Cryptocurrency vulnerabilities and scams cost $38.71 million in losses in March
Lunaray monthly security event highlights have begun! According to statistics from some blockchain security risk monitoring platforms, there were more than 60 cryptocurrency hacking incidents in the first quarter of 2025, with a total loss of $1.629 billion, a year-on-year increase of 131% compared with $706 million in the first quarter of 2024. There were 20 cryptocurrency hacking attacks in March, with more than $38.71 million in stolen funds. However, the total loss has decreased due to the successful recovery of part of the stolen funds (about 90%) by the decentralized exchange aggregator 1inch.
Hacker attack
7 typical security incidents
(1) On March 7, the 1inch team discovered a vulnerability in its old version of the Fusion v1 parser smart contract. According to the SlowMist security team, the incident caused a loss of approximately 2.4 million USDC and 1,276 WETH, totaling more than 5 million US dollars. The official confirmed that the vulnerability did not affect the funds of end users, and the only affected object was the parser contract using Fusion v1. 1inch has taken measures and is continuing to follow up on the security situation. At present, 90% of the funds have been recovered.
(2) On March 13, Cointelegraph reported that in the past few days, at least three crypto project founders reported that they had successfully thwarted suspected North Korean hackers’ attempts to steal sensitive data by faking Zoom calls. On March 11, Nick Bax, a member of the white hat hacker group “Security Alliance”, posted a warning on the X platform that North Korean scammers have used this method to steal millions of dollars from victims. In addition, earlier today, blockchain security company CertiK said that after a series of high-profile hacker attacks, it was found that Lazarus Group was using mixers to transfer crypto assets, and it had detected 400 Ethereum deposited into the Tornado Cash mixer service, worth about $750,000.
(3) On March 14, the Zero Hour Technology Security Team detected an attack on the BNB Smart Chain project H2O. The main cause of this vulnerability was that when the H20 Token contract designed the economic model of buying from PancakeSwap Pair, it did not consider that skim could also achieve the same purpose when modifying the ERC20 transfer function, resulting in the attacker using skim to obtain a large amount of incentives out of thin air. This attack caused a total loss of USD 22,000.
(4) On March 17, Wemix Foundation, a blockchain subsidiary of Wemade, disclosed that it had lost about 8.65 million WEMIX tokens (worth about $6.22 million) due to a hacker attack. Its CEO Kim Seok-hwan said that the hacker was unlikely to be the North Korean organization Lazarus Group, but a professional who infiltrated the system by stealing the service monitoring authentication key of the NFT platform Nile. It is reported that the hacker prepared for the attack for two months and then made 15 withdrawal attempts by creating abnormal transactions, 13 of which were successful. Kim Seok-hwan also revealed that it plans to reopen all services of Wemix on Friday and will upgrade security measures on the new blockchain infrastructure.
(5) On March 18, according to the monitoring of the Zero Hour Technology Security Team, the Four.meme platform was attacked by hackers. Four.meme is a memecoin launchpad incubated by Binance Academy similar to pump.fun. The loss of this attack was about 180,000 USD.
(6) On March 22, the RWA project Zoth released an update on the theft, stating that the team is actively investigating the theft and working with professional experts to track down and recover the stolen funds. In addition, Zoth has partnered with Crystal Blockchain BV to fully investigate the incident. 73% of the Zoth platform’s TVL (total locked value) has been immediately secured with the help of the asset issuer. A detailed report will be shared in a few weeks. Zoth announced that it has set up a public bounty of $500,000. Any actionable clues that help recover the funds will be rewarded from the bounty. Previously, Zoth confirmed that it had suffered a security vulnerability attack and the Zoth attacker had exchanged the stolen funds for 4,223 ETH.
(7) On March 25, Abracadabra officially confirmed that its gmCauldrons product was hacked yesterday, resulting in a loss of approximately 13 million MIM (approximately 6,000 ETH). The DAO Treasury has urgently used part of its assets to repurchase 6.5 million MIM, accounting for 50% of the total loss. The remaining part will be gradually absorbed in the coming months and is expected to be fully repaid by mid-2025. The team is working with security agencies such as Chainalysis to track the whereabouts of the funds. The hacker’s related addresses have been made public, and it is willing to negotiate with the attacker to return the funds for the vulnerability bounty. Previously, the GMX and MIM_Spell related contracts had been hacked, resulting in a loss of approximately US$13 million.
Rug Pull / Phishing Scam
3 Typical Security Incidents
(1) On March 12, the address 0xa4C1…683f suffered a phishing attack, resulting in a loss of approximately $1.82 million.
(2) On March 19, aixbt suffered a phishing attack and lost 55.5 ETH. The dashboard has been suspended for security upgrades.
(3) On March 24, a user lost $329,743 in assets due to a phishing authorization signed 408 days ago.
Summarize
In March, the largest loss was caused by code vulnerabilities, exceeding $14 million; more than $8 million was stolen due to wallet hacking. The most serious loss in March was the exploitation of a smart contract vulnerability in the decentralized lending protocol Abracadabra.money on March 25, resulting in a loss of about $13 million.
The Noneage security team recommends that project owners prioritize multiple audits and real-time monitoring of smart contract vulnerabilities, strictly use multi-signature wallets and hardware isolation solutions to manage assets, and clear unnecessary authorizations; at the same time, establish a rapid response mechanism, preset emergency pause functions and regularly drill attacks and defenses, configure on-chain insurance and emergency funds pools; in addition, security health assessments should be conducted every quarter, and audit reports should be NFT-ed to ensure transparency and verifiability.
