ChainCatcher news, Fuzzland co-founder Chaofan Shou stated on social media that the decentralized trading platform Clipper was hacked due to an API vulnerability (such as private key leakage). Currently, losses exceed $500,000, with $6.5 million at risk. He urges users to withdraw their funds immediately.

According to ChainCatcher, a report from the security firm stated that in October 2024, there were a total of 20 hacker attacks in the cryptocurrency sector, resulting in losses of approximately $88.47 million. The top 5 hacker attacks include:RadiantCapital: $53 million (bridged to Ethereum);U.S. government seized funds: $20 million (returned);Eigenlayer: $5.7 million (money laundering transferred to HitBTC, Bybit);TapiocaFoundation: $4.7 million (BNBChain);SUNRAYFINANCE: $2.86 million (BNBChain).

ChainCatcher news, according to Beosin Alert monitoring and early warning, as of September 25, the total loss in the Web3 sector due to hacker attacks, phishing scams, and project Rug Pulls in Q3 2024 has reached $730 million. Among them, there were 23 major attack incidents, with a total loss of approximately $430 million; 3 project Rug Pull incidents, with a total loss of about $4.24 million; and total losses from phishing scams amounting to approximately $295 million.In terms of the types of attacked projects, the highest losses were incurred by CEX, with 3 attacks on CEX causing approximately $297 million in losses, accounting for about 40.6% of all attack losses.In terms of losses by chain, Ethereum remains the chain with the highest loss amount and the most attack incidents. 21 attacks and phishing incidents on Ethereum caused losses of $348 million, accounting for about 47.6% of the total losses.Regarding attack methods, there were 5 private key leakage incidents in Q3, resulting in losses of $305 million, accounting for about 41.7% of the total attack losses, making it the most prevalent type of attack.In terms of the flow of funds, only about $16.9 million of the stolen funds have been frozen or recovered. The vast majority (approximately 78.9%) of the stolen funds are still stored in the attackers' on-chain addresses.Compared to the same period in 2023, the total losses due to hacker attacks, phishing scams, and project Rug Pulls in Q3 2024 have slightly decreased to $730 million (the figure for Q3 2023 was $889 million). Factors such as the decline in cryptocurrency prices in Q3 2024 have had some impact on the reduction of the total amount, but overall, the situation in the Web3 security sector remains grim. Among the more than twenty attack incidents in Q3, 18 were still due to contract vulnerabilities, suggesting that project parties should seek professional security companies for audits before going live.

ChainCatcher message, BingX Chief Product Officer Vivien Lin posted on X platform: "Around 4 AM, the technical team detected abnormal network access and suspected that BingX's hot wallet was under a hacker attack. An emergency plan was immediately activated, including urgent asset transfers and suspension of withdrawals. Currently, there has been a small amount of asset loss, but the amount is not significant and is still being counted.To protect user assets, we have adopted a layered management system, with most assets stored in cold wallets and only a very small amount stored in hot wallets for withdrawals. To ensure safety, we are conducting emergency checks and strengthening wallet services, temporarily suspending withdrawals. We sincerely apologize for the inconvenience caused. Withdrawals will be restored within 24 hours at the latest."

ChainCatcher message, according to the monitoring by Shield, the Witnesschain Discord server has been hacked. Users are advised not to click on any links.

ChainCatcher message, Firn Protocol posted on X: "Two days ago, on-chain detective ZachXBT notified us that an attacker started depositing relatively small amounts into Firn. Thanks to ZachXBT's efforts and our timely actions, we were able to freeze and recover approximately 80 ETH that the attacker deposited. These ETH have been handed over to ZachXBT, who is coordinating their return to the victims."

ChainCatcher news, according to CoinDesk, a report from blockchain security company Halborn shows that although the amount stolen in 2023 has decreased, decentralized finance (DeFi) hacking remains a major threat to the industry.The report summarizes the 100 largest DeFi hacking incidents that occurred between 2016 and 2023, with a total amount reaching $7.4 billion, most of which took place on Ethereum, Binance Smart Chain, and Polygon. While on-chain hacks (including smart contract exploits, price manipulation, and governance attacks) are the most common, off-chain attacks such as private key theft account for 29% of total attacks and 34.6% of stolen funds. In 2023, off-chain attacks accounted for 56.5% of total attacks and 57.5% of the stolen amount.The report adds that only 21% of the hacked protocols used multi-signature wallets. Most on-chain attacks occurred on unaudited protocols, and the lack of proper input validation or confirmation in protocols is a major reason for losses due to smart contract exploits. Cross-chain bridges remain a primary attack vector for malicious actors.

ChainCatcher news, according to monitoring by blockchain security audit company Beosin Alert, shows that in July 2024, the loss amount from various security incidents significantly increased compared to June. In July 2024, there were over 20 typical security incidents, with total losses from hacker attacks, phishing scams, and Rug Pulls reaching $286 million, an increase of approximately 56.3% compared to June.Among these, attack incidents accounted for about $271 million, an increase of approximately 92.2%; phishing scam incidents accounted for about $12.1 million, a decrease of approximately 67.6%; and Rug Pull incidents accounted for about $3.58 million, a decrease of approximately 13.1%.The largest hacking incident in July came from the Indian exchange WazirX, with losses of about $230 million, accounting for 85% of the total amount from attack incidents that month. The second largest attack incident was LI.FI, which lost about $11.6 million due to a contract vulnerability. This month also saw multiple phishing scams and rug pull incidents exceeding one million dollars, and users need to remain vigilant.

ChainCatcher news, the decentralized AI network Bittensor officially announced that its community participants experienced a serious security attack on July 2. The Bittensor Foundation has taken urgent action to block further fund outflows and has launched an in-depth investigation into the attack.The attack originated from a malicious program disguised as a legitimate Bittensor package in the PyPi package manager version 6.12.2. When users downloaded this package and decrypted their cold wallet keys, the decrypted bytecode was sent to the attacker's remote server, resulting in stolen funds. The users primarily affected were those who downloaded the Bittensor PyPi package and performed transactions, staking, delegation, and other operations between May 22 and 29. The Bittensor Foundation has removed the malicious package from PyPi and conducted a comprehensive review of the code, finding no other vulnerabilities at this time.To mitigate losses, the Bittensor Foundation has placed validation nodes behind a firewall and activated a security mode on Subtensor. The Bittensor blockchain has paused all transactions and will not resume normal operations until the vulnerabilities are fixed. The foundation is working with trading platforms to attempt to recover the stolen funds.The Bittensor Foundation stated that it will learn from this incident, improve the package verification process, increase the frequency of external audits, and enhance security standards and monitoring levels. The foundation urges users to transfer their funds to new wallets as soon as possible and to upgrade to the latest version of the Bittensor package.

According to ChainCatcher news, monitoring and early warning from Beosin Alert shows that in the first half of 2024, the total losses in the Web3 field due to hacker attacks, phishing scams, and project rug pulls reached 1.54 billion USD. Among them, there were 78 major attack incidents, with 43 stemming from contract vulnerabilities, resulting in total losses of approximately 1.193 billion USD; there were 64 project rug pull incidents, with total losses of about 119 million USD; and phishing scams accounted for total losses of approximately 232 million USD.In the first half of 2024, there were 3 security incidents with losses exceeding 100 million USD. The total loss in May reached 450 million USD, making it the month with the highest losses in the first half of 2024.In terms of the types of attacked projects, the highest losses were from CEX, with 4 attacks on CEX causing approximately 392 million USD in losses, accounting for 32.8% of all attack losses.Regarding losses by chain, Ethereum remains the chain with the highest losses and the most attack incidents. 32 attack incidents on Ethereum resulted in losses of 470 million USD, accounting for 39.4% of the total losses.In terms of attack methods, there were a total of 22 private key leakage incidents in the first half of the year, causing losses of 894 million USD, which accounted for about 75% of the total attack losses, making it the most prevalent attack type.In terms of fund flow, approximately 470 million USD (39.3%) of the stolen funds were frozen or recovered. This proportion has significantly increased compared to 2023.

ChainCatcher news, according to monitoring by blockchain security audit company Beosin Alert, the total loss from various security incidents in May 2024 increased compared to April. In May 2024, there were over 27 typical security incidents, with a total loss of 154 million USD due to hacker attacks, phishing scams, and Rug Pulls, an increase of about 52.5% compared to April. Among them, attack incidents accounted for about 54.51 million USD, an increase of about 3.7%; phishing scam incidents accounted for about 97.4 million USD, an increase of about 754%; and Rug Pull incidents accounted for about 2.04 million USD, a decrease of about 94.5%.This month, there were 2 hacker attack incidents with losses exceeding 10 million USD: the gaming platform Gala Games lost 22.5 million USD due to private key leakage, and Sonne Finance lost 20 million USD due to a contract vulnerability. This month saw a significant increase in phishing scams, with multiple phishing incidents resulting in losses exceeding 1 million USD, including one address poisoning scam with a loss of 72 million USD. The number of crypto crime cases continued to rise this month, with several cases involving amounts exceeding 100 million USD.

ChainCatcher news, Web3 security company Ancilia monitors that the cross-chain lending protocol Pike Finance has allegedly suffered another hacker attack, resulting in a loss of 479 ETH.ChainCatcher previously reported that the official account of the cross-chain lending protocol Pike Finance stated on social media that the USDC pool on the Pike Beta test version was attacked by hackers at 8:13 AM Beijing time on April 26, with 299,127 USDC stolen.

ChainCatcher message, based on Telegram, the full-chain Web3 ecosystem xBlast stated on the X platform that it has encountered a hacker attack, with the attacker transferring XBL tokens from the project's main wallet to a wallet starting with 602a7b and selling them for approximately 22 ETH.xBlast proposed a solution to deploy a new XB token and restore liquidity, providing fair compensation for all losses.xBlast reminds users not to purchase XBL tokens on DEX and will resolve all issues within the next 12 hours.

ChainCatcher news, according to monitoring by Shield, hackers launched 21 attacks in February 2024, stealing approximately $360 million, an increase of 97.6% compared to January 2024. Additionally, about 1.8% of the stolen funds have been returned, totaling approximately $6.7 million.

ChainCatcher news, according to monitoring by the blockchain security audit company Beosin's KYT anti-money laundering analysis platform, the loss amount from various security incidents significantly increased in February 2024 compared to January. In February 2024, there were more than 19 typical security incidents, with total losses due to hacker attacks, phishing scams, and Rug Pulls reaching $422 million, an increase of about 102% compared to January. Among these, attack incidents accounted for approximately $347 million, an increase of about 110%; phishing scam incidents were about $16.08 million, a decrease of about 52%; and Rug Pull incidents were approximately $59.38 million, an increase of about 440%.The largest attack incident in February was the attack on the crypto gaming platform PlayDapp due to private key leakage, resulting in a loss of $290 million, making it the highest loss security incident of the year so far. Other incidents with losses exceeding ten million dollars include: the centralized exchange FixedFloat being attacked, resulting in a loss of $26.1 million; Axie Infinity co-founder Jihoz.ron’s personal address losing about $10 million due to private key leakage. Additionally, the Hong Kong exchange Bitforex is suspected of experiencing a Rug Pull, with $56.5 million anomalously flowing out of its hot wallet.