Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million
Lunaray’s monthly security incident highlights have begun! According to statistics from some blockchain security risk monitoring platforms, in October 2024, the amount of losses from various security incidents increased compared to September. In October, more than 28 typical security incidents occurred, and the total loss amount caused by hacker attacks, phishing scams and Rug Pulls reached 147 million US dollars, an increase of about 22.5% from September, and 19.3 million US dollars were returned. In addition, according to statistics from the Web3 anti-fraud platform Scam Sniffer, there were 12,058 victims of phishing incidents this month, with a loss scale of 18.04 million US dollars.
Hacker attack
5 typical security incidents
(1) On October 5, EigenLayer posted on X: An independent attack occurred this morning, and an email thread involving investors transferring tokens to escrow was compromised by a malicious attacker. As a result, 1,673,645 EIGEN tokens were mistakenly transferred to the attacker’s address. The attacker sold these stolen EIGEN tokens through decentralized exchange platforms and transferred stablecoins to centralized exchanges. We are in contact with these platforms and law enforcement agencies. Some funds have been frozen.
(2) On October 17, the lending protocol Radiant Capital tweeted that its lending market on the BNB Chain and Arbitrum networks was hacked, and the markets on the Base network and Ethereum mainnet were also suspended. The Zero Hour Technology security team analyzed that the root cause of this attack was that the hardware wallets of three core developers were hacked. The front-end of the hardware wallet displayed a normal and compliant signature, but in fact the operation was to sign an attack transaction constructed by the hacker himself. When the three core developers signed, the attack was completed. The attack caused a total loss of US$58 million.
https://mp.weixin.qq.com/s/7v2i8piOMBO2gs6f6lY53g
(3) On October 18, Tapioca DAO suffered a major security breach. The attacker obtained the relevant private keys through social engineering attacks and stole about $4.7 million in cryptocurrencies. On October 25, Tapioca DAO released an incident analysis report stating that the security breach occurred because the attacker successfully hacked into the private key of a core contributor responsible for smart contract development. SEAL911 confirmed that the attacker was a North Korean hacker group that used an infectious interview attack method to inject malware into the contributor’s computer to obtain the private key of his address for theft.
(4) On October 25, USDC/USDT/aUSDC/ETH worth $20.71 million was stolen from the address of the Bitfinex hacker funds managed by the U.S. government. After the stolen funds were transferred to the address 0x348…40A9f, some stablecoins were exchanged for 2,709 ETH, worth $6.8 million. The exchanged ETH has been distributed to Binance and two new addresses, and the hacker wallet currently still holds AUSDC worth $13.2 million. Subsequently, about $19.3 million in tokens were returned to the U.S. government address.
(5) On October 31, the SUNRAY FINANCE private key was leaked; the attacker gained ownership of the SUN and ARC tokens and minted a large number of tokens, which were then sold to exhaust the trading pairs. At present, the attacker has stolen $2.855 million. Previously, SUNRAY FINANCE issued an announcement saying: “Regarding the transfer of SUN and ARC token vault assets, efforts are being made to restore them. Don’t worry, all user assets are available on the chain.”
Rug Pull / Phishing Scam
11 Typical Security Incidents
(1) On October 6, the address starting with 0x213b was phished. This person withdrew funds from MEXC by signing a phishing transaction “approved” and lost $100,000 in just 20 minutes.
(2) On October 7, the address starting with 0x5bfb was phished, resulting in the loss of $192,000 in steakLRT.
(3) On October 9, the address starting with 0x63e4 was phished, resulting in the loss of $133,000 in VOW.
(4) On October 11, the address starting with 0xeab2 lost 15,079 fwDETH ($35 million) after signing a phishing signature for “license”.
(5) On October 14, the address starting with 0xb0b8 lost $1.39 million worth of PEPE, MSTR, and APU after signing a phishing signature for “permit2”.
(6) On October 15, a holder who made 20x profit on MSTR lost $347,868 after signing a phishing transaction for “transfer”.
(7) On October 18, the address starting with 0x84b7 was phished, resulting in a loss of $800,000 in mETH.
(8) On October 21, the address starting with 0x2Ff7 was phished, resulting in a loss of $148,000 in BEAM.
(9) On October 25, the address starting with 0x05f5 lost $126,000 worth of HyPC after signing a phishing transaction for “increase allowance”.
(10) On October 26, a victim lost approximately $40,000 after signing phishing signatures for SOL and Bonk.
(11) On October 31, the address starting with 0x3d00 was attacked by a phishing attack, resulting in a loss of 10 BTC (US$723,436).
Summarize
From the analysis of the above multiple events, the hacker attacks in October were diverse. In addition to the common contract vulnerability exploitation, account theft, etc., there were also supply chain attacks, price manipulation and other means. In addition, there were two runaway incidents this month that caused losses of tens of millions of dollars. The losses caused by phishing incidents this month have decreased compared with last month, but the number of victims has increased. The Zero Time Technology Security Team recommends that project parties always remain vigilant and remind users to beware of phishing attacks. It is recommended that users fully understand the background and team of the project before participating in the project, and carefully choose investment projects. In addition, internal security training and authority management should be carried out, and professional security companies should be found to conduct audits and conduct project background investigations before the project goes online.
