2022 Mid-Year Report for Blockchain Security

Blockchain Security

The global social and economic development has faced unprecedented problems in the last two years as a result of numerous causes such as a pandemic, economic slump, energy constraint, escalation of geopolitical conflicts, and increased worldwide rivalry. At the same time, the global blockchain sector is experiencing rapid change: blockchain technology’s efficiency, security, and scalability have continued to progress, as the advent of emergent areas such as the Metaverse and NFT marketplace has allowed blockchain to thrive. The industry has now entered the 3.0 age.

(2022 — Security Incidents in First Half of the Year)
(2022 — Cause of Attack Distribution in First Half of the Year)
(2022 — Comparison of Losses in First Half of the Year)

Overview of Blockchain Security

Depending on who was attacked, we divided the 187 security incidents into three parts: Blockchain Tracking、Trading Platforms and Others.

(Comparison of the number of Blockchains in June 2021 and June 2022)
  • DeFi
(2022 — DeFi TVL in the First Half of the Year)
(2022 — Distribution of DeFi incidents in the First Half of the Year)
  • NFT
(2022 — Changes on OpenSea Trading Volume in First Half of the Year)
(2022 — Distribution of NFT Cause of Attack for First Half of the Year)
  • Cross-chain Bridges
(TVL of Ethereum’s 15 Largest Bridges)
(2022 — Cross-chain Bridge Security Incidents in First Half of Year)
  • Trading Platforms
(2022 — Comparison of Attack Losses Per Trading Platform in First Half of the Year)
  • Others

Overview of Attack Methods

Among the 187 security incidents, attack types are divided into four categories: the project’s own design flaws, rug-pull and phishing scams, private key exposure, and the introduction of front-end malicious code. These four primary attack types account for 95% of all security issues.

(2022 — Comparison of the Attack Methods used in First Half of the Year)
(2022 — Comparison of Losses accrued per Attack Method in First Half of the Year)


According to statistics, the months with the highest number of safety incidents in the first half of the year were primarily May and June. From the perspective of individual ecosystems, the majority of security incidents occurred on the BSC, with cross-chain bridges incurring the most losses.

(2022 — Distribution of Events for Each Blockchain by Month in First Half of the Year)
  • Zero trust. To make it simple, stay skeptical, and always stay so.
  • Continuous validation. In order to trust something, you have to validate what you doubt and make validating a habit.
  • For all the knowledge from the Internet, refer to at least two sources, corroborate each other, and always stay skeptical.
  • Segregate. Don’t put all the eggs in one basket.
  • For wallets with important assets, don’t do unnecessary updates.
  • What you see is what you sign. You need to be aware of what you are signing, and of the expected result after the signed transaction is sent out. Don’t do things that will make you regret afterwards.
  • Pay attention to system security updates. Apply them as soon as they are available.
  • Don’t download & install programs recklessly can actually prevent most risks.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.