Source: Beosin
It’s time for monthly safety inventory again! According to monitoring by the blockchain security audit company Beosin KYT platform, in January 2024, the amount of losses from various security incidents increased significantly compared with December 2023. More than 28 typical security incidents occurred in January 2024, with the total loss caused by hacker attacks, phishing scams and Rug Pull being approximately US$209 million, an increase of approximately 97% from December last year. Among them, attack incidents amounted to approximately US$165 million, an increase of approximately 76%; phishing fraud incidents amounted to approximately US$33.31 million, an increase of approximately 247%; Rug Pull incidents amounted to approximately US$11 million, an increase of approximately 280%.
(Note: The Orbit Bridge cross-chain bridge attack that caused a loss of US$81.5 million was included in the loss in December 2023 based on UTC time. The amount of the attack in December 2023 was corrected to US$93.95 million; due to hacker attacks, Total losses caused by phishing scams and rug pulls corrected to $106 million)
Attacks that cost more than $10 million this month include: Ripple co-founder Chris Larsen’s personal account was stolen for $112 million US dollars; South Korea's Web3 social music service SOMESING was attacked and lost US$11.58 million. In addition, phishing scams have increased significantly this month. There have been many incidents where personal addresses have been phished and losses exceeding one million US dollars have occurred. Users need to take more precautions.
In terms of hacker attacks
A total of "13" typical security incidents occurred
No .1 On January 2, Arbitrum’s on-chain lending agreement Radiant Capital was attacked due to a contract vulnerability, resulting in a loss of approximately US$4.5 million.
No.2 On January 4, Gamma Strategies on the Arbitrum chain was attacked due to a contract vulnerability, resulting in a total loss of US$6.18 million.
No.3 On January 6, the payment platform CoinsPaid was hacked, resulting in a loss of approximately US$7.5 million.
No.4 On January 6, the Narwhal project was suspected of being attacked due to the theft of the signer’s private key, resulting in a loss of approximately US$1.5 million.
No.5 On January 16, the interoperability protocol Socket was attacked due to a contract vulnerability, resulting in a loss of approximately US$3.3 million. Approximately US$2.3 million has since been recovered.
No.6 On January 22, the GAMEE game project on the Polygon chain was attacked. The attacker accessed the project's GitLab through a vulnerability and obtained the old repository containing the private key. The project party lost 200 million GMEE tokens (approximately US$7 million).
No.7 On January 22, DeFi protocol Concentric.fi suffered a social engineering attack, resulting in a loss of approximately US$1.7 million.
No.8 On January 25, the Nebula Revelation game project on the Optimism chain was attacked by a re-entrancy vulnerability, resulting in a loss of approximately US$180,000.
No.9 On January 27, South Korea’s Web3 social music service SOMESING was attacked and lost 730 million native tokens SSX, worth US$11.58 million.
No.10 On January 28, the Goledo Finance project on the Conflux chain was attacked by a flash loan, resulting in a loss of approximately US$1.7 million.
No.11 On January 29, the Barley Finance project on the Ethereum chain was attacked by a reentrancy vulnerability, resulting in a loss of approximately US$130,000.
No.12 On January 30, the MIM_Spell project on the Ethereum chain was attacked due to a contract vulnerability, causing losses of US$6.5 million.
No.13 On January 30, Ripple co-founder Chris Larsen claimed that 213 million XRP, equivalent to approximately US$112 million, had been stolen from his personal account.
Phishing Scam/Rug Pull
A total of "11" typical security incidents occurred
No.1 On January 1, approximately US$1.3 million was stolen from a certain 0x3605 address for signing a malicious ERC20 Permit.
No.2 On January 2, approximately US$2.47 million was stolen from a certain 0xd9b7 address for signing a malicious 'increaseAllowance' transaction.
No.3 On January 3, a certain 0x01be address suffered an address poisoning attack, resulting in a loss of approximately US$4.4 million.
No.4 On January 7, a rug pull occurred on the MangoFarm project on the Solana chain, and the deployer made a profit of approximately US$2 million.
No.5 On January 7, a rug pull occurred on the XKING project on the Arbitrum chain, and the deployer made a profit of approximately US$1.24 million.
No.6 On January 9, the SEC’s official
No.7 On January 15, a rug pull occurred on the Hector Network project on the Fantom chain, and the deployer made a profit of approximately US$2.7 million.
No.8 On January 21, a certain address 0x1749 suffered a phishing scam, resulting in a loss of US$4.7 million.
No.9 On January 24, a certain 0xf8EB address lost approximately US$1.3 million in assets due to a phishing attack.
No.10 On January 25, a certain 0x0c00 address suffered a phishing scam, resulting in a loss of approximately US$2.66 million.
No.11 On January 27, a certain 0xc9f3 address suffered a phishing scam, resulting in a loss of approximately US$2.34 million.
Encryption crime/case supervision
A total of "4" typical security incidents occurred
No.1 On January 19, U.S. federal prosecutors filed an indictment against a German businessman, accusing him of defrauding investors of more than $150 million through a cryptocurrency fraud scheme.
No.2 According to news on January 26, an Indian national pleaded guilty in the U.S. District Court to darknet drug trafficking charges and had $150 million in cryptocurrency confiscated.
No.3 According to news on January 29, the U.S. Securities and Exchange Commission (SEC) filed a lawsuit against HyperFund, a crypto Ponzi scheme involving US$1.7 billion.
No.4 According to news on January 30, German police seized 50,000 Bitcoins worth nearly US$2.2 billion in an operation to combat online piracy.
In view of the current new situation in the field of blockchain security, "Beosin" summarizes here:
Overall, in January 2024, various areas The amount of losses caused by blockchain security incidents has increased significantly compared with December last year. There have been multiple phishing scams involving personal addresses this month. Users are advised not to click on links from unknown sources, carefully check the signature content, and cancel dangerous authorizations in a timely manner. This month, 60% of the attacks still come from the use of contract vulnerabilities, such as re-entrancy vulnerabilities, lack of accuracy issues, business logic issues, etc. It is recommended that project parties must find a professional company to conduct a security audit before going online.
Cheng Yuan
JinseFinance
Davin
Others
Bitcoinist
Cointelegraph