Losses from breaches, hacks, and scams totaled $98 million in January
The monthly security event highlights of Zero Hour Technology have begun! According to statistics from some blockchain security risk monitoring platforms, the losses caused by vulnerabilities, hackers and fraud in January 2025 were about $98 million, and 28 cryptocurrency hacking attacks occurred, of which about $8 million were attributed to phishing. However, compared with the loss of $133 million in January 2024, it has dropped by 44.6%. It has dropped by 56% compared with the loss of $23.58 million in December 2024.
Hacker attack
7 typical security incidents
(1) On January 8, users of Orange Finance (a DeFi protocol on Arbitrum) had over $800,000 stolen from them. The attacker was able to access the protocol’s administrative keys and used those keys to perform a malicious upgrade to the protocol’s contracts, thereby stealing the wallets of all users with valid token approvals for the protocol.
(2) On January 8, Moby had a private key leak that affected some LP assets in certain protocols. They stated that this was not a security issue related to the protocol smart contract, but rather an attempt by hackers to steal funds by simply upgrading existing smart contracts using stolen proxy private keys. Finally, tonykebot took advantage of the lack of protection in the UUPS implementation and carried out a successful white hat rescue operation, returning 1.47 million USDC obtained by hackers from the on-chain options protocol Moby to the project owners.
(3) On January 13, according to the monitoring of the Zero Hour Technology Security Team, UniLend on the EVM chain was attacked and lost about $197,000. The cause of this vulnerability was that when Unilend was redeeming, it did not subtract the amount of collateral that should be transferred out when calculating the amount of collateral, resulting in the amount of collateral after the wrong calculation being higher than the amount of collateral actually owned by the attacker, and the exchange that should not have been successful was successfully completed. Ultimately, the attacker emptied the project’s stETH tokens.
For a detailed attack analysis, please click this link:
(4) On January 15, the Noneage project team detected multiple attacks on the Ethereum chain project Sorra, which caused a total loss of 41,000 USD. The cause of this vulnerability is that the Sorra project did not determine whether the user had already withdrawn the reward when the user withdrew, resulting in the user being able to repeatedly withdraw the reward through a large number of operations. The attacker used the above vulnerability to initiate multiple transactions and withdraw all the SOR Tokens in the Sorra project.
For detailed attack analysis, please click this link:
(5) On January 21, Forta detected a $324,000 vulnerability on TheIdolsNFT.
(6) On January 23, the hot wallet of the Singapore-based Phemex cryptocurrency exchange was attacked, resulting in a loss of approximately US$70 million.
(7) On January 24, according to the monitoring of the SlowMist security team, due to the lack of input validation in ODOS, the vulnerability has been exploited on multiple chains, resulting in a loss of approximately US$100,000. ODOS tweeted that the attack exploited a vulnerability in its audited executor contract and stole the revenue stored in the contract, but did not affect any user funds.
Rug Pull / Phishing Scam
10 Typical Security Incidents
(1) On January 2, a $VIRTUAL holder holding approximately 39 times ($196,396) of tokens lost all tokens due to an “increase limit” phishing transaction.
(2) On January 3, a $RLB holder lost all tokens worth approximately $1 million due to a “Uniswap Permit2” phishing signature.
(3) On January 6, the address starting with 0x5167 lost $155,256 worth of EIGEN after signing an “increase allowance” phishing transaction.
(4) On January 7, the address starting with 0x8536 lost $103,020 worth of tokens after signing a “Uniswap Permit2” phishing transaction.
(5) On January 8, the address starting with 0x3402 lost $474,422 worth of $OLAS, $SEKOIA, $VIRTUAL, and $FJO after signing multiple phishing signatures.
(6) On January 14, the address starting with 0x00c0 lost $263,255 worth of $VIRTUAL after signing a phishing transaction.
(7) On January 17, the address starting with 0x80dc lost $426,106 worth of USUALUSDC+ after signing a “license” phishing signature.
(8) On January 20, the address starting with 0x1e70 lost $135,068 worth of WETH after signing a “permit” phishing signature.
(9) On January 22, the address starting with 0x3149 lost $553,045 worth of $PAXG after signing the “transfer” phishing transaction.
(10) On January 29, the address starting with 0xeb2 lost $384,645 worth of $LINK after signing the “increaseApproval” phishing transaction.
Summarize
In January, cryptocurrency phishing scams stole $10.25 million from 9,220 victims, a 56% drop from the $23.58 million loss in December. However, criminals are constantly evolving and adopting more sophisticated attack methods.
The Noneage security team recommends that project owners always remain vigilant and remind users to beware of phishing attacks. Users are advised to fully understand the background and team of the project before participating in the project, and carefully choose investment projects. In addition, internal security training and permission management should be carried out, and professional security companies should be found to conduct audits and conduct project background checks before the project goes online.
