GoPlus Recap: The Blockchain Security 2022

GoPlus Security
6 min readDec 31, 2022

--

It’s been quite a tough year for all of us. Not only are the macro and political backdrops in a much more difficult situation today than they were twelve months ago, but also for crypto users 2022 was a rollercoaster ride from Terra Luna all the way to FTX. The crypto industry now stands in a bear market and might stay here in the future. To make things worse, security risks in the crypto world are on the rise as well.

Fast forward to the end of 2022, GoPlus would wrap up the major security risks associated with tokens and NFTs from the past year, aiming to help all of you to gain knowledge from lessons and experiences, increase the security awareness, and stay safe against crypto frauds,scams and hacks.

The security risks associated with Token

  1. Most common risks

The recent data released from GoPlus tells a total of 2.04m+ tokens have been detected, 1.09M+ of them are tokens with risks, meaning more than 50% of crypto tokens are tied up with scams. We wrapped up the the top security risks related to the tokens as below:

2.Honeypot token

1, Honeypot tokens on the rise

The recent data from GoPlus shows the honeypot tokens deployed in 2022 has increased significantly, reaching at 101,267 in total, a 83.39% increase over the full 2021.

2.Most of the honeypot scams deployed on popular blockchains.

Out of all the honeypot scams, 92.8% of them were deployed on BNB Chain, while 6.6% of them occurred on Ethereum. Both of them are so popular public chains that attracts lots of developers to flock there and launch their projects including fraud ones.

GoPlus wrapped up how honeypot scams distribute on blockchains as below:

3.Many new emerging trends on honeypots have been spotted.

It’s more clear than ever that DeFi eats CeFi. After this FTX incident, as the trust that crypto users put on CEX is declining, we saw many users in crypto space begin to withdraw their digital assets and transfer them into a decentralized wallet. On-chain active users witnessed a surge while more so are the attackers. GoPlus data saw a newly added pattern of honeypot amounts to more than 120 and how often the attacks happen gets ~6x after a week of FTX collapsing.

After doing a deep analysis on all of those new design mechanisms of Honeypots, GoPlus Security found that the competition between defending and attacking parties is getting tense, the way how the attack works is becoming more and more complex and takes on a dynamic form. Here we wrapped up some of the common attack schemes as below:

1, Make code less readable and hide the malicious logic

It makes it more difficult for a security detector like GoPlus to identify the associated risks around a token by making the code less readable, including adding unnecessary code logic or calling relations within a piece of code. That would make more noise for the token contract and help hide the real logic which would deliver malicious behavior on a honeypot token.

2.Disguising its contract as an established project

The attacker tries to get away from the security engine’s detection by disguising its contract as some else including creating an exactly same contract name and contract implementation process as a well-known crypto project

3.Initiate the attack in a more intangible way

The malicious code snippet tries to initiate the attack in a more intangible way, like making the action of trading tokens by the victims themself as a condition to initiate an attack. By doing so, the attacker needs to deal with the code in a more complex way. In practice, it works like this, only after multiple layers of nested conditionals past which are deliberately fabricated by hackers, the malicious behaviors could be executed, like some address couldn’t be able to trade and transfer tokens, and more tokens are minted by privileged accounts. By doing all those things, a contract status could be modified and the asset could be stolen.

4.Faking trading volume.

To entice more investors, the hackers could make it more like a real project with decent data showing a number flowing in and out on the market, instead of a scam .This could be done by sending airdrops to multiple addresses and faking a large number of trading volume.

NFT security risk

NFT contracts became a new spot where most of the security incidents happened.

According to the data released by GoPlus Security, many NFTs have some kind of security concerns at a contract level. As of December 30, major risks associated with NFT at a contract level are as below:

The security risks associated with malicious addresses

In 2022, not only so many of the phishing attacks, fraud incidents and scam in the crypto world, the malicious addresses related to security risks increase significantly.

According to the data released by GoPlus, most of the malicious addresses happening on the major EVM chain are mainly associated with dark web trading, phishing scams, mixer services, and honeypot schemes.

Risks associated with the contract approval

The most common risks associated with the contract approval

Security risks associated with dApps

The security risks associated with dApps is a HUGE topic and it’s kind of complicated to tell since it involves too many angles or vectors. Today we want to talk about if there is malicious behavior involved in the main contract for a dApp and if a dApp is audited.

The recent data released by GoPlus shows that among more than 6,000 major dApps in the market that the dApp Security API service has detected for their security risks, 925 of them have been audited, only accounting for 4% of all. 949 of all are not open sourced, accounting for about 15.7%. 67 dApps of all, whose main contract or the owner involving with a malicious behavior, accounting for about 1.1%.

The charts above saw the vast majority of dApps on market are unaudited. And there is still a long way to go.

Final thought

2022 is coming to an end. And here comes an even brighter 2023. However, for the year ahead, it’s full of challenges. We can imagine the hackers and scammers would adopt more innovative token design and sophisticated schemes to do the attacks. By doing this, it would make the scam in a less obvious way and then the risks become more difficult to be identified.

Confronting all those emerging risks in the crypto world, we believe that security is an ongoing concern — something that needs to be maintained over time, rather than checked once and forgotten about. To GoPlus, it means it should detect the risks with a higher precision, extend as more valid attack vectors as possible and upgrade the defending tactics over the change of hackers’s attacking mechanism.

Here’s to 2023, may it be a year filled with learning, building and defending against attackers by all of the users, institutions and security service providers towards the road ahead of Web3 security.

Let’s make the crypto world a more easy and secure place to explore.

--

--

GoPlus Security

Empowering a #SaferWeb3 with user-driven, open access security solutions. Championing user education for a fortified front against adversaries.