Overview

According to the SlowMist Blockchain Hack Archive (https (://hacked.slowmist.io) Statistics, in February 2024, a total of 28 security incidents occurred, with a total loss of approximately US$404 million. The reasons involved contract vulnerabilities, DDoS attacks, flash loan attacks, private key leaks and account hacking. Thieves etc.

Main events

Phantom

On February 2, 2024, the encryption wallet Phantom stated that it was subject to a DDoS attack. Someone tried to overload its system. Some services may be temporarily interrupted, and user assets are safe. Later, Phantom tweeted that all services had returned to normal and were running smoothly again.

 (https://twitter.com/phantom/status/1753100432145318116)

Starlay Finance

On February 8, 2024, Starlay Finance, the lending protocol of the Polkadot ecosystem, was attacked, resulting in a loss of approximately US$2.1 million. On February 9, Starlay Finance tweeted that preliminary analysis showed that the attack was due to an error in the calculation of the liquidity index being exploited, resulting in unauthorized withdrawals.

(https://twitter.com/starlay_fi/status/1755856271184654360)

PlayDapp

On February 10, 2024, the blockchain gaming platform PlayDapp was attacked, and the hacker's address was added as a minter, minting 200 million PLA tokens (approximately $36.5 million). Shortly after the incident, PlayDapp sent a message to the hacker through an on-chain transaction, demanding the return of the stolen funds and a $1 million white hat reward, but the negotiations ultimately failed. On February 12, PlayDapp suffered a second attack, and hackers minted an additional 1.59 billion PLA tokens (approximately $253.9 million) and began transferring them through cryptocurrency trading platforms. According to statistics, hacking attacks resulted in losses of approximately $290 million.

(https://twitter.com/playdapp_io/status/1756060784692736038)

Duelbits

On February 14, 2024, the hot wallet of the encrypted gambling platform Duelbits was attacked, resulting in a loss of approximately US$4.6 million. The reason for the theft was suspected to be the leakage of the private key.

(https://twitter.com/Duelbits/status/1758159495807541459)

FixedFloat

On February 17, 2024, according to on-chain data, the cryptocurrency trading platform FixedFloat was attacked, resulting in a loss of approximately US$26.1 million in Bitcoin and Ethereum. FixedFloat clarified in response to this attack: This hacking attack was an external attack caused by a loophole in the security structure, and was not carried out by employees. User funds were not affected by an "external attack." On February 18, FixedFloat said on Twitter: “Confirming that a hack and funds were stolen, we are not yet ready to comment publicly on this matter as we work to eliminate all potential vulnerabilities, improve security, and investigate. .FixedFloat's service will be restored soon and details about this incident will be provided at a later date."

(https://twitter.com/FixedFloat/status/1759216185185288653?s=20)

Blueberry Protocol

On February 22, 2024, the DeFi lending protocol Blueberry Protocol was The attack resulted in a loss of approximately 457.7 ETH (approximately US$1.35 million). The attack was intercepted by a white hat hacker c0ffeebabe.eth, and 366 ETH was returned to Blueberry Protocol. According to Blueberry Protocol’s incident analysis report, the attack was caused by an oracle deployment error.

(https://medium.com/@blueberryprotocol/2-22-24-exploit-post-mortem-6f6be7c1dcc3)

BitForex

On February 23, 2024, the Hong Kong-based BitForex cryptocurrency trading platform was suspected of running away, which occurred on multiple blockchains. Access to the platform was shut down after a suspicious outflow of approximately $56.5 million. On-chain sleuth ZachXBT, who first noticed the withdrawal changes at the exchange, noted that the trading platform had stopped processing withdrawals and was not responding to customers. The company faced regulatory scrutiny in Japan in mid-2023 for operating without a license and was accused of inflating trading volumes. Its chief executive resigned in January, promising a new team would take over.

(https://twitter.com/zachxbt/status/1762028433574650347)

Jihoz

On February 23, 2024, Axie Infinity co-founder Jihoz tweeted: Two personal addresses have been leaked. The scope of this attack is only his personal account and has nothing to do with the verification or operation of the Ronin chain. Furthermore, the leaked keys have nothing to do with the operations of Sky Mavis. He wanted to assure everyone that strict safety measures are in place for all chain-related activities. According to statistics, the attack resulted in approximately $10 million in losses.

(https://twitter.com/Jihoz_Axie/status/1760845078757511562)

Seneca

On February 28, 2024, Seneca, the full-chain CDP protocol, was attacked by hackers due to contract vulnerabilities. The hacker uses the constructed calldata parameter to call transferfrom to transfer the tokens authorized to the project contract to his own address, and finally exchange them for ETH. Seneca was hacked and more than 1,900 ETH were stolen, worth about $6.5 million. On February 29, Seneca hackers returned 1,537 ETH (approximately $5.3 million) to the Seneca deployer address.

 (https://twitter.com/SlowMist_Team/status/1762865505042645010)

Shido Network

On February 29, 2024, Shido Network, a decentralized cross-chain protocol on the Ethereum chain, was suspected of running away. The owner of the SHIDO token staking contract first upgraded the staking contract, then withdrew a large amount of SHIDO, and finally sold a large amount of SHIDO at a price of 692 ETH (approximately $2.1 million).

Summary

28 major security incidents this month Among them, 2 projects (Blueberry Protocol and Seneca) have recovered a total of approximately 6.38 million US dollars in stolen funds; the losses from the 3 private key leak incidents this month amounted to approximately 304 million, accounting for approximately 30% of the total losses from security incidents this month. 75%, the SlowMist security team recommends users and project parties to strengthen the protection measures for private keys, such as using hardware wallets, offline storage, etc. to improve the security of private keys; 4 contract vulnerability exploitation incidents this month resulted in approximately US$7.25 million Due to the losses, the SlowMist security team recommends that project parties always remain vigilant and conduct regular security audits to track and resolve new security threats and vulnerabilities to protect project and asset security to the greatest extent. Finally, the incidents included in this article are the main security incidents of this month, and the incidents of personal user theft are not included in the statistics.