2022 Mid-Year Report for Blockchain Security

10 min readAug 17, 2022


We recently released the “2022 Mid-Year Blockchain Security and AML Analysis Report”. We’ll be breaking down this report into four section for the convenience of our readers.

This article will mainly focuses on the overview of Blockchain Security and the methods used in these incidents.

Blockchain Security

The global social and economic development has faced unprecedented problems in the last two years as a result of numerous causes such as a pandemic, economic slump, energy constraint, escalation of geopolitical conflicts, and increased worldwide rivalry. At the same time, the global blockchain sector is experiencing rapid change: blockchain technology’s efficiency, security, and scalability have continued to progress, as the advent of emergent areas such as the Metaverse and NFT marketplace has allowed blockchain to thrive. The industry has now entered the 3.0 age.

According to the SlowMist Hacked, there were 187 security incidents in the first half of 2022, with damages totaling $1.976 billion as of June 30.

(2022 — Security Incidents in First Half of the Year)

Approximately 77% (144 cases) of these security incidents resulted from the project’s own vulnerabilities being exploited by attackers, with a loss of approximately $1.84 billion, accounting for 93% of the total loss from security incidents. Approximately 21% (39 cases) resulted from Scams including Phishing & Rug Pull attacks, with a loss totalling approximately $130 million. This accounted for 7% of the total loss from security incidents.

(2022 — Cause of Attack Distribution in First Half of the Year)
(2022 — Comparison of Losses in First Half of the Year)

Overview of Blockchain Security

Depending on who was attacked, we divided the 187 security incidents into three parts: Blockchain Tracking、Trading Platforms and Others.

Blockchain Tracking

Blockchain continues to grow due to the emergence of NFT, DeFi, GameFi, and Metaverse. Simultaneously, these initiatives have boosted the growth and value of blockchains, bringing the multi-chain era closer to reality. According to Footprint Analytics data, the total number of blockchains out there as of June was 119, up from 31 in June 2021, representing a 284% rise year on year.

(Comparison of the number of Blockchains in June 2021 and June 2022)

However, the rapid development of the public chain is also a double-edged sword, while promoting the progress of the industry, the blockchain security problems caused by it have also increased significantly. We analyze from the three aspects of DeFi, NFT and cross-chain bridge.

  • DeFi

According to DeFi Llama statistics, the total value locked (TVL) in DeFi on June 30 was $143.2 billion, with the ETH blockchain accounting for half of that, with TVL being $94.55 billion. Followed by the BSC with $11.08 billion. Since 2021, several emerging blockchains, such as Solana and Avalanche, have rapidly developed their on-chain ecosystems by integrating DeFi, therefore attracting a huge number of users and capital precipitation. On June 30, Solana had a TVL of $2.64 billion, up 77% from the previous year, where Avalanche had a TVL of $5.54 billion, up 96% from the previous year.

(2022 — DeFi TVL in the First Half of the Year)

According to SlowMist Hacked, there were around 100 DeFi security incidents as of June 30, with damages exceeding $1.63 billion. The number of security incidents on BSC, ETH, Fantom, Solana, Polygon, Avalanche, and cross-chain bridges were 47, 29, 8, 5, 2, 1, and 7, respectively, with losses of $140 million, $308 million, $54.91 million, $63.83 million, $13.1 million, $8.3 million, and $1.043 billion respectively.

(2022 — Distribution of DeFi incidents in the First Half of the Year)
  • NFT

NFTs have grown fast as a result of the establishment of a number of leading NFT initiatives such as the involvement of celebrities and public figures. According to Dune Analytics, OpenSea’s trading volume peaked in January at $284 million dollars, but with changes in the cryptocurrency market, OpenSea’s trading volume in June was only $15.58 million dollars, a 94% decrease. The current NFT marketplace of the Ethereum ecosystem continues to dominate the market in terms of market capitalization and transaction volume, accounting for more than 90% of the total transaction volume. In addition to Ethereum, according to the statistics on transaction volume in the last 30 days, eco-friendly NFTs such as Solana and Flow are also growing at a rapid pace.

(2022 — Changes on OpenSea Trading Volume in First Half of the Year)

According to incomplete statistics from SlowMist Hacked data reports, there were about 48 NFT incidents as of June 30, with losses reaching up to $62.81 million dollars. Among them, 33.4% (16 incidents) were caused by attackers exploiting the project’s own vulnerabilities. 20.8% (10 incidents) were caused by Rug Pull attacks, and phishing attacks accounted for 45.8% (22 incidents). The majority of which were caused by hackers posting phishing links on hacked media platforms such as Discord/Twitter.

(2022 — Distribution of NFT Cause of Attack for First Half of the Year)

According to a TRM Labs report, in May and June, Chainabuse, a fraud reporting platform led by the TRM Labs community, received more than 100 reports of Discord hacking incidents. Since May, the NFT community has lost approximately $22 million. In June, hackers releasing NFT-related phishing attacks in compromised Discord channels rose by 55% this year.

  • Cross-chain Bridges

With the advancement of blockchain technology, numerous chains now co-exist, with Ethereum serving as the foundation. Asset movement across chains and cross-chain interaction of smart contracts have become commonplace on the blockchain. According to the statistics by Dune Analytics, the total locked-in value (TVL) of Ethereum’s 15 biggest cross-chain bridges was about $8.39 billion dollars as of June 30. Currently, the highest TVL is Polygon Bridges ($3.5 billion dollars), with the second largest being Arbitrum Bridge ($1.893 billion dollars), followed by Avalanche Bridge ($1.241 billion dollars).

(TVL of Ethereum’s 15 Largest Bridges)

Because of the high quantity of liquidity and low degree of decentralization, multisig wallets hold practically all the power, and cross-chain bridges have also been deemed a “sweet spot” in the eyes of hackers. According to SlowMist Hacked data reports, as of June 30, there were seven cross-chain bridge security incidents, with losses totalling $1.043 billion, which accounts for 64% of DeFi’s total losses and 53% of total losses overall in the first half of the year. It is worth mentioning that cross-chain bridges were involved in three of the four incidents that resulted in losses exceeding hundreds of millions of dollars in the first half of the year. Cross-chain bridges, as a crucial infrastructure of the multi-chain ecosystem, bear a large amount of capital flow and provide considerable ease to consumers. However, it poses numerous security and decentralization challenges, necessitating projects to increase its security, risk management, and other capabilities.

(2022 — Cross-chain Bridge Security Incidents in First Half of Year)
  • Trading Platforms

The cryptocurrency industry has been thrown into a regulatory whirlwind, with cryptocurrency trading platforms bearing the brunt of the damage. Using Binance as an example, the world’s largest trading platform by volume, Binance has been exposed to regulatory warnings from dozens of countries and regions including Europe, the Americas, and Asia, since 2021. Binance has secured regulatory licenses and registered its platform in Spain, France, Abu Dhabi, Dubai, Italy, Bahrain, and other nations. In response to these significant global regulatory signals, Binance has gradually strengthened its compliance process. There were four trading platform security incidents worldwide in the first half of the year, with losses exceeding $77.7 million:

1. The LCX technical team discovered unauthorized access to the LCX trading platform on January 9th, where roughly $7.94 million in crypto assets were stolen.

2. Crypto.com. A small number of users had withdrawals made without their permission. They lost about $34 million dollars, which comprised 4,836.26 ETH, 443.93 BTC, and about $66,200 dollars in other cryptocurrencies.

3. The LockBit ransomware group stated on January 8 that it had stolen a significant amount of customer information from the cryptocurrency trading platform PayBito.

4. On January 12, the IRA Financial Trust, a pension account provider in South Dakota, USA, sued the cryptocurrency trading platform Gemini, stating that $36 million worth of crypto assets from a client’s retirement account that Gemini was holding were stolen.

(2022 — Comparison of Attack Losses Per Trading Platform in First Half of the Year)

It is suggested that the largest trading platforms improve their internal management structure and technical processes. They should also make digital assets safer by putting in place security audit mechanisms, zero-trust mechanisms, and security solutions for both hot and cold assets.

  • Others

With the sudden rise in use of blockchain technology, it is inevitable that online dark web users will begin to consider it as an easy target. Criminals like how anonymous cryptocurrency is and have used it as a weapon of exploitation. Blockchain has become a new way for online black marketers to sell their goods. Extortion, fraud, and theft have become common in the blockchain ecosystem and pose a huge security risk.

According to data from the Payment System Department of the People’s Bank of China, the use of cryptocurrency for payments will be second only to bank transfers as a way to make fraudulent payments in 2021, with amounts reaching $750 million. In 2020 and 2019, this number was only $130 million and $30 million respectively, but it is clear that this number will grow rapidly each year. The amount of cryptocurrency transfers in “pig butchering” scams has increased rapidly. The “pig butchering” scam funds paid out $139 million in cryptocurrencies in 2021, which is 5 times more than in 2020 and 25 times more than in 2019.

Overview of Attack Methods

Among the 187 security incidents, attack types are divided into four categories: the project’s own design flaws, rug-pull and phishing scams, private key exposure, and the introduction of front-end malicious code. These four primary attack types account for 95% of all security issues.

(2022 — Comparison of the Attack Methods used in First Half of the Year)
(2022 — Comparison of Losses accrued per Attack Method in First Half of the Year)

92 attacks in the first half of the year were caused by the project’s own design defects and numerous contract vulnerabilities, resulting in a loss of $1.06 billion. 19 of those attacks were caused by flash loans, which resulted in a loss of $61.33 million. The percentage of assets lost due to compromised private keys is approximately 4%, but the total loss is ~$720 million.

With the rapid development of Web3, attacks on users and developers, especially phishing attacks on media platforms such as Discord and Twitter have been on the rise. After acquiring administrator or account permissions, hackers typically disguise themselves as admins who end up launching these phishing links. Furthermore, the cost of producing these phishing websites is extremely low. By copying well-known NFT projects, users are lured into approving the transfer of their assets through the use of free or gifting NFTs. Rug Pull scams, on the other hand, are based on evil intentions of the project team. There were 42 Rug Pull incidents in the first half of the year, with the majority of them occurring on the BSC.


According to statistics, the months with the highest number of safety incidents in the first half of the year were primarily May and June. From the perspective of individual ecosystems, the majority of security incidents occurred on the BSC, with cross-chain bridges incurring the most losses.

(2022 — Distribution of Events for Each Blockchain by Month in First Half of the Year)

The SlowMist Security team recommends:

It is best for institutions and businesses to set up complete network security protection systems to protect against network security threats at all levels and ensure immediate delivery of alerts. When a security threat is detected, it can be dealt with quickly thanks to pre-emptive security intelligence.

Individual users can prevent the majority of risks by following the security pratices and principles outlined below:

Two major security pratices to follow:

  • Zero trust. To make it simple, stay skeptical, and always stay so.
  • Continuous validation. In order to trust something, you have to validate what you doubt and make validating a habit.

Security principles:

  • For all the knowledge from the Internet, refer to at least two sources, corroborate each other, and always stay skeptical.
  • Segregate. Don’t put all the eggs in one basket.
  • For wallets with important assets, don’t do unnecessary updates.
  • What you see is what you sign. You need to be aware of what you are signing, and of the expected result after the signed transaction is sent out. Don’t do things that will make you regret afterwards.
  • Pay attention to system security updates. Apply them as soon as they are available.
  • Don’t download & install programs recklessly can actually prevent most risks.

We strongly advised you to read and learn the “Blockchain Dark Forest Selfguard Handbook”.

Download the full report: first-half-of-the-2022-report(EN).pdf




SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.