Blockchain security incidents increased in May, with losses due to hacker attacks reaching $154 million
The monthly security incident highlights of Zero Hour Technology have begun! According to statistics from some blockchain security risk monitoring platforms, in May 2024, the amount of losses from various security incidents increased compared with April. More than 37 typical security incidents occurred in May, and the total loss amount caused by hacker attacks, phishing scams and Rug Pulls reached 154 million US dollars, an increase of about 52.5% from April. Among them, the attack incidents were about 54.51 million US dollars, an increase of about 3.7%; the phishing scam incidents were about 97.4 million US dollars, an increase of about 754%; the Rug Pull incidents were about 2.04 million US dollars, a decrease of about 94.5%.
In addition, there are some specific security incidents and new news, which will be described in detail below.
Hacker Attacks
11 Typical Security Incidents
(1) On May 5, GNUS on the Fantom chain was attacked, resulting in a loss of approximately $1.27 million.
(2) On May 9, the Blast ecosystem Bloom project was attacked, resulting in a loss of approximately $540,000. 90% of the stolen funds have been recovered (minus 10% of the bug bounty).
(3) On May 10, the Web3 game project Galaxy Fox was attacked, resulting in a loss of approximately $300,000.
(4) On May 10, the Base ecosystem Tsuru was attacked, resulting in a loss of approximately $410,000.
(5) On May 14, the Arbitrum chain DEX project Predy Finance was attacked, resulting in a loss of approximately $460,000.
(6) On May 15, the Bitcoin DeFi tool Alex Lab lost a total of approximately $6.3 million on the Stacks and BSC chains due to the theft of private keys.
(7) On May 15, Sonne Finance, a Compound fork project on the Optimism chain, was attacked due to a contract vulnerability, resulting in a loss of $20 million. After the incident, Seal contributors saved about $6.5 million by adding about $100 worth of VELO to the market. The attack exploited a vulnerability in the newly added market. Within two days of the market being created, the attacker used the multi-signature wallet and time lock function to execute key transactions and successfully manipulated the market’s collateral factors (c-factors).
(8) On May 16, the Solana ecosystem pump.fun project was attacked, resulting in a loss of approximately $1.9 million. The attacker then began to airdrop funds into some random wallets. pump.fun tweeted that the attack was caused by a former employee who used his privileges in the company to illegally obtain withdrawal permissions and carried out a flash loan attack with the help of the loan agreement.
(9) On May 20, the Web3 gaming platform Gala Games was attacked, resulting in a loss of approximately $21.8 million. The attacker minted 5 billion GALA tokens, worth more than $200 million, and then quickly sold 592 million GALA tokens for 5,952 ETH. On May 22, according to on-chain records and Gala Games’ statement on Discord, the hacker returned 5,913.2 ETH.
(10) On May 21, the TON ecosystem Launchpad platform TonUP was attacked due to an engineer’s misconfiguration of script parameters, resulting in a loss of approximately $107,000.
(11) On May 26, the Base ecosystem Meme coin Normie was attacked, resulting in a loss of approximately $490,000.
Rug Pull / Phishing Scam
6 Typical Security Incidents
(1) On May 3, a whale address was poisoned by an address scam, resulting in a loss of $72 million.
(2) On May 14, a fake Pii Park project on the Polygon chain was rigged, and the deployer made a profit of approximately $490,000.
(3) On May 14, an address starting with 0xff49 was phished by Pink Drainer, resulting in a loss of approximately $1.66 million.
(4) On May 16, an address starting with 0x719e was phished, resulting in a loss of approximately $1.25 million.
(5) On May 18, an address starting with 0xee6a was phished, resulting in a loss of approximately $5.6 million worth of Pendle yield tokens.
(6) On May 26, an address starting with 0x2154 was phished, resulting in a loss of approximately $6.9 million.
Crypto Crime
20 Typical Security Incidents
(1) On May 19, the People’s Court of Chongqing Liangjiang New Area (FTZ) concluded a highly publicized case of a commission contract dispute involving a dispute over the commission of a pyramid scheme member to purchase virtual currency. After trial, the court determined that the commission contract violated the mandatory provisions of national laws and administrative regulations and should be deemed invalid. After the first instance verdict was announced, Zhou was dissatisfied and filed an appeal. The Chongqing First Intermediate People’s Court made a second instance verdict, dismissed the appeal, and upheld the original verdict. At present, the verdict has come into effect and has been automatically executed.
(2) In May, the police in Maiji District, Tianshui traveled to 5 provinces and 9 cities to destroy a virtual currency money laundering gang, arrested 13 criminal suspects, and recovered more than one million yuan in stolen money. At present, criminal compulsory measures have been taken against the 13 criminal suspects in accordance with the law, and the case is under further investigation.
(3) On May 15, the Chengdu Public Security Bureau announced the process of cracking a major virtual currency underground bank case. The case involved an amount of 13.8 billion yuan, 193 criminal suspects were arrested, and 149 million yuan of funds involved in the case were frozen. Relevant clues were obtained in November 2022. On June 1, 2023, under the command of the Ministry of Public Security and the Public Security Department, 25 criminal suspects including Lin, Weng, and Chen were arrested, and a large number of bank cards, U-shiels and other payment tools used to commit crimes were seized.
(4) On May 13, the Panshi City Public Security Bureau of Jilin Province successfully cracked a case of illegal operation of underground banks using virtual currency, involving an amount of about RMB 2.14 billion, and six suspects who committed crimes in China and South Korea were arrested. The police found that the criminal gang in this case used domestic accounts to receive and transfer funds, OTC virtual currency trading, and Korean won settlement to illegally engage in foreign exchange business, helping Korean purchasing agents, cross-border e-commerce, import and export trading companies and other groups to realize the exchange of RMB and Korean won.
(5) On May 11, the Mingxi Public Security Bureau in Fujian cracked a virtual currency fraud case. Li met a stranger through a foreign chat software, and under the enticement of the stranger, he wanted to make money by buying “USDT” virtual currency and then reselling it to earn the difference. Li transferred money to the man several times to buy “USDT” virtual currency. After receiving the money, the man fabricated various reasons to refuse to provide “USDT” virtual currency to Li, and Li was eventually defrauded of 387,000 yuan. On May 11, Mingxi police went to Sichuan and successfully arrested the fraud suspect Zhao.
(6) On May 16, the Anti-Fraud Center of the Public Security Bureau of Sunwu County, Heihe City, Heilongjiang Province, found clues of a telecommunications network fraud during work, and the police immediately organized police forces to carry out work. After learning, the police found that Wu Moumou, a resident of a city in Jiangxi Province, was suspected of colluding with others to use virtual currency to help telecommunications fraudsters launder money, and quickly locked in the criminal suspect. On the same day, the police arrested four criminal suspects, including Wu Mouyuan, Chen Mou, Liu Mouhua, and Wang Mouwei, in a city in Jiangxi Province.
(7) On May 16, the Hong Kong police recently arrested three local men in a suspected cryptocurrency fraud case. A man tried to resell Tether (USDT) worth about HKD 1 million in a shop in Tsim Sha Tsui, but was defrauded of paying ghost money.
(8) On May 14, the Hong Kong police arrested a cross-border money laundering gang. It is reported that the Hong Kong Police Commercial Crime Bureau locked in a cross-border money laundering group in November 2023. The investigation found that the group recruited mainlanders to open puppet bank accounts in Hong Kong between September 2023 and March 2024, and defrauded victims through various types of fraud cases. According to the instructions of the fraudsters, the victims deposited the fraudulent money into the puppet account controlled by the criminal group. The group then withdrew the fraudulent money from the puppet account in cash and purchased cryptocurrencies on the over-the-counter (OTC) cryptocurrency exchange. At the same time, they opened accounts on overseas cryptocurrency platforms under false identities and deposited the cryptocurrencies purchased with the fraudulent money, which were then transferred to multiple cryptocurrency wallets to launder the proceeds of the crime.
(9) The U.S. Department of Justice has indicted and arrested Cartier, an heir to Cartier jewelry, on charges of using USDT to launder money, allegedly in collusion with a Colombian drug cartel. Cartier, along with five Colombian nationals, attempted to import 100 kilograms of cocaine and launder hundreds of millions of dollars, mostly through over-the-counter (OTC) USDT transactions. They had actually successfully laundered $14.5 million before their arrest. Cartier is currently being held in a Miami detention center, while his accomplices are being held in a Colombian prison.
(10) The U.S. Department of Justice has arrested a botnet leader who orchestrated a $130 million cyber fraud. According to the May 29 indictment, the suspect is suspected of “creating and distributing malware to invade and aggregate millions of home Windows computer networks around the world.” An independent analysis by blockchain analysis company Chainlysis showed that wallet addresses associated with the suspect held more than $130 million in digital assets earned through illegal commissions.
(11) On May 17, an indictment was made public in the Central District of California, charging two Chinese nationals with playing a major role in a money laundering scheme involving a cryptocurrency investment scam. They were accused of leading a money laundering scheme related to an international crypto investment scam, with an amount of at least $73 million.
(12) On May 1, the FBI uncovered Idin Dalpour, a Ponzi scheme that used crypto investments as bait, involving a total amount of $43 million.
(13) On May 14, Alexey Pertsev, one of the developers of the Tornado Cash mixing service, was convicted of money laundering and sentenced to 64 months in prison in the Netherlands.
(14) On May 15, Canada’s “crypto king” and his accomplices were arrested and accused of defrauding investors of $30 million through cryptocurrency and foreign exchange investment schemes.
(15) On May 21, U.S. authorities arrested and charged a Taiwanese man with operating a dark web drug trading market, allegedly using the site to sell more than $100 million worth of illegal narcotics, including fentanyl, in cryptocurrency.
(16) Paraguayan authorities have arrested nearly 400 Bitcoin miners in the city of Sapuca. The operation was jointly conducted by the police and the National Electricity Administration (ADE) as part of an investigation into suspected electricity theft.
(17) On May 31, Turkish authorities launched a crypto operation in 21 provinces in Ankara, detaining 127 suspects suspected of “international fraud through Ponzi schemes” and “crimes and laundering of criminal assets.” During the operation, the authorities seized more than 177 real estate and 61 movable properties worth 1 billion Turkish liras. In addition, they confiscated an unlicensed firearm, a blank-loading gun and some crypto assets.
(18) On May 26, Malaysian law enforcement authorities recently arrested a criminal gang suspected of using cryptocurrency to launder money, and a total of 10 people were arrested. During the raids between May 13 and 21, law enforcement officers seized 129 vehicles with a total value of approximately US$3.8 million (RM18 million), as well as designer watches, 18 luxury cars, motorcycles and handbags worth more than US$3.9 million, and froze bank accounts with a total value of approximately US$10.8 million. The gang is suspected of illegally profiting from fraudulent high-end license plate number and luxury brand watch transactions and transferring the funds to Malaysia through unregistered exchange dealers and cryptocurrency exchanges.
(19) The Texas State Securities Board has issued a cease and desist order to Arkbit Capital, accusing it of engaging in fraudulent crypto cloud mining activities. According to the order, the Texas State Securities Board found that Arkbit Capital and its affiliated entities engaged in fraudulent activities, including the use of deceptive image and video processing technology to promote its investment schemes. Arkbit falsely claimed to operate a data center located in Arkansas for cloud mining of various cryptocurrencies, promising a daily return of 1.6–2.8% for 120 days on digital asset deposits between US$50 and US$49,999.
(20) On May 26, Indian citizen Chirag Tomar pleaded guilty to federal charges of stealing more than $37 million by deceiving the Coinbase website. He pleaded guilty to wire fraud, which carries a maximum sentence of 20 years in prison and a $250,000 fine. Chirag Tomar and his accomplices designed a fake Coinbase Pro website to trick users into entering their login credentials and two-factor authentication codes. They were arrested at the Atlanta airport when they entered the United States on December 20 last year and are currently in federal custody.
Summarize
From the analysis of the above multiple events, the amount of losses increased compared to April and May, and there were two hacker attacks with losses exceeding 10 million US dollars: the game platform Gala Games lost 22.5 million US dollars due to private key leakage, and Sonne Finance lost 20 million US dollars due to contract vulnerabilities. The Zero Time Technology Security Team recommends that project parties always remain vigilant, and do a good job in internal security training and authority management to improve employees’ security awareness and avoid internal evil.
