ChainCatcher message, Slow Mist Yu Xian posted on platform X stating that there are several key pieces of information to note regarding a phishing incident involving a user's WETH on Blast:The WETH on Blast is Blast's wrapped ETH token issued by Blast, the contract is upgradeable and supports permit offline authorization signatures;The WETH code on the Ethereum mainnet is also about 50 lines, very simple and reliable, for every WETH issued, there is an equivalent amount of ETH stored in the contract, without the flashy features like permit;The user was phished because Inferno Drainer supported the Blast WETH permit offline authorization signature, the phishing gang really studied the details, and details determine the profits.

ChainCatcher news, OKLink released the May 2024 security report, which indicates that the total losses from on-chain security incidents across the network in May amount to approximately $140 million. Among these, phishing incidents account for 60.08% of the losses, REKT incidents account for 16.89%, and RugPull incidents account for 1.37%.The largest security incident this month in terms of REKT losses was the attack on Sonne Finance, resulting in losses of approximately $20 million. The reason was that the protocol added a new VELO market through voting, but the project team failed to add initial funds to the VELO market in a timely manner, allowing hackers to exploit a classic rounding issue to manipulate the collateral rate of the VELO market for profit.In addition, there were a total of 27 incidents of scams and phishing attacks on official social media, primarily concentrated on X, Discord, and various phishing websites. The losses from security incidents this month increased by 27.27% compared to the previous month. OKLink reminds users to pay attention to the protection of personal information, never disclose your private keys or mnemonic phrases, and avoid storing them simply through screenshots. Furthermore, when transferring funds, be sure to carefully verify the recipient's address, and confirm its accuracy when copying directly from transaction records or chat logs. Security awareness is the strongest shield in the Web3 world.

ChainCatcher news, OKLink released the April 2024 Security Monthly Report, which indicates that the total losses from on-chain security incidents in April across the network amounted to approximately $110 million. Among these, phishing incidents accounted for 7.67% of the losses, REKT incidents accounted for 43.90%, and RugPull incidents accounted for 44.07%.It is reported that the largest security incident resulting in REKT losses this month was the attack on Hedgey Finance, which resulted in losses of approximately $44 million due to a vulnerability in the contract that lacked validation of user inputs, leading to the theft of assets from the contract; the largest security incident resulting in RugPull losses was the RugPull incident at the crypto gambling platform ZKasino, causing losses of approximately $33 million.In addition, there were a total of 32 incidents of scams and phishing attacks on official social media, primarily concentrated on channels such as X, Discord, and various phishing websites. OKLink reminds users to avoid disclosing their private keys or recovery phrases to anyone, and not to store them in screenshot form. Furthermore, it is essential to exercise caution when downloading software to prevent devices from being compromised by malware, which could lead to the leakage of private keys or recovery phrases. Security awareness is the strongest shield in the Web3 world.

According to ChainCatcher news, a security incident review analysis released by OKLink in March 2024 states that the total losses from security incidents across the network in March amounted to approximately $190 million. Among these, phishing incidents accounted for 16.72% of the losses, REKT incidents accounted for 25.11%, and RugPull incidents accounted for 9.64%.The largest REKT loss incident this month was the attack on the Curio Ecosystem, resulting in a loss of approximately $16 million; the largest RugPull loss incident was the Rugpull of the OrdiZK cross-chain bridging protocol, causing a loss of about $1.4 million.In addition, there were a total of 50 incidents of scams and phishing on official social media, mainly concentrated on platforms such as X, Discord, and various phishing websites. OKLink reminds users to be vigilant against scams and phishing incidents, to be cautious when clicking on unverified links, and to never disclose personal information such as private keys or seed phrases. Security awareness is the most important shield in the Web3 world.

ChainCatcher news, according to The block, Scam Sniffer statistics show that phishing incidents in the first two months of 2024 have caused losses of up to $104 million. This includes a loss of $57.7 million in January due to phishing attacks and a loss of $46.8 million in February.

According to ChainCatcher news, the security incident review analysis released by OKLink states that the total losses from security incidents across the network in January 2024 amount to approximately $73.25 million. Among these, phishing incidents account for 37.92% of the losses, REKT incidents account for 36.53%, and RugPull incidents account for 12.56%.The largest REKT loss incident this month was the attack on the DeFi protocol Abracadabra.money, resulting in a loss of approximately $6.5 million; the largest RugPull loss incident was XKING on the Artribum network, resulting in a loss of approximately $1.24 million.In addition, there were a total of 48 incidents of scams and phishing on official social media, mainly concentrated on channels like X and Discord. OKLink reminds users to be vigilant against scams and phishing incidents, especially when browsing X and project official websites, and to pay attention to authorization and transfer scenarios that appear after clicking links.

ChainCatcher news, the Web3 anti-fraud tool Scam Sniffer reported that in recent weeks, multiple users have been phished through Google search ads. Statistics show that these Google search ad phishing incidents have resulted in $4.16 million in stolen crypto assets, with over 3,000 victims, most of the thefts occurring in the past month.These malicious websites disguise themselves as projects like Zapper, Lido, Stargate, and Defillama. Victims enter the malicious sites and sign malicious signatures during the process, ultimately leading to the loss of assets in their wallets.By analyzing several larger fund aggregation addresses, some of these funds were deposited into SimpleSwap and Tornado.Cash, while others went directly to exchanges like KuCoin and Binance.Scam Sniffer's analysis indicates that the cost of most phishing ads is extremely low. These ads successfully deceived Google's ad review through various technical means and disguises, resulting in these ads being seen by consumers, which caused significant harm to users. (source link)

ChainCatcher news, according to CertiK monitoring, the EOA address 0x63fD7 associated with multiple phishing incidents has transferred 60 ETH (approximately $126,000) to Tornado Cash. (source link)

ChainCatcher news, Slow Mist's MistTrack monitoring shows that the attacker of the FTX phishing incident has transferred the profits to the cryptocurrency exchanges FixedFloat and Binance.Previously, FTX founder Sam Bankman-Fried (SBF) stated that if the attacker returns 95% of the $6 million stolen from FTX accounts within 24 hours, they will be exempt from liability. (source link)

ChainCatcher news, FTX founder Sam Bankman-Fried (SBF) tweeted that some users accidentally registered on fake other websites, including 3Commas, providing their FTX API keys to use the website's trading tools. Other users may also have been phished through other methods. FTX will provide approximately $6 million in compensation to account holders affected by the phishing incident through third-party websites, but "this decision is a one-time occurrence, as FTX will not develop a habit of compensating users caught in phishing activities targeting non-FTX websites."In addition, SBF stated that if 95% of the $6 million stolen from FTX accounts is returned within 24 hours, they will be exempt from liability. (Source link)