The total loss of Web3 ecological security incidents in July reached 286 million US dollars

Source: Beosin

It's time for the monthly security inventory again! According to Beosin Alert, a blockchain security audit company, the total loss caused by hacker attacks, phishing and rug pulls in July 2024 reached US$286 million, an increase of about 56.3% from June. Among them, the attack incidents were about US$271 million, an increase of about 92.2%; the phishing incidents were about US$12.1 million, a decrease of about 67.6%; and the rug pull incidents were about US$3.58 million, a decrease of about 13.1%.

The largest hacker attack in July came from the Indian exchange WazirX, with a loss of about US$230 million, accounting for 85% of the amount of attacks that month. The second largest attack was LI.FI, which lost about US$11.6 million due to a contract vulnerability. There are still many phishing and rug pull incidents exceeding one million US dollars this month, and users need to be vigilant.

Hacker Attacks

A total of 9 typical security incidents occurred

No.1 On July 2, Bittensor was hacked due to a malicious software package, and some users lost about 8 million US dollars.

No.2 On July 12, the Dough Finance project was attacked due to a contract vulnerability, and lost about 1.8 million US dollars.

No.3 On July 14, the Mantle chain project Minterest was attacked by a flash loan, and lost about 1.4 million US dollars.

No.4 On July 16, Li.fi was attacked on the Ethereum and Arbitrum chains, and lost about 11.6 million US dollars. The attack occurred shortly after the deployment of the new smart contract. The project party said that this was a "human error in the supervision deployment process."

No.5 On July 18, the Indian exchange WazirX was attacked, with a loss of about $230 million. The incident may be related to the North Korean hacker group Lazarus Group.

No.6 On July 19, the Scroll ecological lending platform Rho Markets was hacked due to oracle problems. The attack was preempted by Mev bot, and the profit of $7.6 million has been returned to the project party.

No.7 On July 23, the dydx.exchange domain name was hacked, and 2 users were affected, with a loss of about $31,000.

No.8 On July 25, the DEX project MonoSwap of the Blast ecosystem was attacked, with a loss of about $1.3 million. The attack originated from the developers being tricked into downloading malware.

No.9 On July 31, Terra blockchain suffered an IBC hooks-related vulnerability attack, and at least about $5 million in tokens were stolen.

Phishing/Rug Pull

A total of 『6』 typical security incidents

No.1 On July 1, the address starting with 0x98f6 suffered a phishing scam, with a loss of about $2.41 million.

No.2 On July 2, the fake TRUMP (MAGA) token on BNB Chain suffered a rug pull, with a loss of about $950,000.

No.3 On July 3, the address starting with 0xD7b2 suffered a phishing scam, losing 6 "Boring Ape" NFTs and 40 Beans (worth about $1 million or more).

No.4 On July 21, the UPS token on BNB Chain had a rug pull, and the deployer made a profit of $520,000.

No.5 On July 22, the ETHTrustFund on the Base chain had a rug pull, and the scammers made a profit of about $2 million and laundered money through Tornado Cash and Railgun.

No.6 On July 24, the address starting with 0x0719 was phished, and Pendle worth $4.69 million was lost.

Regulation, compliance, and policy

No.1 Recently, Ajay Seth, a senior official at the Indian Ministry of Finance, said that India plans to release a discussion paper by September outlining its policy stance on cryptocurrencies. Seth did not imply a commitment to comprehensive legislation to regulate cryptocurrencies, but rather a position based on the consensus of stakeholders on the matter.  

No.2 The U.S. SEC issued notices of validity of multiple spot Ethereum ETF S-1 applications. The U.S. Securities and Exchange Commission issued notices of validity of S-1 applications for INVESCO & GALAXY spot Ethereum ETF, Fidelity spot Ethereum ETF, 21SHARES spot Ethereum ETF, FRANKLIN spot Ethereum ETF, BlackRock spot Ethereum ETF, and Grayscale spot Ethereum mini ETF.

No.3 Recently, the Greek government is planning to introduce a tax framework for cryptocurrencies and digital assets, but the Greek government does not currently recognize these taxes. A special committee will submit its findings on cryptocurrencies and digital assets to the Ministry of National Economy and Finance, and it is expected that cryptocurrencies will be included in the tax scope by January 2025. The document states that profits from cryptocurrency and digital asset transactions will be taxed at a rate of 15% as capital gains from the sale of securities. The committee's findings will be divided into three categories: defining and recording all cryptocurrencies, taxation methods, and monitoring processes.

In view of the new situation in the current blockchain security field, 『Beosin』 summarizes here:

Overall, the amount of losses from various blockchain security incidents in July 2024 increased significantly. This month's attacks involved multiple chain platforms, indicating that hackers are looking for opportunities on different chains. It is recommended that all ecological project parties should improve their security awareness. This month's attack methods are also diverse. In addition to common contract vulnerability exploits and private key leaks, they also include software package malicious programs, tricking developers into downloading malware, domain name hijacking, third-party module exploits, etc., which puts forward more comprehensive security protection requirements for project parties.