

Rug Pulls/Scams

The economic losses in terms of rug pulls/scams in 2021 has far exceeded the attacks and thefts by hackers.

Suggestions:

As users and investors, they should be vigilant and cautious in screening investment products and projects. Practitioners of all parties in the industry should actively cooperate with relevant departments to promote the safe operation of the entire blockchain ecology.

Ransomware/Mining Trojan

In terms of ransomware, hackers will generally lock the victim’s network equipment or encrypt important files through phishing attacks, virus software, vulnerability exploits, as a way to extort the crypto-assets. For mining Trojans, they will be used to complete a large amount of calculations to obtain crypto-assets. CPU and GPU resources will be occupied, interfering with normal operations.

Suggestions:

Users and project parties should avoid using weak passwords, and the same password should not be used repeatedly. Do not trust or download links or files from unknown sources, and cautiously open emails or URLs from unknown sources.

Dark Web

In 2021, the dark web still remains an unrestful place for cybercrime activities. Criminals will mostly choose to use Bitcoin and Litecoin as the medium of exchange to avoid supervision and tracking by the relevant authorities.

Suggestions:

It’s important for cybersecurity companies to improve dark network governance and assist relevant departments to combat unlawful operations in dark web.

Exchanges

Exchanges are the closest place to users’ assets, storing massive assets and aggregating transactions, and therefore have been the first target by hackers.

Suggestions:

Exchanges should establish a comprehensive risk control plan to respond to and deal with various security incidents in a timely manner. Conducting overall security testing of the platform from a third-party security company is also necessary. Finally, Exchanges need to strengthen the security awareness of internal staff to avoid inside jobs.

Others

Security incidents in other fields such as information disclosure, privacy protection, private key compromise and illegal money laundering still cannot be ignored.

Suggestions:

Practitioners from all sides of the industry need to take into account security risks in other areas while paying attention to security incidents in hot areas, enhance the investment and research on blockchain security technology, and establish security solutions covering the entire life cycle of blockchain ecology.

4.

Top 10 Blockchain Security Incidents in 2021

The top 10 security incidents of 2021 ranked by economical losses.

No1. POLY NETWORK: $611 million
Date: August 10, 2021

Technique: logic issue with the contract permission management

No2. BITMART: $196 million
Date: December 4, 2021

Technique: Hot wallet private key compromise

No3. Compound: $147 million
Date: September 30, 2021

Technique: Wrong initial setting of the token distribution rate

No4. Vulcan Forged: $145 million
Date: December 13, 2021

Technique: wallet hacked

No5. Cream Finance: $130 million
Date: October 27, 2021

Technique: Flash loan attack

No6. Badger DAO: $120 million
Date: December 2, 2021

Technique: malicious code injection of front-end

No7. AscendEX: $77.7 million
Date: December 12, 2021

Technique: Hot wallet private key compromise

No8. EasyFi:$59 million
Date: April 19, 2021

Technique: Hot wallet private key compromise

No9. Uranium Finance: $57.2 million
Date: April 28, 2021

Technique: accuracy processing error

No10. bZx: $55 million
Date: November 5, 2021

Technique: Private key compromise

5.

Summary

Despite the fast evolution of blockchain technology in 2021, the high occurrences of endless security incidents has posed a more serious challenge to the blockchain ecological security situation. The statistics in 2021 shows that huge economic losses are likely to occur in terms of DeFi, Rug pull and scams.

BEOSIN’s advice:

For the project parties, conducting security audit is a must. Abnormal transactions also needed to be monitored in real-time. For users, they need to enhance their own security awareness to avoid economic losses.

--

--

BEOSIN

Blockchian Security · IDE · Beosin-VaaS · Formal Verification · SAS | China leading enterprise in blockchain security field