According to a report summarizing key security trends for 2024 by Cyvers, the number of threats in the Web3 network has sharply increased this year, with 165 security incidents occurring and over $2.3 billion in financial losses, which is 40% higher than in 2023 ($1.69 billion) (with market factors considered). Among these, incidents related to access control (67 incidents) accounted for 81% of the $2.3 billion in losses, with approximately 98 incidents of smart contract vulnerabilities resulting in a total loss of $456.3 million, and one address poisoning incident resulting in over $68 million in losses.
However, compared to 2022 ($3.78 billion), the losses caused by security incidents in 2024 decreased by $1.48 billion (a 40% reduction), with $1.3 billion of stolen funds recovered.
If Web3 is a dark forest shrouded in fog, there are hunters lurking everywhere, waiting to ambush, as well as experienced security personnel, and heroes who clear the fog and expose evil. SlowMist Technology, featured in this episode of Starlabs Consulting's "Disruptors Unplugged," belongs to the latter two.
SlowMist Technology is a company focused on blockchain ecosystem security, established in January 2018. It mainly serves many leading or well-known projects globally through "integrated security solutions tailored to local conditions from threat detection to threat defense." It has developed into a leading international blockchain security company, with thousands of commercial clients from dozens of countries and regions around the world. Its security solutions include: security audits, threat intelligence (BTI), defense deployment, and are accompanied by SaaS security products such as cryptocurrency anti-money laundering (AML), vulnerability scanning for fake recharge, security monitoring (MistEye), hacked database (SlowMist Hacked), and smart contract firewall (FireWall.X). SlowMist has independently discovered and publicly announced many common high-risk blockchain security vulnerabilities in the industry, receiving widespread attention and recognition.
Below are the highlights from this episode of "Disruptors Unplugged" dialogue.
Key points of this article:
Smart contract vulnerabilities, private key leakage, social engineering attacks, and supply chain attacks are currently common and serious security threats in the Web3 ecosystem, continuously posing challenges to the industry.
Security is a dynamic management process. Third-party security audits can guide project parties to implement security practices in the short term, but they cannot genuinely guarantee the long-term safe and stable operation of projects. Therefore, it is crucial to establish and improve their own security systems.
Currently, MistTrack has accumulated over 300 million address tags, more than 1,000 address entities, over 500,000 threat intelligence data, and over 90 million risk addresses, all of which provide strong protection for ensuring the security of digital assets and combating money laundering crimes.
The explosive growth of Web3 has brought numerous new projects and users, but security incidents are frequent, and the market's demand for professional security services continues to increase. At the same time, more and more projects are beginning to emphasize the combination of security and compliance, which also provides a point of entry for professional security service companies.
01
About the Web3 industry
🌃 Starlabs Consulting: In SlowMist's view, what are the most severe security threats in the current Web3 ecosystem?
SlowMist: In the current Web3 ecosystem, we believe that the following types of security threats are relatively common and have high severity, continuously posing challenges to the industry.
First of all, smart contract vulnerabilities are a widely concerned issue. Due to the immutability of smart contracts, once a vulnerability is maliciously exploited, it may lead to irreversible losses, which is also the fundamental reason for most attack incidents. Common smart contract issues include improper permission management, integer overflow, and logical errors, among others.
Secondly, private key leakage is also a significant security risk. Whether for users or project parties, negligence in private key management (such as improper storage or device attacks) is a major reason for asset theft, and the safety of private keys is directly related to control over assets.
In addition, social engineering attacks (such as phishing attacks, account theft, impersonation, etc.) are also relatively common malicious methods. Due to the insufficient security awareness of some users and project teams, they often become entry points for attackers to break through defenses.
Lastly, there have been several security incidents involving supply chain attacks recently, so we believe that supply chain security is gradually becoming an important security issue in the Web3 industry. Vulnerabilities in supply chain security can lead to serious consequences, as malware and code can be embedded at various stages of the software supply chain, including development tools, third-party libraries, cloud services, and update processes. Once these malicious elements are successfully injected, attackers can exploit them to steal crypto assets, obtain sensitive user information, disrupt system functionality, conduct ransomware attacks, or widely spread malware.
🌃 Starlabs Consulting: In the face of frequent attacks in the Web3 field, what can project parties (especially startups) do in daily defense, besides cooperating with third-party security service providers like SlowMist? Please give them some advice.
SlowMist: Currently, Web3 projects face a wide variety of attack methods, and interactions between projects are becoming increasingly complex, which often introduces new security risks. Many Web3 project development teams generally lack frontline security offensive and defensive experience. During the project development process, teams often focus more on overall business validation and functionality implementation, neglecting the establishment of a security system. Therefore, without a sound security system, it is challenging to ensure the security of Web3 projects throughout their lifecycle.
To ensure security, project parties usually hire professional blockchain security teams for code audits. Security audits can guide project parties to implement security practices in the short term, but they cannot help project parties establish their own security systems. Based on this, SlowMist's security team has also open-sourced (Web3 Project Security Practice Requirements) (https://github.com/slowmist/Web3-Project-Security-Practice-Requirement) to continuously help project teams in the blockchain ecosystem master security skills for Web3 projects. We hope that project parties can establish and improve their own security systems based on these requirements, allowing them to maintain a certain level of security capability even after audits. Interested parties can search and read.
We always believe that security is a dynamic management process. Relying solely on short-term audits by third-party security teams cannot truly ensure the long-term safe and stable operation of projects. Therefore, it is crucial to establish and improve the security system of Web3 projects. The project party's team must possess a certain level of security capability to better ensure the security and stable operation of the project. In addition, we recommend that project teams actively participate in security communities, learn the latest security offensive and defensive technologies and experiences, and communicate and cooperate with other project teams and security experts to jointly enhance the security of the entire ecosystem. Furthermore, strengthening internal security training and knowledge dissemination to improve employees' security awareness and capabilities is also a key step in establishing a complete security system.
🌃 Starlabs Consulting: In the face of evolving attack methods, how can security companies achieve 'the higher the magic, the higher the Tao'?
SlowMist: For example, regarding our current response methods, we must always maintain sensitivity to new threats, continuously monitor the latest attack dynamics, and develop customized vulnerability detection, on-chain analysis, and monitoring tools to achieve real-time protection and more efficient response capabilities.
Secondly, we have a threat intelligence sharing network. By closely collaborating with industry partners and project parties, we can obtain the latest security intelligence in a timely manner, and with the help of on-chain data analysis technology, track the flow of attackers' funds to help victims recover losses as much as possible.
In addition, reverse engineering and case reviews are also indispensable parts. By deeply reviewing past security incidents and sharing Hacking Time from time to time, we continuously improve our technical capabilities.
02
About SlowMist
🌃 Starlabs Consulting: You do so much work every day, evaluating hacker addresses, analyzing links, and tracking fund flows. What proportion of this is commissioned work, and what proportion is for public good?
SlowMist: SlowMist's anti-money laundering and fund tracking business mainly comes from two aspects: client-initiated commissions and public service.
In terms of public service, we have participated in the tracking of many major public attack incidents. Regardless of whether project parties actively reach out to us, we will follow up promptly. This part of the work mainly stems from our sense of responsibility for the healthy development of the industry. By revealing hacker behaviors in a timely manner and analyzing attack methods, we hope to contribute to the security of the entire Web3 ecosystem. In addition, SlowMist receives a large number of help requests from victims every day, including those who have lost tens of millions of dollars, asking us to provide fund tracking and loss recovery services. For these cases, we offer free community assistance services for case evaluation (https://aml.slowmist.com/recovery-funds.html).
On the other hand, SlowMist also provides emergency response services specifically for Web3 project parties (https://cn.slowmist.com/service-incident-response.html). This service helps project parties respond quickly and effectively to risks in the event of hacker attacks or other emergencies. We will conduct a detailed analysis of the attacker's intrusion path and post-intrusion behavior, and construct a profile of the attacker on-chain and off-chain. At the same time, we will also track the flow of stolen assets. This service includes the entire process from on-chain and off-chain intrusion analysis to fund tracing and source tracking, helping project parties review security incidents, and relying on SlowMist's blockchain anti-money laundering system (AML) and InMist threat intelligence network to help project parties recover fund losses as much as possible.
🌃 Starlabs Consulting: On-chain transaction records are intricate and complex, making it difficult for ordinary users to analyze a single transaction. You cope with a vast amount of tracking work every day. Do you have more efficient analysis tools and databases? How do the tracking and analysis tools you use internally differ from those available to end-users like MistTrack?
SlowMist: In fact, we also use MistTrack (https://misttrack.io), which is simple and easy to use, with comprehensive data. Currently, MistTrack has accumulated over 300 million address tags, more than 1,000 address entities, over 500,000 threat intelligence data, and over 90 million risk addresses, all of which provide strong protection for ensuring the security of digital assets and combating money laundering crimes. The difference is that our team has established an internal knowledge base to ensure the efficiency of tracking work.
🌃 Starlabs Consulting: When users use SlowMist's MistTrack tracking service, should they worry about personal privacy? How do you protect customer personal information?
SlowMist: There is no need to worry about this. As a security company, SlowMist naturally places great importance on privacy protection and informs users of our privacy policy before cooperation. We strive to retain only the data necessary to complete the service, while strictly limiting access permissions to ensure that only authorized personnel can access relevant information. All user data is transmitted and stored using strong encryption technology.
🌃 Starlabs Consulting: We noticed that SlowMist also provides consortium chain security solutions. What are the main differences between consortium chain security and public chain security?
SlowMist: There are significant differences in security needs between consortium chains and public chains, mainly reflected in differences in network architecture, user groups, and application scenarios. For example, in terms of access control, consortium chains are usually permissioned, and only authenticated nodes and users can join. Consortium chains face more internal threats, such as malicious node operations, improper permission configurations, and data leaks. Public chains, on the other hand, are open networks and face more complex and diverse security challenges, including 51% attacks, smart contract vulnerability exploitation, and cross-chain bridge attacks.
In terms of node security, consortium chains have fewer nodes, usually maintained by several trusted parties, which have a high trust foundation but also come with a high risk of single point failure. To enhance performance, consortium chains often adopt efficient consensus mechanisms (such as PBFT, Raft), sacrificing some decentralization. In contrast, public chains have a wide distribution of nodes and a high degree of decentralization, thus relying more on consensus mechanisms to resist malicious node behavior. Public chains typically adopt consensus mechanisms that are more decentralized but have lower performance (such as PoW, PoS) to enhance censorship resistance and system openness.
In terms of compliance requirements, consortium chains are usually applied in enterprise-level scenarios, thus needing to meet strict legal and regulatory requirements. In the design phase, security solutions need to fully consider the needs for auditing and supervision. In contrast, public chains operate on a more global scale, facing challenges related to cross-border laws and regulations, and need to balance decentralization with efficiency in security design.
In response to the characteristics of these two types of chains, SlowMist provides differentiated security solutions to address their respective security challenges.
03
About the security industry
🌃 Starlabs Consulting: Is the Web3 security space still a blue ocean? If a startup wants to enter this field, or if a Web2 security company wants to expand into Web3 security, which subfields do you think have more opportunities?
SlowMist: The explosive growth of Web3 has brought a large number of new projects and users, but security incidents are frequent, and the market's demand for professional security services continues to increase. At the same time, more and more projects are beginning to emphasize the combination of security and compliance, which also provides a point of entry for professional security service companies. For instance, ordinary users often suffer asset losses due to phishing attacks, malware, and improper key management, so user-side security is something to consider; furthermore, on-chain fund tracking is complex and requires significant effort, and the demand for anti-money laundering is increasing, which can also develop towards fund tracking and anti-money laundering (AML). Overall, the Web3 security track is full of challenges but also contains enormous opportunities.
🌃 Starlabs Consulting: How to assess the potential threats of quantum computing technology to existing encryption algorithms, and what strategies can be adopted in the future encryption field?
SlowMist: Currently, the threat of quantum computing has not fully manifested, but in the Web3 and blockchain fields, quantum computing technology highly relies on the security of encryption algorithms. The encryption field can ensure the long-term security and robust development of the ecosystem through technological innovation, international cooperation, and phased strategy implementation.