Hackers installed on the blockchain after losing more than 20 billion dollars in 10 years.

Technology does not understand what is right or wrong, and blockchain hacking continues.

In the world of blockchain in 2021, the light side is thriving and the dark side is evolving.

According to incomplete data from SlowMist Hacked, the year 2021 will have a bigger global blockchain security situation than last year in terms of volume, risk, cost impact and impact, shock. A security warning has been issued.

So-called "free hackers", unlike "black hat hackers", refer to a group of hackers who use "terrorism" and attacks to secure their connections. However, the most famous "free hacker" in 2021 was not authorized before the attack, and the contribution reached $600 million, but in the end, the hijacker returned all the stolen goods and Polynetworks waived its legal obligations.

Technology does not understand what is right or wrong, and blockchain hacking continues. Exchanges, wallets, public channels, various ecological DApps, DeFi projects... What are the main interests of hackers? ~

$600 Million Assets Stolen and Returned, Hackers Say "I Just Wanted to Warn You"

In August 2021, an anonymous attack on the Poly Network (heterogeneous cross-chain protocol), costing Ethereum, BSC (Binance Smart Chain) and Polygon (Ethereum side chain) $250 million, $270 million, $85 plus hundred . The assets were transferred quietly, a total of $610 million, and the whole process took 34 minutes.

However, at the start of the lockdown, hackers returned most of the stolen assets within 12 days, claiming they had no interest, and the "totally free hacker" was born.

At $610 million, it surpassed the Mount incident (XEM 523 million, around $534 million at the time), which was not only the biggest hacking incident in DeFi history, but also the biggest hack incident in DeFi history. biggest hack incident that includes all cryptocurrencies. .

In a security situation of such magnitude, the “parties” dare not control themselves. Polynetwork released the data at 8:38 p.m. the same day to notify the outside of the strike. It helps prevent transactions initiated by hackers, miners, and merchants calling hacker addresses from other chains.

(Image source: Poly Network Twitter screenshot)

Binance CEO Changpeng Zhao, OKex CEO Jay and others shared their support a day later when Paolo Ardoino, CTO of Tether, the USDT stablemaker, said Tether froze the localization from the $33 million pirate.

Despite the attacks, hackers still use various methods to quickly combine profits (for example, marketing involving multiple devices and devices, and device integration and equipment has been disassembled, making it difficult to track) and the same day 97.06 million USDC from Curve. was traded, and for DAI, he raised nearly $120 million in BSC using the Curve fork project Ellipsis Finance.

According to reports, on the day of the incident, a team of Foley staff members worked through the night and chilled with endless speculation from the crypto community, fearing that the property had been stolen. Mudit Gupta, security researcher and co-founder of Primitive Ventures partner Dovey Wan, and others flagged the possibility of "insider attacks," with some even thinking Poly "said and done."

On the day of the incident, the "good guy" sent a transaction to the thief's address, leaving a message that USDT was blacklisted, and the thief returned 13.5 ETH (about 42,495 $.84) as a gift.

At the beginning of "The Road to Riches", many "diners" came there. Some talk about plans and investments, some talk about dreams and ask about tuition. Some have allowed hackers to "remove" their devices. Coins, and in addition, those who directly worship the teacher and know the brother.

But the moment viewers watched the excitement, history turned.

The day after the incident, a hacker who attacked the Poly network began appearing on Etherscan, revealing his intention to recover the stolen goods from a phone call and requesting that the Poly project part give them to them. Multi-signature wallet.

"Why are you back?"

"I don't like money," said the hacker. "Wealth is a story, and saving the world is a story of eternity."

On August 11, 2021, hackers returned $4.7 million in assets, including $1 million from UCDC, $1.1 million from BTCB, and $2.6 million from other assets. Then on the same day, the thief returned around 120 million BUSD, 26,600 ETH and 1,000 BTCB to the address registered by the Binance Smart Chain poly network team, total cost estimates of around 250 million of dollars.

Over the next 12 days, hackers gradually recovered all stolen crypto assets from BSC, Ploygon, and Ethereum, and the public perception of the situation also changed from shock and criticism from thieves to blockchain cybersecurity concerns. .

On August 13, 2021, F2Pool co-founder, Cobo co-founder and CEO Shenyu published a blog post saying that Poly Network attackers are known as network security guards - "white hat hackers" and will continue to be developed for Cryptovoxels. Thanks to everyone who participated, we prepared a monument to commemorate the Polynetwork event. Following this, Polynetwork also announced a major network overhaul and invited the former attacker to become a Polynetwork security consultant.

Where there is money, there are hackers

In retrospect, the "free hack" situation stems from breaches across the chain, and the consequences include the Ethereum public chain, the polygon ecosystem, and the stable advantages of USDT. Trading companies can quickly convert coins and move stolen assets.

According to incomplete statistics from SlowMist Hacked data, 236 blockchain security events will be disclosed to the entire blockchain ecosystem in 2021, resulting in a loss of over $9.886 billion. Among these, security incidents such as green DApp and DeFi include a total of 127 incidents, 14 exchange security incidents, 8 public security incidents, 3 purse security incidents, and 84 other security incidents. (party running on the side of the road, etc.)

The above data shows that in the global blockchain 2021, DApps, DeFi projects and the exchange of various ecosystems are the areas most affected by the whole nature of hacker security.

An industry security watchdog told Lianxin that much of the revenue comes from cryptocurrency exchanges with hard workers and weak defenses. All of the above are "sweet treats" hackers can't ignore, and stealing coins by attacking cold/hot wallets will become a priority in 2021.

In February 2021, hackers stole approximately $1.96 million from Xtake by accessing a wallet managed by Grant Thornton, liquidator of New Zealand exchange Cryptopia which has been dormant since January 2019. On August 19 of the same year , Japanese cryptocurrency trading platform Liquid also suffered around $91.35 million from the theft of its gold wallet.

In addition to exchanges, wallets intended for fundraising can also be attractive to hijackers, which will lead to an end to wallet-related criminal incidents in 2021. According to the AML report, in November, tens of thousands counterfeit wallets were stolen, resulting in a loss of up to $1.3 billion.

It must be said that in addition to the exchanges, there are public protests. The ETC mainnet suffered because the Ethereum Geth client experience was poor after BSV was hit with 51% attacks in August 2021 and nearly 100 blocks received. The network was offline for 17 hours.

However, whether it is public chains, wallets or exchanges, regarding the cost of participation, the number of strikes and the impact, this cannot be given compared to DeFi, DApp, NFT and cross-segment. , which was also the most active hacker attack last year.

Since the birth of DeFi, many dangerous things have happened. The cost of several DeFi projects has doubled in recent years and hacking incidents have increased further. Debt settlement, conflict, relationship or real estate problems, personal or frontal strikes, internal violence... DeFi has many options for excellent work.

In 2021, the ETH SushiSwap ecosystem was attacked twice, highlighting the potential risks of the SIL.Finance deal. In the BSC ecosystem, Cream Financial was hit by triple-digit borrowing and revenue below $187 million. Flash.sx eco-friendly EOS flash library smart contract based on a "reentrant" attack. In the Polygon ecosystem, using agricultural import technology, the PolyYeld Finance project contract, is implemented. Additionally, the DDEX code backdoor occurs in the HECO ecosystem.

Security events usually occur in the "DeFi, DApp, NFT and Cross-Chain" sections. This does not only happen in 2021. According to the "Lianxin" survey, this policy appeared after the emergence of security in 2018, and even continued until 2022.

$23.9 billion loss over 10 years

From 2008 to 2022, hacking events such as bone maggots got stronger with the development of blockchain.

According to data from SlowMist Hacked, there have been 610 public blockchain security issues in the global blockchain ecosystem since 2012, with a total loss of approximately $23.878 billion. With age, there has been a strong change since 2018, and the number and proportion of events affected have more than doubled compared to the past.

According to research data from blockchain security firms PeckShield and BCSEC, there were 138 blockchain security incidents in 2018, resulting in a market loss of $2.238 billion, for which the Ethereum public chain and the EOS public chain are responsible. Brunt, trade, portfolio in that order.

Among them, there are more than 54 security incidents in the Ethereum public chain, of which "the American chain BEC was attacked by hackers and 900 million dollars evaporated in one day", and the public chain EOS has 49 maximum security issues. Among them, the direct losses due to incorrect numbers, false reports, exchange transactions and other attacks (caused by the spread of the DApp ecosystem in August and November) about 747,000 EOS.

In comparison, there were more than 10 opposing exchanges, but only two “Binance Exchange by Hackers and Phishing” from March 7 of the same year were affected, one from January 26, 2018 “New version of Japanese Coincheck Exchange”. In September, three BTC incidents similar to the “BTC overissue vulnerability” occurred and were fixed before the disaster.

Based on this, "Chainnew" finds EOS ecology and ETH in 9 major security zones represented by public chains, exchanges, wallets, ETH ecology, BSC ecology, TRON ecology, l EOS ecology, Ploygon ecology and HECO ecology. Ecology is of particular concern to hackers and the number of attacks on exchanges is very high. There are over 356 security incidents in our region, with contributions of over $12.5 billion, representing over 52.35% of total assets. all.

The same pattern is seen in the "2020 Blockchain Hacking" series published by the Atlas VPN team. The Atlas VPN team has recorded 47 successful attacks against ETH DApps and 28 breaches of cryptocurrency exchanges by 2020.

Hacker attacks on the DeFi ecosystem, DApp and exchanges will continue into 2022.

According to SlowMist Hacked statistics since January 18, 2022, there are 16 blockchain security issues announced in 2022 in the global blockchain ecosystem, and all but 6 achievements are security issues in DeFi ecosystems and DApp. Exchange security information.

In this context, many licensing agencies have issued warning messages to the crypto world to prevent hacker attacks and strengthen blockchain security. McAfee previously reported "Blockchain Threat Report" that "blockchain is a new foundation for online business, but poses a security risk." In March 2021, the China Institute of Information and Communication Technology also released the "Blockchain Security Capability Assessment and Analysis Report", highlighting the "10 security risks" that the existing blockchain and alerting the outside world to restore the protection experience.