Losses from breaches, hacks, and scams totaled $1.782 billion in February
The monthly security event highlights of Zero Hour Technology have begun! According to statistics from some blockchain security risk monitoring platforms, the losses caused by vulnerabilities, hackers and fraud in February 2025 were about 1.782 billion US dollars, and 20 cryptocurrency hacker attacks occurred, causing a loss of about 1.51 billion US dollars, with 52.45 million US dollars frozen or returned. According to statistics from Web3 anti-fraud platform Scam Sniffer, there were 7,442 victims of phishing incidents this month, with a loss of 5.32 million US dollars.
Hacker attack
7 typical security incidents
(1) On February 5, the Noneage security team monitored a series of attacks on Ionic Money on Mode Chain. The main cause of this vulnerability was that the IonicMoney project did not verify whether the contract corresponding to the asset was officially deployed when creating the lending pool, resulting in the undelying asset of the lending pool being a fake token. This attack resulted in a total loss of approximately 8.5 MUSD.
(2) On February 12, the decentralized finance (DeFi) protocol zkLend suffered a major security vulnerability, resulting in the theft of about 3,300 ETH (about 8.5 million US dollars). The attacker exploited a vulnerability in the zkLend smart contract to withdraw user funds from its liquidity pool without authorization and quickly concentrated the funds into a wallet controlled by the attacker. After the incident, the zkLend team took quick action and issued an announcement through its Ethereum ZEND token deployer account and confirmed the authenticity of the statement through its official X account.
(3) On February 12, according to the monitoring of the Noneage security team, the Four.meme project was attacked. Four.meme is a memecoin launchpad incubated by Binance Academy that is similar to pump.fun. The cause of this vulnerability is that when Four.meme’s bonding curve process on the internal disk was 100%, it was migrating to DEX. CreateAndInitializePoolIfNecessary was used to create the PancakeSwap trading pair. It did not take into account the situation that the trading pair had been created in advance, because it mistakenly used the trading pair that the attacker had created and initialized in advance, and added liquidity using the wrong price set by the attacker. As a result, the price of the memecoin skyrocketed after the migration, and then the attacker used the memecoin in his hand to empty the WBNB in the pool to complete the attack. The total loss of this attack was about 15,000 USD.
(4) On February 18, Abstract discovered that the Cardex application in The Portal had a security incident, affecting approximately 9,000 wallets and losing a total of approximately $400,000 in ETH. The key in the Cardex front-end code was leaked, resulting in the intrusion of the session signature wallet. Since the session signature wallet was shared by all sessions, all users who created sessions on Cardex were affected.
(5) On February 21, the Noneage security team detected a major security incident involving the Bybit exchange. At 02:16 UTC that night, we detected that the Bybit Cold Wallet initiated a large transfer of 401,346 ETH, 8,000 mETH, 90,375 stETH and 15,000 cmETH worth approximately 1.5 BillionUSD. In this attack, the Bybit exchange lost a total of US$1.5 billion. According to the information currently available, the fund tracking and freezing work of the Bybit theft incident is still ongoing. As of March 3, with the coordinated efforts of multiple parties, Bybit has successfully frozen approximately US$43.65 million of stolen funds.
(6) On February 24, Certik Alert detected suspicious fund outflows from unverified contracts on Ethereum, worth about $49.5 million. Hackers converted the funds into DAI and exchanged them for 17,696 ETH. DeFi community YAM pointed out that it was suspected that Infini Earn Funds were stolen. According to SlowMist Cosine monitoring, the Infini hacker is very technical and understands the operation of smart contracts. Only with a private key can he steal the funds in his Vault and related strategies. He stole twice: 11,455,666 USDC and 38,060,996 USDC. The reason for the theft was the leakage of private keys and excessive permissions.
(7) On February 27, the CyversAlerts artificial intelligence system detected suspicious transactions related to suji_yan. A suspicious address received nearly 4M digital assets, including: 113 ETH, 923 WETH, 301 ezETH, 156 weETH, 90 pufET, 48.4K MASK, 50K USDT, 15 swETH. The stolen assets were immediately exchanged for ETH and distributed to six different addresses.
Rug Pull / Phishing Scam
4 Typical Security Incidents
(1) On February 6, the address starting with 0x2993 lost $156,183 worth of mooConvexETH+, FLUID, and aEthWETH after signing multiple phishing signatures.
(2) On February 18, the address starting with 0x1cab lost $308,500 worth of TEL after signing phishing transactions.
(3) On February 18, the address starting with 0x356e lost $629,812 worth of Aave WETH and 2 Doodles after signing multiple phishing transactions.
(4) On February 27, the address starting with 0xadfc lost $158,300 worth of PENDLE-LPT after signing phishing transactions.
Summarize
In February, the losses caused by cryptocurrency hacking reached $1.51 billion. It became the heaviest loss in the history of cryptocurrency, with the Bybit incident alone losing $1.43 billion. In addition, $52.45 million in funds were successfully frozen or recovered. Faced with frequent attacks, many parties in the industry responded quickly, actively participated in the action of curbing losses, and fought against malicious acts with all their strength. At the same time, the overall defense system of the industry is gradually being strengthened, and the collaboration mechanism is becoming more mature and efficient. Finally, the Noneage security team recommends that project parties always remain vigilant and remind users to beware of phishing attacks. It is recommended that users fully understand the background and team of the project before participating in the project, and carefully choose investment projects. In addition, internal security training and authority management should be carried out, and professional security companies should be found to conduct audits and conduct project background investigations before the project goes online.
