ChainCatcher news, the cybersecurity company Doctor Web recently reported that it has detected malware disguised as legitimate software, such as office programs, game cheat programs, and online trading bots. This cryptocurrency hijacking and stealing software has infected over 28,000 users, primarily in Russia, but also including Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.According to Doctor Web, the hackers have only obtained cryptocurrency worth about $6,000. However, it is unclear how much the creators of the malware have earned from cryptocurrency mining. The cybersecurity company stated that the sources of the malware include fraudulent GitHub pages and YouTube video descriptions with malicious links.Once a device is infected, the secretly deployed software hijacks computing resources to mine cryptocurrency. The "Clipper" also monitors cryptocurrency wallet addresses copied to the device's clipboard, then the malware replaces it with an address controlled by the attacker - this is how they steal small amounts of cryptocurrency.

ChainCatcher news, according to CoinDesk, a dozen cryptocurrency companies unknowingly employed IT workers from the Democratic People's Republic of Korea (DPRK), including established blockchain projects such as Injective, ZeroLend, Fantom, Sushi, Yearn Finance, and Cosmos Hub. These workers used fake IDs, successfully passed interviews, cleared background checks, and provided real work experience.In the United States and other countries that sanction North Korea, hiring North Korean workers is illegal, and multiple companies that employed North Korean IT staff subsequently suffered hacking attacks. Noted blockchain developer Zaki Manian stated, "Everyone is trying to filter these people out." He inadvertently hired two North Korean IT workers to help develop the Cosmos Hub blockchain in 2021.U.S. authorities have recently intensified warnings that North Korean IT workers are infiltrating tech companies and using the proceeds to fund nuclear weapons programs. An investigation revealed that North Korean job seekers are particularly aggressive and frequent in targeting cryptocurrency companies—successfully passing interviews, clearing background checks, and even showcasing impressive code contribution histories on the open-source software repository GitHub.

ChainCatcher message, Uniswap Labs CEO Hayden Adams posted on the X platform that scammers are using hacked United Nations accounts or other accounts with altered names and gray checkmarks to send direct messages to cryptocurrency users. These messages often contain enticing offers or requests aimed at tricking users into clicking malicious links or providing personal information. This is a scam; please do not reply to or interact with these messages, just ignore them. If you have any questions, please verify the authenticity of the account directly through official channels.

ChainCatcher news, according to PeckShieldAlert monitoring, in June 2024, there were over 20 hacking incidents in the cryptocurrency sector, resulting in losses of approximately $176.2 million. This marks a decrease of 54.2% compared to May 2024 (hacker profits were about $385 million).

ChainCatcher news, according to The Block, the Web3 vulnerability bounty platform Immunefi reports that the cryptocurrency industry lost up to $572.7 million in the second quarter of 2024 due to hacking and scams, a 70.3% increase from Q1. DMM Bitcoin and BtcTurk suffered losses of $305 million and $55 million, respectively, becoming the main victims. Centralized finance (CeFi) became the primary target in Q2, accounting for 70% of total losses. Among all losses, hacking accounted for 98.5% ($564.2 million), primarily targeting the Ethereum and BNB Chain networks, with 34 and 18 attack incidents occurring, respectively. Immunefi founder Mitchell Amador emphasized that strengthening infrastructure security is crucial for protecting the entire ecosystem.

ChainCatcher message, Cyber posted on X that its official Discord server was attacked and a phishing link was posted in the announcement channel.The official reminder to community users is to never interact with the attached announcement and not to click on any links.

ChainCatcher news, ZachXBT stated that between August 2020 and October 2023, the North Korean hacker group Lazarus Group laundered $200 million into fiat currency through more than 25 cryptocurrency hacks.

ChainCatcher news, according to Beosin Alert monitoring and early warning, the total loss in the Web3 sector due to hacker attacks, phishing scams, and project Rug Pulls reached 778 million USD in the first quarter of 2024. Among them, there were 39 major attack incidents with a total loss of approximately 617 million USD; 43 project Rug Pull incidents with a total loss of about 75.5 million USD; and phishing scams with a total loss of approximately 86.24 million USD.The total loss in the first quarter of 2024 was about 778 million USD, a year-on-year increase of approximately 126% and a quarter-on-quarter increase of about 72%. The losses from hacker attacks were higher than any quarter in 2023. The total loss in February reached 422 million USD, making it the month with the highest loss in the first quarter of 2024.In terms of the types of attacked projects, gaming platforms have become the project type with the highest loss amount for the first time. Six attacks on Web3 gaming platforms caused a total loss of 365 million USD, accounting for 59% of all attack losses. In terms of loss amounts across chains, Ethereum remains the chain with the highest loss amount and the most attack incidents. Eighteen attack incidents on Ethereum resulted in a loss of 342 million USD, accounting for 55.4% of the total loss.In terms of attack methods, there were 13 private key leakage incidents this quarter, resulting in losses of 458 million USD, which accounted for 74.3% of the total attack losses, making it the highest proportion attack type. According to Beosin KYT anti-money laundering analysis platform monitoring, in terms of fund flow, most of the stolen assets this quarter were frozen and recovered. Approximately 303 million USD (49.2%) of the stolen funds were frozen, and 79.45 million USD (12.9%) of the stolen funds were recovered. In terms of audit status, the proportion of audited project parties among the attacked projects has increased.

ChainCatcher news, according to monitoring by the blockchain security audit company Beosin's KYT anti-money laundering analysis platform, the loss amount from various security incidents significantly increased in February 2024 compared to January. In February 2024, there were more than 19 typical security incidents, with total losses due to hacker attacks, phishing scams, and Rug Pulls reaching $422 million, an increase of about 102% compared to January. Among these, attack incidents accounted for approximately $347 million, an increase of about 110%; phishing scam incidents were about $16.08 million, a decrease of about 52%; and Rug Pull incidents were approximately $59.38 million, an increase of about 440%.The largest attack incident in February was the attack on the crypto gaming platform PlayDapp due to private key leakage, resulting in a loss of $290 million, making it the highest loss security incident of the year so far. Other incidents with losses exceeding ten million dollars include: the centralized exchange FixedFloat being attacked, resulting in a loss of $26.1 million; Axie Infinity co-founder Jihoz.ron’s personal address losing about $10 million due to private key leakage. Additionally, the Hong Kong exchange Bitforex is suspected of experiencing a Rug Pull, with $56.5 million anomalously flowing out of its hot wallet.

ChainCatcher news, PeckShield posted on social media that there were over 600 significant hacking incidents in the cryptocurrency sector in 2023, resulting in approximately $2.61 billion in losses, with $674.9 million recovered. Among these: losses due to hacking amounted to $1.51 billion (excluding unauthorized withdrawals from Multichain); losses due to scams totaled $1.1 billion.It is reported that this data decreased by 27.78% in 2022. However, DeFi protocols remain the primary target, accounting for 67% of the total value stolen.

ChainCatcher news, according to Reuters citing sources, this apparent hacking attack is not expected to disrupt the spot Bitcoin ETF process.ChainCatcher previously reported that the U.S. Securities and Exchange Commission (SEC) announced on X that its X account had been compromised and unauthorized posts were made. The SEC has not yet approved the listing and trading of Bitcoin spot ETF products.

ChainCatcher news, according to monitoring by Shield, the official X account of the oracle project Tellor has been hacked. The link released for claiming the airdrop of Tellor tokens TRB is actually a phishing link. Users need to be aware of phishing risks to avoid losing funds.

ChainCatcher news, blockchain security company Beosin released the 2023 Q3 Global Web3 Security Report, which pointed out that in Q3, the Web3 sector suffered total losses of $889.26 million due to hacker attacks, phishing scams, and Rug Pull incidents, exceeding the total losses in the first half of 2023 (with Q1 and Q2 losses approximately $330 million and $333 million, respectively).In Q3, there were 43 major security incidents, resulting in losses of $540.16 million. Among them, 29 incidents occurred in the DeFi sector. Nine private key leakage incidents caused losses of $223 million; the Mixin Network security incident resulted in losses of $200 million; and 22 contract vulnerabilities led to losses of approximately $93.27 million.

ChainCatcher news, CertiK released a security report, stating that as of August 2023, losses from flash loan attacks, exit scams, and exploits have exceeded $997 million. Among them, losses from flash loan attacks amount to approximately $261 million, losses from exit scams exceed $137 million, and losses from exploits exceed $596 million.In addition, cryptocurrency security losses in August surpassed $45 million, which includes the Zunami Protocol attack incident, with losses reaching $2.2 million; the Exactly Protocol exploit incident, with losses reaching $7.3 million; and the PEPE sell-off incident, with losses reaching $13.2 million. Although the economic losses in August remain high, there has been a significant decrease compared to the previous month's losses of $486 million.

ChainCatcher message, Ethereum community members proposed the ERC 7265 new standard, which will enable DeFi protocols to integrate a "circuit breaker," allowing DeFi protocols to add a backstop in their smart contracts to prevent the loss of all tokens in the event of a hack.The ERC 7265 standard is a proposed standard, and it remains to be seen whether the Ethereum core team will accept and implement it as the final standard. (source link)

According to ChainCatcher news, monitoring by Beosin EagleEye, a security risk monitoring, early warning, and blocking platform under the blockchain security audit company Beosin, shows that in November 2022, the number of various security incidents and the amount involved decreased compared to October. In November, there were more than 18 typical security incidents, with total losses from various security incidents amounting to approximately $518.09 million.The largest security incident in November occurred shortly after the FTX exchange filed for bankruptcy, when a hacker stole approximately $440 million in funds and continued to transfer it to the BTC chain. This month, attacks in the DeFi sector decreased compared to last month, while scam and exit fraud incidents remained high, and there was an increase in wallet security incidents and private key leaks. Additionally, 80% of the attack incidents this month originated from contract vulnerabilities, and it is recommended that projects seek professional companies for security audits before going live.