August Security Monthly Report | Phishing Scams Sweep $290 Million, Revealing On-Chain Security Offense and Defense

Author: OKLink

In August, the cumulative losses from on-chain security incidents across the network amounted to approximately $316 million, a month-on-month increase of 9.3%.

The losses from phishing scams accounted for 93.37% of the total losses, exceeding $296 million. Phishing tweets hide traps, and users should not click on unverified links. Users need to learn to use Web3 on-chain tools to mitigate risks, establish their own security operating procedures, and strictly adhere to them to ensure the safety of their funds.
Click the video for Fraud Prevention Tips

The losses from REKT incidents accounted for 5.97%, totaling approximately $18.93 million. The losses from RugPull incidents accounted for 0.19%, totaling approximately $590,000.

Largest Security Incident - Phishing Scam

On August 19, a suspicious transfer involving 4,064 BTC occurred, amounting to approximately $238 million, and the funds were quickly transferred to multiple accounts including ThorChain and eXch.

As of August 27, $205,000 has been recovered.

Largest Security Incident - Private Key Leak

On August 7, Nexera was compromised due to contract management credentials being obtained by malware, resulting in the theft of 47.2 million NXRA tokens, with losses of approximately $1.5 million.

Largest Security Incident -REKT

On August 6, the gaming blockchain Ronin was attacked due to a failure to properly initialize after a bridge contract upgrade. The attacker extracted approximately 4,000 ETH and 2 million USDC from the bridge, valued at approximately $12 million.

As of August 7, white hats returned $12 million worth of assets and received an additional $500,000 bounty from the project team.

Largest Security Incident -RugPull

On August 16, a RugPull occurred on SIGMA on Solana, where the deployer obtained 2,381.6 SOL by selling their tokens, resulting in losses of approximately $330,000.

Case Analysis

On August 6, the gaming blockchain Ronin was suspected to have been attacked, with the attacker extracting approximately 4,000 ETH and 2 million USDC from the bridge, valued at approximately $12 million.

Process Analysis:

1) The Ronin team mistakenly upgraded the Axie Infinity: Ronin Bridge V2 contract, changing the implementation of its contract from MainchainGatewayV3 (old) to MainchainGatewayV3 (new), and called the initializeV4 method of MainchainGatewayV3 (new) for initialization;

2) The attacker discovered that the _totalOperatorWeight of MainchainGatewayV3 (new) was uninitialized, currently at 0, allowing them to bypass signature verification when extracting funds. The attacker passed arbitrary signature data and directly extracted 3,996.09375 ETH;

3) In the second attack transaction, the attacker passed an arbitrary signature and directly extracted 1,998,046 USDC;

4) The attacker exchanged 1,998,046 USDC for 796 WETH through Uniswap.

OKLink Tips

August saw significant losses due to phishing scams. OKLink reminds everyone not to disclose your private keys or mnemonic phrases to anyone. Think twice before connecting your wallet, and before authorizing, use the OKLink Token Authorization Management Tool to prevent risks, keeping contract risks under control with multiple safeguards.