SlowMist: 2022 Blockchain Security and AML Analysis Annual Report

SlowMist
8 min readJan 8, 2023

--

This report takes a close look at the major events in the blockchain industry that took place in 2022. It provides an overview of the security status of each area within the industry and delves into common attack techniques. Additionally, it uncovers a few phishing techniques and analyzes the flow of stolen funds in some security incidents. To round things off, the report introduces an advanced method for tracking coin mixer funds through a comprehensive analysis.

Due to space limitations, only the key points of the report are listed here, and the full content can be downloaded in PDF format.

I. Background

This section is divided into two parts: Blockchain Security and Blockchain Anti-Money Laundering.

  • Blockchain Security

According to SlowMist Hacked, a database of blockchain security incidents, there were 303 blockchain-related security incidents in 2022, resulting in losses of up to $3.777 billion (calculated at the price at the time of the event).

(2022 Security Incident Statistics)

It is worth noting that the $3.777 billion in losses reported by SlowMist Hacked represents a 61% decrease from the $9.795 billion in losses seen in 2021. However, it should be noted that this figure does not take into account assets lost due to market instability, and this figure is also affected by currency prices.

(Comparison of blockchain losses over the past 3 years)

There were a total of 255 security incidents affecting various ecosystems, including DeFi, cross-chain bridges, and NFT. Additionally, there were 10 security incidents involving exchanges, 11 incidents involving public chains, 6 incidents involving wallets, and 21 incidents of other types.

(A comparison of security incidents on different trajectories over the past 3 years)
  • Blockchain Anti-Money Laundering

Anonymity and irreversibility are the natural attributes of cryptocurrency transactions. For this reason, in the case of frequent cryptocurrency crimes, blockchain anti-money laundering is in a crucial position, and it is also the last line of defense to prevent hackers from successfully cashing out. Faced with the pervasive threat of hackers, different groups have also “formed” an anti-money laundering alliance, including trading platforms/fund management platforms/project parties, regulators, and blockchain security companies. What will be the AML dynamics for these groups in 2022? In the process of anti-money laundering analysis, there are always several core questions: What is the origin of the funds used in the attack? Where did the laundered funds ultimately end up? See full PDF content for details.

II. Current State of Blockchain Security

  • Overview of Blockchain Security

On May 8, one of the most devastating crashes in cryptocurrency market history took place when the Terra network’s stablecoin, UST, experienced a massive $285 million sell-off. This triggered a chain reaction that caused the price of Terra’s native token, LUNA, to suddenly and unexpectedly plummet, resulting in a loss of nearly $40 billion in market value in a single day. The impact of this incident was so severe that it almost destroyed the entire ecosystem as we saw its TVL get reduced to near zero. This incident may even be seen as the trigger for the 2022 crypto winter.

According to SlowMist Hacked, there were 183 major DeFi security incidents in 2022, resulting in losses of $2.075 billion, or approximately 55% of the total losses for the year. Among these incidents, there were approximately 79 on BNB Chain, resulting in a total loss of around $785 million, making it the platform with the highest losses. Ethereum had around 50 security incidents, resulting in a total loss of about $528 million, followed by Solana with about 11 incidents and a total loss of around $196 million.

(Distribution of DeFi security incidents in 2022)

There were 16 major cross-chain security incidents in 2022, resulting in losses of $1.212 billion, or approximately 32% of total losses for the year. In 2022, there will be a total of 10 security incidents that cost hundreds of millions of dollars, of which cross-chain bridges account for 4, most of which are caused by the leakage of private keys. There were approximately 56 NFT security incidents, resulting in a total loss of more than $65.44 million. Many of these incidents were caused by phishing attacks, accounting for approximately 39% (22 incidents), followed by Rug Pulls at approximately 21% (12 incidents). The remaining 30% (17 incidents) were caused by contract vulnerabilities or other internal factors.

  • Attack Methods

In the 303 security incidents that occurred, the attack techniques can be broadly categorized into three types: those that were caused by design flaws or vulnerabilities within the project itself, those that used techniques such as rug pull, phishing, or scams, and those that resulted in asset loss due to private key leakage.

(Attack Methods in 2022)
  • Phishing/Scam Methods

This section only outlines a selection of phishing and scamming techniques that SlowMist has publicly disclosed in 2022.

  1. Use of Malicious browser Bookmark to steal Discord Token
  2. “Zero Dollar Purchase” NFT Phishing
  3. Redline Stealer Trojan Horse Currency Theft
  4. “Blank Check” eth_sign Phishing
  5. Same Ending Number Scam
  6. TransferFrom Zero Transfer Scam
  • Top 10 Security Incident Losses
  1. Ronin Network Losses Exceed $610 Million
  2. BNBChain Vulnerability Exploit
  3. Wormhole’s Loses Over $300 Million
  4. Beanstalk Farms Attacked by Flash Loans and Proposals
  5. Wintermute Loses $160 million
  6. Nomad Bridge Hacked
  7. Elrond Suffers Security Breach
  8. Mango Extracts $100 Million for Price Fixing
  9. Harmony Loses Over $100 Million
  10. Qubit Losses $80 Million in Attack

III. AML Analysis of Some Security Incidents

  • Tools & Methods
  1. Basic Tools — MistTrack
(MistTrack Anti-Money Laundering Tracking System Example Diagram)

The MistTrack Anti-Money Laundering Tracking System is a software as a service (SaaS) system developed by SlowMist Technology that is designed to combat money laundering activities involving cryptocurrencies. It offers a range of core functions, including a fund risk scoring module, a transaction behavior analysis module, a fund traceability tracking module, and a fund monitoring module. These features allow for effective tracking and analysis of potentially illicit financial activities in the cryptocurrency space.

2. Expanded Methodology — Data Analysis

From the blockchain anti-money laundering funds situation, we can see that after many hacking incidents, the funds on the ETH/BSC chain all flowed to a dark place — — Tornado.Cash, Tornado.Cash has become ETH/BSC The main battlefield of anti-money laundering on the BSC chain. We will propose an analysis method for the transfer of funds out of Tornado.Cash.

On the BTC chain, we can see that ChipMixer and Blender are common money laundering platforms for hackers through the blockchain anti-money laundering fund situation. Blender is currently sanctioned by the U.S. Department of the Treasury, and ChipMixer has a huge amount of money laundering inflows. We also need to propose an analysis method for the transfer of ChipMixer funds.

  • Detailed AML Analysis

This section uses the MistTrack basic analysis tool to carry out anti-money laundering analysis on 4 security incidents. Through the anti-money laundering analysis, it clearly expounds the problems of “What is the origin of the funds used in the attack?” and “Where did the laundered funds ultimately end up?”, and creatively proposes a data Analysis methods to analyze withdrawals of Tornado.Cash and ChipMixer.

IV. Outlook

  1. Regulatory Compliance
  2. Increased Focus on Security Audits
  3. Continued Expansion where Multiple Chains Coexist Harmoniously
  4. AML & On-chain Tracking Analytics
  5. Increased Focus on Backups
  6. Zero-Knowledge Proof: Scaling & Privacy

V. Summary

This report is based on our understanding of the blockchain industry, as well as data from SlowMist Hacked and MistTrack, an anti-money laundering tracking system. However, due to the anonymous nature of the blockchain, we cannot guarantee the absolute accuracy of all the data and cannot be held responsible for any errors, omissions, or losses that may result from the use of this report. It should also be noted that this report is not intended to be used as investment advice or any other type of analysis. If there are any omissions or deficiencies in this report, we welcome constructive criticism and corrections.

Throughout 2022, the word ‘turmoil’ has been a constant presence. Despite the ongoing aftermath of turbulence and the current ‘crypto winter’, the development of the blockchain industry cannot be stopped. By being cautious and working towards the betterment of the industry, we can ensure its long-term stability. Despite the challenges, we remain optimistic about the development of the blockchain industry in 2023.

The full version of the report is welcome to read and share :)

https://www.slowmist.com/report/2022-Blockchain-Security-and-AML-Analysis-Annual-Report(EN).pdf

VI. About Us

SlowMist was built with a focus on blockchain ecosystem security. We were established in January 2018 by a team with over ten years of network security experience. Our team members have helped make our organization an industry leader in blockchain security. We have served many leading or well-known projects around the world through our integrated security solutions ranging from threat detection to threat defense.

We have actively participated in the promotion of blockchain security standards. We’re one of the first organizations in China to enter the “2018 China Blockchain Industry White Paper” of the Ministry of Industry and Information Technology. We’re also a member of the “Joint Laboratory of Blockchain and Network Security Technology” in the Guangdong-Hong Kong-Macao Greater Bay Area and recognized as a “National High-tech Enterprise” less than two years after our establishment.

SlowMist offers a variety of services including security audits, threat information, bug bounties, defense deployment, security consulting, and other security-related services. We also offer AML(Anti-money laundering) software, DoS (Denial of Service) scanners Vulpush (Vulnerability monitoring), SlowMist Hacked( Crypto hack archives), FireWall.x (Smart contract firewall), Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, Cloudflare, BitDefender, FireEye, TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we were able to spread awareness and raise the security standards in the blockchain industry.

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

No responses yet