hacker attacks

Beosin: In Q3 2024, the total losses in the Web3 sector due to hacker attacks, phishing scams, and project rug pulls reached 730 million dollars

ChainCatcher news, according to Beosin Alert monitoring and early warning, as of September 25, the total loss in the Web3 sector due to hacker attacks, phishing scams, and project Rug Pulls in Q3 2024 has reached $730 million. Among them, there were 23 major attack incidents, with a total loss of approximately $430 million; 3 project Rug Pull incidents, with a total loss of about $4.24 million; and total losses from phishing scams amounting to approximately $295 million.In terms of the types of attacked projects, the highest losses were incurred by CEX, with 3 attacks on CEX causing approximately $297 million in losses, accounting for about 40.6% of all attack losses.In terms of losses by chain, Ethereum remains the chain with the highest loss amount and the most attack incidents. 21 attacks and phishing incidents on Ethereum caused losses of $348 million, accounting for about 47.6% of the total losses.Regarding attack methods, there were 5 private key leakage incidents in Q3, resulting in losses of $305 million, accounting for about 41.7% of the total attack losses, making it the most prevalent type of attack.In terms of the flow of funds, only about $16.9 million of the stolen funds have been frozen or recovered. The vast majority (approximately 78.9%) of the stolen funds are still stored in the attackers' on-chain addresses.Compared to the same period in 2023, the total losses due to hacker attacks, phishing scams, and project Rug Pulls in Q3 2024 have slightly decreased to $730 million (the figure for Q3 2023 was $889 million). Factors such as the decline in cryptocurrency prices in Q3 2024 have had some impact on the reduction of the total amount, but overall, the situation in the Web3 security sector remains grim. Among the more than twenty attack incidents in Q3, 18 were still due to contract vulnerabilities, suggesting that project parties should seek professional security companies for audits before going live.

Bittensor: PyPi package vulnerability triggers hacker attack, collaborating with trading platforms to recover funds

ChainCatcher news, the decentralized AI network Bittensor officially announced that its community participants experienced a serious security attack on July 2. The Bittensor Foundation has taken urgent action to block further fund outflows and has launched an in-depth investigation into the attack.The attack originated from a malicious program disguised as a legitimate Bittensor package in the PyPi package manager version 6.12.2. When users downloaded this package and decrypted their cold wallet keys, the decrypted bytecode was sent to the attacker's remote server, resulting in stolen funds. The users primarily affected were those who downloaded the Bittensor PyPi package and performed transactions, staking, delegation, and other operations between May 22 and 29. The Bittensor Foundation has removed the malicious package from PyPi and conducted a comprehensive review of the code, finding no other vulnerabilities at this time.To mitigate losses, the Bittensor Foundation has placed validation nodes behind a firewall and activated a security mode on Subtensor. The Bittensor blockchain has paused all transactions and will not resume normal operations until the vulnerabilities are fixed. The foundation is working with trading platforms to attempt to recover the stolen funds.The Bittensor Foundation stated that it will learn from this incident, improve the package verification process, increase the frequency of external audits, and enhance security standards and monitoring levels. The foundation urges users to transfer their funds to new wallets as soon as possible and to upgrade to the latest version of the Bittensor package.

Beosin: In the first half of 2024, the total losses in the Web3 sector due to hacker attacks and other factors reached 1.54 billion dollars

According to ChainCatcher news, monitoring and early warning from Beosin Alert shows that in the first half of 2024, the total losses in the Web3 field due to hacker attacks, phishing scams, and project rug pulls reached 1.54 billion USD. Among them, there were 78 major attack incidents, with 43 stemming from contract vulnerabilities, resulting in total losses of approximately 1.193 billion USD; there were 64 project rug pull incidents, with total losses of about 119 million USD; and phishing scams accounted for total losses of approximately 232 million USD.In the first half of 2024, there were 3 security incidents with losses exceeding 100 million USD. The total loss in May reached 450 million USD, making it the month with the highest losses in the first half of 2024.In terms of the types of attacked projects, the highest losses were from CEX, with 4 attacks on CEX causing approximately 392 million USD in losses, accounting for 32.8% of all attack losses.Regarding losses by chain, Ethereum remains the chain with the highest losses and the most attack incidents. 32 attack incidents on Ethereum resulted in losses of 470 million USD, accounting for 39.4% of the total losses.In terms of attack methods, there were a total of 22 private key leakage incidents in the first half of the year, causing losses of 894 million USD, which accounted for about 75% of the total attack losses, making it the most prevalent attack type.In terms of fund flow, approximately 470 million USD (39.3%) of the stolen funds were frozen or recovered. This proportion has significantly increased compared to 2023.

Beosin: The total loss amount in the Web3 ecosystem in February due to hacker attacks, phishing scams, and rug pulls reached 422 million USD

ChainCatcher news, according to monitoring by the blockchain security audit company Beosin's KYT anti-money laundering analysis platform, the loss amount from various security incidents significantly increased in February 2024 compared to January. In February 2024, there were more than 19 typical security incidents, with total losses due to hacker attacks, phishing scams, and Rug Pulls reaching $422 million, an increase of about 102% compared to January. Among these, attack incidents accounted for approximately $347 million, an increase of about 110%; phishing scam incidents were about $16.08 million, a decrease of about 52%; and Rug Pull incidents were approximately $59.38 million, an increase of about 440%.The largest attack incident in February was the attack on the crypto gaming platform PlayDapp due to private key leakage, resulting in a loss of $290 million, making it the highest loss security incident of the year so far. Other incidents with losses exceeding ten million dollars include: the centralized exchange FixedFloat being attacked, resulting in a loss of $26.1 million; Axie Infinity co-founder Jihoz.ron’s personal address losing about $10 million due to private key leakage. Additionally, the Hong Kong exchange Bitforex is suspected of experiencing a Rug Pull, with $56.5 million anomalously flowing out of its hot wallet.
ChainCatcher Building the Web3 world with innovators