Web3 ecosystem hacker attacks and phishing scams caused $183 million in losses in June

Source: Beosin

It's time for the monthly security inventory again! According to Beosin Alert, a blockchain security audit company, in June 2024, the amount of losses from various security incidents dropped significantly compared to May. In June 2024, more than 18 typical security incidents occurred, and the total loss amount caused by hacker attacks, phishing scams and Rug Pulls reached US$183 million, a decrease of about 60% from May. Among them, the attack incidents were about US$141 million, a decrease of about 60%; the phishing scam incidents were about US$37.4 million, a decrease of about 61.6%; and the Rug Pull incidents were about US$4.12 million, an increase of about 102%.

This month, there were multiple hacker attacks with losses exceeding 10 million US dollars, involving various project types: British exchange Lykke, DeFi lending platform UwU Lend, NFT protocol Holograph, Turkish exchange BtcTurk, and portfolio management company CoinStats. Two phishing scams with losses exceeding 10 million US dollars also occurred this month, and users need to be vigilant.

Hacker Attacks

A total of 9 typical security incidents occurred

No.1 On June 2, the DEX project Velocore was attacked on the zkSync Era and Linea chains, with a loss of approximately $6.8 million.

No.2 On June 4, the British cryptocurrency exchange Lykke was hacked, and $22 million worth of cryptocurrency was stolen.

No.3 On June 9, the Ethereum Layer 2 protocol Loopring wallet was attacked, with a loss of approximately $5 million.

No.4 On June 10, the DeFi lending platform UwU Lend was attacked, and nearly $19.3 million in cryptocurrency was stolen. On June 13, UwU Lend was attacked again by the same attacker, and $3.72 million was stolen.

No.5 On June 10, Blast ecological project YOLO Games was stolen $1.5 million due to a security vulnerability in the smart contract.

No.6 On June 14, the full-chain NFT protocol Holograph was attacked, and hackers illegally minted 1 billion HLG tokens, with a total loss of approximately $14.4 million.

No.7 On June 22, Turkish cryptocurrency exchange BtcTurk said it was hacked and lost at least $55 million.

No.8 On June 22, the online gambling platform Sportsbet was attacked by BTCTurk hackers, with a loss of more than $3.5 million.

No.9 On June 22, cryptocurrency portfolio management company CoinStats was attacked due to server configuration errors, with a loss of approximately $10 million.

Phishing/Rug Pull

A total of 『5』 typical security incidents occurred

No.1 On June 1, a certain address starting with 5G9Dpk suffered a phishing attack, resulting in a loss of approximately $11.2 million.

No.2 On June 5, a certain address starting with 0xa38a suffered a phishing attack, resulting in a loss of approximately $2.12 million.

No.3 On June 8, the Gemholic project on the ZKsync chain suffered a rug pull, resulting in a loss of approximately $3.4 million.

No.4 On June 22, the GUNIT project on the Solana chain suffered a rug pull, resulting in a profit of approximately $720,000.

No.5 On June 23, a certain address starting with 0xfb94 suffered a phishing attack, resulting in a loss of approximately $11 million.

Crypto Crime

A total of 『4』 typical security incidents

No.1 On June 15, the United States charged two men with operating the dark web market Empire Market, and law enforcement agencies seized $75 million in cryptocurrencies and other assets.

No.2 On June 17, former Huludao Bank shareholders and executives were involved in a virtual currency money laundering case involving 1.8 billion yuan.

No.3 On June 20, the U.S. Department of Justice filed a lawsuit against 24 suspected money launderers. They allegedly transferred more than $50 million in drug sales proceeds for the Sinaloa drug cartel through large amounts of cash, purchases of cryptocurrencies, and cooperation with "Chinese underground banks."

No.4 On June 20, the Financial Conduct Authority (FCA) and the London Police arrested two suspects suspected of operating illegal cryptocurrency businesses, suspected of buying and selling more than 1 billion pounds (about 1.3 billion U.S. dollars) of crypto assets through their businesses.

Regulation, compliance, and policy

No.1 In June 2024, the Dubai Financial Services Authority (DFSA) announced a revision of its cryptocurrency token regime to strengthen and advance the regulatory framework for tokens in its special economic zone.

These revisions are based on the recommendations made in the "Consultation Paper No. 153 - Update on the Crypto Token Regime" published in January 2024, covering multiple aspects, including the ability of external and foreign funds to invest in unit offerings of recognized cryptocurrencies, the ability of domestic qualified investor funds to invest in unrecognized cryptocurrencies, and the custody of cryptocurrencies. In addition, the amendment adopts anti-financial crime compliance guidelines to address financial crime issues, including the application of the "travel rule", transaction monitoring and blockchain analysis, and the fees for recognized crypto tokens.

No.2 On June 20, 2024, the Singapore government released a 126-page money laundering risk assessment report, which deeply assessed the money laundering risks currently faced by Singapore. The report pointed out that in the process of attracting global super-rich and building an international financial wealth center, Singapore also faces severe anti-money laundering challenges and is easily used as a channel for laundering funds from overseas financial fraud and other crimes. In a recent money laundering case, the Singaporean authorities seized more than 1.5 billion Singapore dollars from relevant bank accounts.

In view of the new situation in the current blockchain security field, "Beosin" summarizes here:

Overall, the amount of losses from various blockchain security incidents in June 2024 has dropped significantly. 67% of the losses in this month's attacks came from private key leaks, and the types of projects attacked were diverse. It is recommended that all project parties and users should strengthen private key management and conduct regular security training for highly privileged employees. Phishing scams have not decreased this month. Users are advised to keep their private keys properly, verify signature information carefully, and check the correctness of the address carefully before transferring money.