Blockchain Security and Regulation Monthly Recap of February: $422M lost in attacks

Mar 19, 2024

According to Beosin KYT anti-money laundering analysis platform platform, in February 2024, the number of various security incidents and the amount involved increased significantly compared with January. In this month, more than 19 typical security incidents occurred in February 2024 and the total losses caused by hacker attacks, phishing scams and Rug Pull reached $422 million, an increase of approximately 102% from January. Attack incidents were approximately $347 million, an increase of approximately 110%. Phishing fraud incidents were approximately $16.08 million, a decrease of approximately 52%. Rug Pull incidents were approximately $59.38 million, an increase of approximately 440%.

The biggest security incident in this month was the attack on PlayDapp, a gaming platform, which caused a loss of 290 million dollars. Other incidents with losses of more than 10 million dollars include FixedFloat, a centralized exchange, with a loss of $26.1 million and a personal address of Axie Infinity co-founder Jihoz.ron with a loss of approximately $10 million due to his compromised private keys. In addition, Bitforex, a Hong Kong exchange, is suspected of having a Rug Pull , with an abnormal outflow of $56.5 million from its hot wallet. At the same time, there are new updates on regulatory compliance policies. Let’s take a look.


Hacker Attacks

『9』Typical Security Incidents

No.1 On February 9 and February 12, PlayDapp, a gaming platform, suffered two compromised private keys. The attackers minted a total of 1.79 billion PLA tokens, worth approximately $290 million.

No.2 On February 14, Miner, an ERC-X project, was attacked due to a contract vulnerability, resulting in a loss of approximately $460,000.

No.3 On February 14, the hot wallet of Duelbits, a crypto gambling platform, was attacked, resulting in a loss of approximately $4.6 million.

No.4 On February 17, FixedFloat was attacked, losing $26.1 million worth of Bitcoin and Ethereum.

No.5 On February 22, Blueberry Protocol, a DeFi lending protocol, was attacked due to a contract vulnerability, resulting in a loss of approximately $1.35 million, of which $1.08 million has been returned by the white hat hacker who frontran the attack transaction.

No.6 On February 23, Jihoz.ron, co-founder of Axie Infinity, stated that two of his addresses were attacked due to the compromised private keys, resulting in losses of $10 million.

No.7 On February 27, $5.6 million was stolen from Serenity Shield, a blockchain data storage protocol.

No.8 On February 28, Seneca, a DeFi protocol, was attacked due to an arbitrary call vulnerability, causing losses of $6.5 million.

No.9 On February 29, Shido, a Layer1 blockchain, was suspected of being attacked. The contract was transferred to the new owner and upgraded immediately. The attacker then withdrew a large amount of SHIDO tokens and sold them, making a profit of approximately $2.3 million.


Rug Pull/Crypto Scam

『7』Typical Security Incidents

No.1 On February 4, a fraudulent address 0xe726 made a profit of $1.14 million from multiple victim addresses through phishing attacks.

No.2 On February 15, an address 0x8366 suffered a phishing attack, resulting in a loss of approximately $5.17 million.

No.3 On February 18, an address 0x03E4 suffered a phishing attack, resulting in a loss of approximately $860,000.

No.4 On February 23, an abnormal outflow of $56.5 million occurred from the Bitforex hot wallet. The CEO of the exchange resigned a month ago. At present, the official has stopped processing withdrawals and closed the official website. The X account has also stopped updating.

No.5 On February 25, a rug pull occurred in RiskOnBlast, a project on Blast, resulting in a loss of approximately $1.3 million.

No.6 On February 27, a rug pull occurred on the TRUMP token on BNB Chain and the deployer made a profit of approximately $600,000.

No.7 On February 28, an address 0x6558 suffered a phishing attack, resulting in a loss of approximately $1.54 million.


Crypto Crime

『3』Typical Security Incidents

No.1 On February 6, South Korean authorities arrested three executives of income platform Haru Invest for allegedly stealing 1.1 trillion won ($828 million) worth of cryptocurrency from approximately 16,000 customers.

No.2 On February 7, South Korea sentenced the CEO of cryptocurrency exchange Bitsonic to seven years in prison for stealing customer deposits worth 10 billion won ($7.5 million).

No.3 On February 20, the British National Crime Agency (NCA) announced that it had dismantled LockBit, the world’s largest cybercriminal organization. LockBit ransomware attacks have caused billions of pounds in losses over four years. The group generally only accepts cryptocurrency as ransom payment.


Regulatory Compliance Policy

『1』Typical Security Incidents

No.1 On February 5, the official website of the Hong Kong Securities and Futures Commission disclosed that if a virtual asset service platform operating in Hong Kong does not submit a license application to the Securities and Futures Commission on or before February 29, 2024, it must close its operations in Hong Kong on or before May 31, 2024. Investors using these unlicensed virtual asset service platforms should be careful.

No.2 On February 5, according to reports , the Spanish Ministry of Finance is seeking to control and supervise cryptocurrency assets owned by taxpayers. The agency proposed reforming current tax laws to allow state tax regulator Agencia Tributaria to seize cryptocurrencies when paying taxpayer debts. The proposal was presented to the European Union (EU) in 2021 and will be implemented soon, with local sources explaining that the government is moving quickly to create the conditions needed for the reforms to be implemented.

No.3 On February 20, the Hong Kong Monetary Authority issued a circular on the sale and distribution of tokenized products, setting out the expected regulatory standards that the HKMA will comply with when authorized institutions sell and distribute tokenized products to customers. The HKMA believes that it is time to provide guidance on activities related to tokenized products and provide the banking industry with clear regulatory requirements to support the industry in continuing to innovate and realize the benefits that tokenization can bring, while safeguarding the safety of consumers/investors.

No.4 On February 25, according to Bitcoinist reports, the U.S. Securities and Exchange Commission (SEC) has solicited public opinions on the possibility of introducing Bitcoin spot ETF options trading. The development prompted a strong reaction from financial markets, with experts predicting regulatory approval could come as early as March.


Overall, the amount of losses caused by various blockchain security incidents continued to increase significantly in February 2024. In this month's attacks, private key leaks accounted for approximately 90% of the total attack losses ($312 million). It is recommended that projects take comprehensive private key management measures, strengthen employee security awareness training, and use third-party password management tools with caution. There have been many phishing incidents this month causing over $1 million. Users are advised to continue to increase their security awareness, not to click on links from unknown sources, and to carefully check the signature content.


Original Link

본 글에 기재된 내용들은 작성자 본인의 의견을 정확하게 반영하고 있으며 외부의 부당한 압력이나 간섭 없이 작성되었음을 확인합니다. 작성된 내용은 작성자 본인의 견해이며, (주)크로스앵글의 공식 입장이나 의견을 대변하지 않습니다. 본 글은 정보 제공을 목적으로 배포되는 자료입니다. 본 글은 투자 자문이나 투자권유에 해당하지 않습니다. 별도로 명시되지 않은 경우, 투자 및 투자전략, 또는 기타 상품이나 서비스 사용에 대한 결정 및 책임은 사용자에게 있으며 투자 목적, 개인적 상황, 재정적 상황을 고려하여 투자 결정은 사용자 본인이 직접 해야 합니다. 보다 자세한 내용은 금융관련 전문가를 통해 확인하십시오. 과거 수익률이나 전망이 반드시 미래의 수익률을 보장하지 않습니다. 본 글은 제휴 파트너에 의해 제공된 것으로, (주)크로스앵글은 본 글에 대한 편집 통제권을 가지지 않고 본 글에 포함된 정보의 정확성 및 적시성에 대해 보증하지 않습니다. 본 글에는 제3자 웹사이트에 대한 링크가 포함될 수 있으나 (주)크로스앵글은 제3자 웹사이트에 대해 통제하거나 책임을 부담하지 않습니다.
본 제작 자료 및 콘텐츠에 대한 저작권은 자사 또는 제휴 파트너에게 있으며, 저작권에 위배되는 편집이나 무단 복제 및 무단 전재, 재배포 시 사전 경고 없이 형사고발 조치됨을 알려드립니다.