INS3 Insurance
Published in

INS3 Insurance

Blockchain security incidents in 2021 cause losses of more than USD 9.8 billion

2021 is a year of ups and downs for the blockchain industry. Despite this, the blockchain has achieved good results thanks to its decentralized, open and transparent characteristics, and with the efforts of both inside and outside the industry. At the same time, following DeFi, the crazy upsurge of global users and media towards NFT and Metaverse has brought blockchain to unprecedented heights. What happened this year?

Security incident

Blockchain technology is a double-edged sword. While its decentralization, anonymity, and non-tamperability promote the progress of the industry, it also causes a significant increase in blockchain security issues. There are many types of cryptocurrency crimes, money laundering, fraud, etc. Theft, drug trafficking, and mining crimes are frequent.

According to the incomplete statistics of SlowMist’s blockchain hacked file data, as of the date of publication, there were 231 blockchain security incidents that were disclosed in the blockchain ecology in 2021, with losses exceeding 9.8 billion.



Cryptopia is hacked again

On February 20, the New Zealand exchange Cryptopia was hacked again. The investigation revealed that the hacker had accessed a wallet that has been dormant since the hack in January 2019. The wallet belongs to Stakenet and is controlled by Grant Thornton, the liquidator of Cryptopia. According to the survey results, the dormant wallet holds approximately USD 1.96 million worth of Xtake, which is the native token of Stakenet.

Liquid hot wallet attacked

On August 19, Japanese crypto trading platform Liquid claimed that its hot wallet was attacked. The SlowMist AML team used its MistTrack anti-money laundering tracking system to analyze and calculate that Liquid lost a total of about 91.35 million US dollars (based on the price on the day of the incident). The stolen currencies involved BTC, ETH, ERC20 tokens, TRX, TRC20 tokens, and XRP. There are more than 70 kinds of currencies, and the amount is amazing.

INS3.Finance view

The security issue of exchanges has become the primary concern of exchanges and users, and has even become the key to determining the survival of exchanges. Especially in the fourth quarter of this year, various exchanges were attacked one after another, and the losses were very heavy.

Exchanges are frequently attacked for the following reasons: (1) Exchanges have gathered a large amount of funds and have always been the target of hackers; (2) In most cases, exchanges have weak defenses and are prone to security vulnerabilities, which are easy to be penetrated by hackers from weak points (3) ) Users lack sufficient security awareness; (4) Internal crimes.

For exchanges, it is recommended that major exchanges improve their internal management and technical mechanisms, and strengthen the security of digital assets by introducing security audit mechanisms, zero trust mechanisms, and cold and hot asset security solutions. At the same time, actively embrace supervision. For users, we must strengthen security awareness, do not disclose the private key to anyone at any time, and at the same time, look for the official platform to avoid phishing incidents.


Ledger wallet has repeatedly leaked

On June 18th, Bitcoin hardware wallet provider Ledger reminded users that a series of new scams that used fake Ledger hardware wallets to defraud users’ assets have recently occurred. Some users whose information was leaked a year ago received requests from users to replace their hardware wallets. The package includes a forged official letter and a tampered Ledger hardware wallet.

Ledger stated that the letter “need to replace the existing hardware wallet to protect your funds” is a scam, and the bonus Ledger Nano is also fake. If the user enters the seed word according to the instructions in the letter, the user’s encrypted assets will be stolen .

Multiple Chivo wallets stolen

Chivo Wallet is a national digital wallet issued by the government of El Salvador on September 7 for the implementation of the Bitcoin Act. To this end, El Salvador promised that users who download and authenticate the Chivo Wallet will receive a $30 bitcoin reward. This move allowed the official wallet of El Salvador to exceed 2 million users in one month. However, between October 9th and October 14th, El Salvador’s human rights organization Cristosal received 755 notifications about Salvadorans’ reports of the identity theft of their Chivo wallets.

INS3.Finance view

Although the number of incidents related to the wallet itself has declined this year, the number of incidents stolen due to downloading fake wallet apps is huge. According to SlowMist’s November report, tens of thousands of fake wallet apps have been stolen, with losses of up to 1.3 billion U.S. dollars. Only by establishing security awareness and mastering the correct methods can you truly protect your assets. First of all, look for the official website and do not click on links other than the official website; secondly, make a backup of your wallet and keep the private key mnemonic properly; finally, always be suspicious, there is no free lunch in the world.

DApp, DeFi, NFT, cross-chain

(1) ETH ecology

SushiSwap is attacked again

On January 27th, SushiSwap was attacked again and lost 81 ETH. This attack is similar to SushiSwap’s first attack in that they both generate profit by manipulating the exchange price of trading pairs. This attack took advantage of the fact that DIGG itself did not have a WETH trading pair, and the attacker created this trading pair and manipulated the initial transaction price, resulting in a huge slippage during the fee exchange process. The attacker used a small amount of DIGG and WETH can obtain huge profits by providing initial liquidity.

USD 12.15 million recovered after SIL was stolen

On March 19th, the SIL.Finance contract for DeFi’s financial services service had high-risk loopholes. Later, SIL.Finance issued an article saying that the incident was caused by a vulnerability in the smart contract permissions, which in turn triggered a universal preemptive trading robot to submit a series of transactions for profit. After discovering that the smart contract could not be withdrawn due to high-risk loopholes, after 36 hours of efforts such as SlowMist, it has successfully recovered USD 12.15 million.

(2) BSC ecology

Compound bugs and proposals

On September 30, the decentralized lending protocol Compound confirmed via Twitter that after the implementation of Proposal 62, the liquidity mining of the protocol had an abnormal distribution of COMP tokens. Compound Labs and community members are investigating. Compound said that deposits and borrowed funds have not been found to be at risk. Compound founder Robert Leshner said that the problem appeared to be an error in the initial setting of the distribution rate of COMP tokens based on Proposition 62, resulting in too many COMP tokens being distributed. On October 4, just as Compound was trying to fix the vulnerability, another $68.8 million worth of COMP tokens (202,472 COMP in total) was entered into the liquidity mining with existing loopholes due to the call of the drip() function. Token distribution contract.

Three attacks on Cream Finance

On October 27, Cream Finance, the DeFi lending association, was attacked and lost approximately US$130 million. The stolen funds were mainly Cream LP tokens and other ERC-20 tokens. It is reported that this is the third largest DeFi hacker attack in history. In addition, Cream Finance has suffered multiple lightning loan attacks before, losing 37.5 million US dollars in February and another 19 million US dollars in August.

(3) EOS ecology smart contract suffered reentry attack

Starting at 11:28 UTC on May 14th, the lightning loan smart contract has suffered a “re-entry” attack vulnerability, and approximately 1.2 million EOS and 462,000 USDT have been stolen. According to official sources, after EOS Nation’s Lightning Loan was hacked, the project party initiated a proposal to directly change the hacker’s EOS account permissions and return the assets.

PIZZA was hacked

At 8 pm on December 8, the hacker account itsspiderman used an overflow vulnerability to issue additional tripool market-making certificates in eCurve out of thin air, pledged and loaned most of the tokens in the agreement in PIZZA. Afterwards, hackers created more than 1.3 million accounts and dispersed the stolen assets. The loss of the PIZZA protocol in this attack is approximately equivalent to 5 million U.S. dollars.

(4) Polygon ecology

Algorithmic stablecoin project SafeDollar was attacked

On June 28th, SafeDollar, an algorithmic stablecoin project on Polygon, was suspected of being hacked. An unconfirmed contract seemed to have taken away 250,000 USD in USDC and USDT.

PolyYeld Finance contract used

The income farming agreement PolyYeld Finance was attacked, and the project contract was used to mint 4.9 trillion YELD tokens and dump them in the secondary market.

(5) HECO ecology

HSO takes away 30,000 HT and runs away

On March 10, the oracle project HSO on the Huobi Eco-Chain HECO carried out IDO and ran away 30,000 HT. The website and Telegram could not be opened. Later, under the full promotion of HECO core code contribution team Star Lab, HECO technical community and HECO White Hat Security Alliance, 24823 HTs have been recovered.

XDX Swap was attacked

On July 2, the XDX Swap (DDEX) on the cross-chain decentralized exchange DDEX on the Heco chain was attacked. The attacker made a profit of 85.17 ETH (approximately $176,000) and cross-chained it to Ethereum. The DDEX code appears to have a backdoor. With the support and cooperation of DDEX, Star Labs, and HECO White Hat Security Alliance, XDX Swap has successively recovered most of the funds involved in this attack, with a total value of more than 5 million US dollars.

(6) Other ecology

NEAR Ecological Ref.Finance was used due to contract errors

On August 15th, the NEAR Ecological Ref.Finance team tweeted that at around 2pm UTC on August 14th, the Ref team noticed the abnormal behavior of the REF-NEAR trading pair, and then discovered that the patch of the recently deployed contract An error, which has been exploited by multiple users, affected approximately 1 million REFs and 580,000 NEARs.

Solana ecology Solend was attacked by hackers

On August 19th, the Solana ecological lending agreement Solend tweeted that the agreement was hacked at 20:40 on August 19th, Beijing time. The attacker cracked the insecure identity check in the UpdateReserveConfig function, allowing it to liquidate all accounts. . In addition, the hacker also set the APY of borrowed funds to 250%. During this period, the funds of 5 users were mistakenly liquidated. Solend said that this attack did not result in the theft of funds, and that the scale of the bug bounty will be increased and a better monitoring and alarm system will be established.

Polkatrain’s IDO platform Polkatrain is arbitrage

On April 5, an accident occurred on Polkatrain’s IDO platform Polkatrain. According to SlowMist analysis, the contract in question was the POLT_LBP contract of the Polkatrain project. The contract has a swap function and a rebate mechanism. When users pass swap When the function purchases PLOT tokens, a certain amount of rebate is obtained, and the rebate will be sent to the user through the _update function in the contract by calling transferFrom. Since the _update function does not set the maximum number of rebates in a pool, nor does it determine whether the total rebates are used up when rebates, malicious arbitrageurs can continue to call the swap function for token exchange to obtain contracts. Rebate rewards.

Avalanche’s on-chain lending protocol Vee.Finance was stolen

On September 20th, the Avalanche chain lending agreement Vee.Finance team noticed multiple abnormal transfers. After further monitoring, a total of 8804.7 ETH and 213.93 BTC were stolen (total value over 35 million U.S. dollars). The stablecoin part is not affected by this attack.

GrimFinance on Fantom chain was attacked by lightning loan

On December 19, GrimFinance, a compound income platform on the Fantom chain, suffered a lightning loan attack, and the loss has exceeded 30 million US dollars. The attacker uses the function named “beforeDeposit()” in GrimFinance’s vault strategy to attack and enter the malicious Token contract.

(7) Cross-chain system

THORChain, a cross-chain transaction protocol, was attacked three times

On June 29th, THORChain was attacked by “fake deposits” and lost nearly 350,000 USD; on July 16, THORChain was attacked twice by “fake deposits” and lost nearly 8 million USD; on July 23, THORChain was attacked again and again. The loss was nearly 8 million U.S. dollars.

Cross-chain bridge Chainswap theft affects multiple platforms

On July 11, the cross-chain bridge project Chainswap was attacked by hackers again. More than 20 project tokens that deployed smart contracts on the bridge were stolen by hackers. The total loss is estimated to be 4 million U.S. dollars, which almost became the scope of influence in the history of DeFi. The biggest safety accident. According to the Chainswap survey, due to an error in the token cross-chain quota code, the on-chain swap bridge quota is automatically increased by the signing node. The purpose is to be more decentralized without manual control. However, due to a logical flaw in the code, this led to a vulnerability that automatically increased the number of invalid addresses that were not whitelisted. Earlier, on July 2nd, Chainswap was also hacked. Some user tokens were voluntarily taken out of wallets interacting with ChainSwap. The estimated total loss was US$800,000.

Poly Network returned $610 million after being stolen

The Poly Network attack on August 10 may be the largest network security incident in history. More than $610 million in encrypted assets were stolen and returned within 15 days. The entire blockchain industry and all related parties have experienced this ups and downs together with Poly Network. At present, all involved assets have been returned to users, and system functions have been basically restored to the level before the incident.

(8) NFT

NFT fraud spreads

On August 2, a scammer named “cryptopunksbot” was published on CryptoPunk’s Discord server, providing NFT investors with a chance to win 10 NFT avatars. Stazie, the founder of the NFT project, lost 16 CryptoPunks worth at least US$1 million because he accepted the falsely quoted posters. The fraudster then sold 5 CryptoPunks for 149 ETH ($385,000).

INS3.Finance view

Since the birth of DeFi, it has been accompanied by countless risks. Although the value of many DeFi projects has been explosively doubling, the hacking incidents have also intensified. According to SlowMist statistics, DeFi usually has the following attack methods: (1) Lightning loan attacks; (2) Contract vulnerabilities; (3) Compatibility or architecture issues; (4) Private key leaks or front-end attacks; (5) Internal crimes, Run away.

For the project team, if they want to eliminate loopholes and reduce security risks as much as possible, they must make effective efforts-before the project goes live, conduct a comprehensive and in-depth security audit. At the same time, it is recommended that all DeFi project parties increase their asset protection by introducing a multi-signature mechanism. On the other hand, when each DeFi project interacts between protocols, it is necessary to do a good job of compatibility between the protocols. Developers need to fully understand the architecture of the transplantation protocol and the architecture design of their own projects when transplanting the code of other protocols to prevent funds The occurrence of loss. For users, as the gameplay in the blockchain field becomes more diversified, users should carefully understand the background of the project before investing, check whether the project is open source and whether it has been audited, and need to be vigilant when participating in the project and pay attention to the project risk .

5 other types


On May 7th, Colonial Pipeline, the nation’s largest oil and gas pipeline operator, was forced to suspend operations by a targeted attack by ransomware. After that, it paid 75 Bitcoins and a ransom of more than 4 million U.S. dollars to get its operations back to normal. The ransomware attack involved national-level critical infrastructure, which caused global shock and widespread concern. In response to this incident, officials from the US Department of Justice stated that they have successfully recovered more than $2 million in ransom. However, US government officials did not specify the detailed process of “how to obtain the private key and recover the ransom,” only saying that this action shows that the United States will spare no effort to respond to blackmail attacks.


On August 20, the founder of one of Russia’s largest cryptocurrency scams was imprisoned for allegedly defrauding more than US$1.5 billion from its investors. Finiko was established in Kazan in 2019 and pretended to be a legitimate BTC investment company. In December 2020, Finiko released its native cryptocurrency FNK. According to local reports, the founders will take BTC from investors and reward them with FNK tokens.


On October 15, Sophos released a report stating that the crypto fraud application CryptoRom stole 1.4 million U.S. dollars through the use of “super signature service” and Apple’s developer enterprise plan. To date, Bitcoin addresses related to the scam have sent more than 1.39 million U.S. dollars, and there may be more addresses related to the scam. According to the report, most of the victims are iPhone users. The report stated that CryptoRom bypassed all security checks in the App Store and remained active every day. The report also stated that Apple “should warn users about installing apps through temporary distribution or through the enterprise configuration system that these apps have not been reviewed by Apple.”

INS3.Finance view

In the process of the vigorous development of the blockchain, various new investment scams under the name of the blockchain have also sprung up like bamboo shoots after a rain. Taking ransomware as an example, a report released by the Financial Crimes Enforcement Network of the U.S. Department of the Treasury pointed out that ransomware-related transactions in the first half of 2021 have reached 590 million U.S. dollars. SlowMist hereby reminds users not to open email attachments of unknown origin, carefully identify phishing websites, always hold a skeptical and cautious attitude, and effectively use anti-virus software.


Although the market value of many cryptocurrencies represented by BTC has been refurbishing, and the current development trend of the blockchain industry is getting better and better, cryptocurrency crimes have also become more rampant. From the statistical data, the months with more security incidents and large losses are mainly in April, June and August; from the perspective of each ecology, Ethereum has the most losses, exceeding 1.3 billion U.S. dollars, followed by BSC Ecology: From the attack field, exchanges and DeFi are more attacked.

For the project party, it is recommended that internal management and technical mechanisms be improved, and internal security personnel should check for omissions in security-related content in a timely manner. The most important and effective way is to conduct a comprehensive and in-depth security audit of the project before it goes live to minimize the possibility of causing security problems.

For users, treat the blockchain correctly and rationally, establish correct currency concepts and investment concepts, and effectively improve risk prevention awareness. For example, before investing, pay attention to whether the smart contract is open source, whether the platform itself has a security audit, and the most important thing is to keep your private key mnemonic well and not to disclose it to anyone.

Finally, I look forward to the new year that the blockchain will burst out with greater energy, more landing applications, and greater value creation.

About INS3.Finance

INS3.Finance is a decentralized multi-chain insurance protocol, to empower the risk protection infrastructure for the DeFi community. INS3.Finance offers portfolio-based insurance products with optimized pricing models to substantially lower the cost; launches insurance investment functions with flexible underwriting mining programs to create sustainable returns for the participants; and provides coverage for cross-chain DeFi projects to benefit the whole ecosystem.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store