Article author:
DeFi Security Alliance
DeFi Security Alliance
5 Most Common Vulnerabilities You Need to Know in 2022
The blockchain industry is making big steps toward achieving security for all participants, however, it’s still not a done deal just yet. Hackers come up with new ways to exploit vulnerabilities and steal funds. Sadly, this lowers the trust in blockchain technology. In the last two years over $5 billion worth of assets was stolen due to multiple attacks on decentralized finances.
5 Vulnerabilities That Result in Losses
First, let’s take a closer look at the five most popular types of attacks on crypto platforms.
Attacks on Exchanges
Exchange platforms serve as trading spaces. Even as they improve security, there’s never фин guarantee that an attack won’t happen.
Usually, these types of attacks rely on vulnerabilities within the exchange. Such as unpatched software or unaudited updates.
Usually, these types of attacks rely on vulnerabilities within the exchange. Such as unpatched software or unaudited updates.
Majority Attacks
This type of attack, also known as 51%, occurs when a group of attackers gets control of over 50% of the attacked network’s mining hash rate. This way, the majority can prevent other users from completing blocks.
These attacks are rarer now than before.
These attacks are rarer now than before.
Exitscam
When an exchange or exchange representatives suddenly disappear with users’ funds, leaving users no options to return them to their wallets, the situation is called an exitscam. Most often, this is an issue with embezzlement – project owners spending said funds. This attack can be a result of a malicious team behind the exchange as well as an external attack.
Rug Pull
New projects aren’t always trustworthy, and unknown ones that tend to grow fast often end up being scams. When project owners take the liquidity, block all contacts and often remove their social media, that is a sign of a rug pull. These funds are rarely restored and users are the ones suffering the loss.
Phishing
Phishing attacks are arguably the most popular type of scam lately.
Attackers get a hold of users’ data, private keys, or wallets, and extract their assets.
Attackers get a hold of users’ data, private keys, or wallets, and extract their assets.
5 Attacks on Cryptocurrency
Each year the attacks become more complex and the hackers - more inventive. This is why it’s imperative to know all the potential threats and ways attackers might exploit crypto projects. We are taking a look at 5 of the biggest attacks in recent crypto history.
MT Gox
Date: 2011-2014
The amount lost: $470 million (now $4.7 billion)
The amount lost: $470 million (now $4.7 billion)
One of the most notable attacks on blockchain and the first attack on an exchange platform, this one certainly deserves its place. In this case, it took several years for the attackers to slowly gain access to 100k BTC from the project and 750k BTC from users. Approximately 200k BTC was later recovered however, the company itself went bankrupt.
Poly Network
Date: August 2021
The amount lost: over $600 million
The amount lost: over $600 million
This attack has been one of the most talked about in 2021. A hacker managed to exploit flaws in the infrastructure of the Poly platform, which resulted in them making away with over $600 million. The assets were transferred to the wallets controlled by hackers on Ethereum, BSC, and Polygon.
The Poly team successfully attempted to initiate communication with the attacker, later nicknamed “Mr.White Hat”. That, however, wasn’t the end of the story, the attacker agreed to return a portion of the money, keeping $33 million of already locked assets. While $200 more million was locked requiring two keys from Polygon and the hacker to be unlocked.
The whole situation is now resolved with the hacker receiving a $500,000 reward for discovering the issue that’s led to the protocol being attacked.
The Poly team successfully attempted to initiate communication with the attacker, later nicknamed “Mr.White Hat”. That, however, wasn’t the end of the story, the attacker agreed to return a portion of the money, keeping $33 million of already locked assets. While $200 more million was locked requiring two keys from Polygon and the hacker to be unlocked.
The whole situation is now resolved with the hacker receiving a $500,000 reward for discovering the issue that’s led to the protocol being attacked.
Liquid Global
Date: August 2021
The amount lost: over $97 million
The amount lost: over $97 million
By gaining access to Liquid’s wallets, the attackers managed to transfer a large amount of funds. The issue occurred after a hot wallet used by the project was broken into.
Among the stolen cryptocurrencies were ETH, BTC, and over 60 lesser-known currencies. For transfers the attackers used Uniswap. While they attempted to use several other platforms, the transfers were blocked at Liquid Global’s request. The company resumed operation after placing the unaffected funds in cold wallets and vaults were added for additional security. All users received their funds back even though the attackers were never discovered.
Among the stolen cryptocurrencies were ETH, BTC, and over 60 lesser-known currencies. For transfers the attackers used Uniswap. While they attempted to use several other platforms, the transfers were blocked at Liquid Global’s request. The company resumed operation after placing the unaffected funds in cold wallets and vaults were added for additional security. All users received their funds back even though the attackers were never discovered.
BitMart
Date: December 2021
The amount lost: over $100 million
The amount lost: over $100 million
In the attack on the BitMart exchange, the encryption of two (one ETH and one BSC) hot wallets linked to the platform was compromised. The reason for that was a hacked private key. Once again, the issues occurred on the Ethereum blockchain, the chain that’s become one of the most attacked due to its popularity.
The company quickly informed users of the breach and took action. For several days after the attack, transaction facilities were terminated. This time was used for finding and implementing the solution.
The company quickly informed users of the breach and took action. For several days after the attack, transaction facilities were terminated. This time was used for finding and implementing the solution.
Wormhole
Date: February 2022
The amount lost: over $326 million
The amount lost: over $326 million
The Wormhole platform that served as a communication hub for the Solana blockchain was attacked in February as a result of an issue with account validation. The issue was fixed within 6 hours of the attack and the funds were quickly restored.
The company described the whole timeline of the event in a thread on their official Twitter account.
18:26 UTC - the contract was exploited for 120k ETH
00:33 UTC - vulnerability was patched
13:08 UTC - ETH contract has been filled and all wETH are backed 1:1
13:29 UTC - the Portal (token bridge) is back up
Bridges like Wormhole are a constant target. In fact, they tend to be the weakest link in the interaction between chains. This is why bridges have to be audited twice as carefully as chains themselves.
The company described the whole timeline of the event in a thread on their official Twitter account.
18:26 UTC - the contract was exploited for 120k ETH
00:33 UTC - vulnerability was patched
13:08 UTC - ETH contract has been filled and all wETH are backed 1:1
13:29 UTC - the Portal (token bridge) is back up
Bridges like Wormhole are a constant target. In fact, they tend to be the weakest link in the interaction between chains. This is why bridges have to be audited twice as carefully as chains themselves.
Security is a massive issue for decentralized finances. Right now, as the market is still developing and has little to no regulation, it’s not always easy to assess the risks ahead of time. However, security audits and research help users with making informed decisions.
DeFi Security Alliance provides a catalog of the most trustworthy quality companies that guard users’ funds and crypto projects.
DeFi Security Alliance provides a catalog of the most trustworthy quality companies that guard users’ funds and crypto projects.
0XGUARD
Top Solana Vulnerabilities
Solana is a widely popular blockchain and attractively low transaction fees are certainly among the reasons developers choose it. Among Solana-based dApps are some of the most popular and valued projects. This is why knowing Solana and its weaker points is now more necessary than ever.
HASHEX
A Developer’s Guide: A Framework setup
Developers often ask how to correctly, efficiently, and securely set up a framework for developing smart contracts. This guide aims to help new developers do it quickly and conveniently.