OpenZeppelin Blog

Final Results - Blockchain Hacking Techniques of 2022 | Top 10 - OpenZeppelin blog

Written by OpenZeppelin | March 16, 2023

 

In 2022, blockchain development saw increased participation and the launch of new technologies, but this also led to a surge in new hacking techniques and exploits leading to losses exceeding $3.7B. OpenZeppelin, in collaboration with the community of Web3 security experts, have documented the top security research from 2022 to promote best practices and effective security measures across the industry. This is crucial as blockchain technology becomes more widely adopted and impacts more aspects of daily life, there is a necessity to support developers and communities through safer Web3 experiences.

We’re thrilled to announce the final results of the Top 10 Blockchain Hacking Techniques of 2022.

This project was met with great participation from the community as well as our panel of Web3 security experts which include samczsun the Head of Security at Paradigm, Nikesh Nazareth a Security Researcher at OpenZeppelin, Tincho an Ethereum Security Researcher and the Creator of Damn Vulnerable Defi, cts the Co-Founder of Zellic and Perfect Blue, Independent Security Researcher Ashiq Amien, and Independent Security Researcher PwningEth.

This initiative not only highlights new and practical security research but also provides a must-read top 10 list for all blockchain security researchers and Web3 security enthusiasts. While other projects, such as DASP Top 10, identify the most common vulnerability types, our project showcased the most novel, pervasive, and impactful vulnerability types, techniques, and methodologies. We want to give credit to PortSwigger for leading the Top 10 Web Hacking Techniques project, which inspired us to create a similar initiative in the blockchain space.

Check out the final list of the Top 10 Blockchain Hacking Techniques of 2022 here

This year’s Top 10 highlights that vulnerabilities can emerge in unexpected places, such as differences between low-level languages and high-level languages and a vulnerability related to wrapped tokens. The discoveries also underscore the significant impact of vulnerabilities that could lead to the loss of funds or even the collapse of entire protocols. It’s essential to collaborate and coordinate the disclosure process, as seen in the Compound-TUSD Integration Issue Retrospective.

The ranking includes both well-known teams and individual researchers, which emphasizes the importance of community-wide engagement in securing the blockchain ecosystem. The high bounties offered for these discoveries demonstrate the value of incentivizing security research.

Full List of Nominations 

The Web3 security research community submitted a pool of entries, from which the top ten were ultimately chosen. While these ten entries were deemed the most innovative and significant discoveries of 2022, it’s important to note that all submissions were of high caliber and warrant recognition. 

Here is the list of hacking techniques received during the submission phase.

OpenZeppelin is a leading blockchain security company providing products & audits to the most trusted organizations in Web3. The Top 10 Blockchain Hacking Techniques of 2022 provide critical insights into the ongoing challenges facing blockchain security. Ultimately, the collective efforts of the blockchain security community can help to ensure the safety and stability of blockchain protocols in the future.

Since 2016, OpenZeppelin has worked to secure the decentralized economy. We create products for security-minded builders and provide security solutions for industry leaders. Our partnerships with top L1s, L2s, DAOs, DeFi protocols, and Web3 projects allow us to ensure that security best practices for blockchain development stay ahead of emerging threats. If you’re interested in getting in touch with the team for security solutions, smart contract advising, or audits then feel free to get in touch.

Click here to see the results of the Blockchain Hacking Techniques of 2022