2024 First Half Blockchain Security and Anti-Money Laundering Report

Author: SlowMist AML Team

Preface

SlowMist Technology has released the "2024 First Half Blockchain Security and Anti-Money Laundering Report" (hereinafter referred to as the "Report"). This report summarizes the key regulatory compliance policies and dynamics in the blockchain industry for the first half of 2024, including but not limited to multi-faceted regulatory positions on cryptocurrencies and a series of core policy adjustments. We have reviewed and summarized blockchain security incidents and anti-money laundering trends for the first half of 2024, interpreted some common money laundering tools and phishing theft techniques, and proposed effective prevention methods and response strategies for such issues. Additionally, we have disclosed and analyzed major phishing criminal organizations such as Wallet Drainers and hacker groups like the Lazarus Group, aiming to provide references for preventing such threats.

Due to space limitations, only key contents from the report are listed here. The complete content can be accessed via the link PDF Download.

I. Background

According to data from CoinMarketCap, as of June 30, 2024, the total market capitalization of the global cryptocurrency market has reached approximately $2.34 trillion, fully demonstrating the increasingly strong growth momentum of the global blockchain market. However, alongside this development, blockchain security is facing increasingly severe challenges. As blockchain applications expand and deepen, attackers have also become more sophisticated and complex, continuously exploiting vulnerabilities in blockchain systems to carry out attacks, resulting in significant losses.

In this context, this report focuses on two major aspects: the security of the blockchain ecosystem and anti-money laundering (AML) security, providing a comprehensive understanding of the current and future security risks in blockchain.

II. Blockchain Security Situation

2.1 Overview of Blockchain Security Incidents

According to incomplete statistics from the SlowMist Hacked incident database, there were a total of 223 security incidents in the first half of 2024, with losses amounting to $1.43 billion. Compared to the first half of 2023 (185 incidents, with losses of approximately $920 million), the losses increased by 55.43%. (Note: Personal losses are not included in this report)

(https://hacked.slowmist.io/)

From an ecosystem perspective, Ethereum suffered the highest losses, reaching $400 million. This was followed by Arbitrum, with approximately $72.46 million, and Blast, with about $70 million. Additionally, BSC had the most security incidents, totaling 57, with losses of approximately $32.12 million.

From the perspective of project sectors, DeFi is the most frequently attacked area. In the first half of 2024, there were a total of 158 DeFi-related security incidents, accounting for 70.85% of the total incidents, with losses reaching $659 million. Compared to the first half of 2023 (111 incidents, with losses of approximately $480 million), the losses increased by 37.29%. Furthermore, security incidents on trading platforms incurred losses of up to $524 million, with the DMM Bitcoin incident alone accounting for $305 million, making it the largest security incident loss in the first half of 2024.

In terms of loss scale, two incidents had losses exceeding $100 million. The following are the Top 10 security attack incidents by loss in the first half of 2024:

Regarding the causes of security incidents, contract vulnerabilities were the most common, with 56 incidents resulting in losses of approximately $104 million. This was followed by security incidents caused by exit scams, totaling 50 incidents.

2.2 Phishing / Theft Techniques

This subsection extracts some phishing and theft techniques disclosed by SlowMist in the first half of 2024:

• Phishing with matching first and last digits
• Malicious browser extensions
• Malicious Trojan programs
• Malicious bookmark phishing
• Signature authorization phishing

III. Anti-Money Laundering Situation

3.1 Anti-Money Laundering and Regulatory Dynamics

This subsection will focus on significant developments in anti-money laundering (AML) and regulatory dynamics in the cryptocurrency field:

• Chinese Courts
• Hong Kong, China
• Singapore
• U.S. Regulation
• European Parliament
• Middle East

3.2 Security Incident Anti-Money Laundering

• Fund Freezing Data

Tether: In the first half of 2024, a total of 374 ETH addresses were blocked, and the USDT-ERC20 assets on these addresses were frozen and could not be transferred.

Circle: In the first half of 2024, a total of 28 ETH addresses were blocked, and the USDC-ERC20 funds on these addresses were frozen and could not be transferred.

With strong support from SlowMist's InMist intelligence network partners, SlowMist assisted clients, partners, and publicly hacked incidents in freezing approximately $24.39 million in funds in the first half of 2024.

• Fund Recovery Data

In the first half of 2024, there were 16 incidents where the attacked parties were able to recover all or part of the lost funds. Among these 16 incidents, the total amount of stolen funds was approximately $113 million, of which nearly $98.64 million was returned, accounting for 87.3% of the stolen funds.

3.3 Hacker Group Profiles and Dynamics

This section provides a detailed analysis of the methods used by the hacker group Lazarus Group and the phishing service Drainers.

• Lazarus Group

• Drainers

3.4 Money Laundering Tools

This section conducts a statistical analysis of the cash flow and direction of money laundering tools Tornado Cash and eXch.

(Tornado Cash: https://dune.com/misttrack/first-half-of-2024-stats)

(eXch: https://dune.com/misttrack/first-half-of-2024-stats)

IV. Conclusion

Overall, we hope this report provides readers with an analysis and interpretation of the current security situation in the blockchain industry, helping them gain a more comprehensive understanding of the security and anti-money laundering status in the blockchain sector, contributing to the development of a secure blockchain ecosystem.

Finally, we would like to thank every ecological partner, including our service clients, media partners, contributors to the Black Book, and SlowMist partners. It is your strong support that has strengthened our determination to continue advancing and being the guardians of blockchain, and we hope to continue our strong collaboration and work together to bring more light to the dark forest of blockchain.