It’s time for our monthly security report! According to Beosin KYT platform, in January 2024, the number of various security incidents and the amount involved increased significantly compared with February. In this month, more than 28 typical security incidents occurred and the total loss of various security incidents was about $209 million, which is up about 97% compared with last month. The loss of attacks was about $165 million and the loss of phishing was $33.31 million. $11 million were lost because of rug pulls. 

Note: The attack of $81.5 million Orbit Bridge cross-chain bridge is counted as a loss in December 2023. The attack amount of December 2023 is corrected to $93.95 million. Total loss due to hacking, phishing scams and Rug pulls is corrected to $106 million.

Attacks with a loss of more than $10 million this month include the theft of $112 million from the personal account of Chris Larsen, Ripple co-founder, the attack of $11.58 million on SOMESING, a South Korean Web3 social music project. In addition, phishing fraud incidents increased significantly. Users need to take more precautions as there were a number of personal addresses with losses of more than $1 million due to phishing in January.

Hacker Attacks

『13』Typical Security Incidents

No.1 On January 2, Radiant Capital, a lending protocol on Arbitrum, was attacked due to a contract vulnerability, resulting in a loss of approximately $4.5 million.

No.2 On January 4, Gamma Strategies built on Arbitrum was attacked due to a contract vulnerability, resulting in a total loss of $6.18 million.

No.3 On January 6, CoinsPaid was hacked, resulting in a loss of approximately $7.5 million.

No.4 On January 6, Narwhal was suspected of being attacked due to the theft of the signer's private key, resulting in a loss of approximately $1.5 million.

No.5 On January 16, Socket was attacked due to a contract vulnerability, resulting in a loss of approximately $3.3 million. Approximately $2.3 million has been recovered.

No.6 On January 22, the GAMEE game project on Polygon was attacked. The attacker accessed the project's GitLab through a vulnerability and obtained the old repository containing the private key. The project lost 200 million GMEE tokens (approximately $7 million).

No.7 On January 22, Concentric.fi suffered a social engineering attack, resulting in a loss of approximately US$1.7 million.

No.8 On January 25, Nebula Revelation on Optimism was attacked by a re-entrancy vulnerability, resulting in a loss of approximately $180,000.

No.9 On January 27, SOMESING, a South Korea’s Web3 social music project, was attacked and lost 730 million its native tokens SSX worth $11.58 million.

No.10 On January 28, Goledo Finance on Conflux was attacked by a flash loan, resulting in a loss of approximately $1.7 million.

No.11 On January 29, Barley Finance on Ethereum was attacked by a reentrancy vulnerability, resulting in a loss of approximately $130,000.

No.12 On January 30, the MIM_Spell project on Ethereum was attacked due to a contract vulnerability, causing losses of $6.5 million.

No.13 On January 30, Chris Larsen, Ripple co-founder, claimed that 213 million XRP, equivalent to approximately $112 million, was stolen from his personal account.

Phishing Scam/Rug Pull

『11』Typical Security Incidents

No.1 On January 1, approximately $1.3 million was stolen from a certain 0x3605 address for signing a malicious ERC20 Permit.

No.2 On January 2, approximately $2.47 million was stolen from a certain 0xd9b7 address for signing a malicious 'increaseAllowance' transaction.

No.3 On January 3, a certain 0x01be address suffered an address poisoning attack, resulting in a loss of approximately $4.4 million.

No.4 On January 7, MangoFarm had a rug pull on Solana, and the deployer made a profit of approximately $2 million.

No.5 On January 7, XKING had a a rug pull on Arbitrum, and the deployer made a profit of approximately $1.24 million.

No.6 On January 9, the SEC’s official twitter account was hacked and published a fake news about the approval of BTC ETF.

No.7 On January 15, Hector Network project on Fantom had a rug pull, and the deployer made a profit of approximately $2.7 million.

No.8 On January 21, a certain address 0x1749 suffered a phishing scam, resulting in a loss of $4.7 million.

No.9 On January 24, a certain 0xf8EB address lost approximately $1.3 million in assets due to a phishing attack.

No.10 On January 25, a certain 0x0c00 address suffered a phishing scam, resulting in a loss of approximately $2.66 million.

No.11 On January 27, a certain 0xc9f3 address suffered a phishing scam, resulting in a loss of approximately $2.34 million.

Crypto Crime

『4』Typical Security Incidents

No.1 On January 19, U.S. federal prosecutors filed an indictment against a German businessman, accusing him of defrauding investors of more than $150 million through a cryptocurrency fraud scheme.

No.2 According to news on January 26, an Indian national pleaded guilty in the U.S. District Court to darknet drug trafficking charges and had $150 million in cryptocurrency confiscated.

No.3 On January 29, the U.S. Securities and Exchange Commission (SEC) filed a lawsuit against HyperFund, a crypto Ponzi scheme involving $1.7 billion.

No.4 According to news on January 30, German police seized 50,000 Bitcoins worth nearly US$2.2 billion during an operation to combat online piracy.

In view of the current new situation in the field of blockchain security, Beosin concludes:

Generally, in January 2024, the number of various security incidents and the amount involved increased significantly compared with last month. The total loss of various security incidents was about $209 million, which is up about 93% compared with last month.

The number of rug pulls and the amount of loss have increased significantly compared with last month. Users are advised to be more careful and conduct a detailed background investigation of projects. Phishing attacks are still the main reason for security incidents this month. Users are advised to check carefully before signing or authorizing and verify the entire address of the receiver before transferring money. 60% of the attacks this month were due to the exploitation of smart contract vulnerabilities. It is recommended that the project teams must seek a professional security company for audit before launching their projects. Users should also carefully check the audit report before interacting with a project to avoid potential loss.

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team. It has offices in Singapore, Korea, Japan, and other 10+ countries. With the mission of "Securing Blockchain Ecosystem", Beosin provides "All-in-one" blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already audited more than 3000 smart contracts and protected more than $500 billion funds of our clients. You are welcome to contact us by visiting the links below.

Original Link