According to the statistics of some blockchain security risk monitoring platforms, in April 2024, the amount of losses from various security incidents will continue to decline compared with March. In April, there were more than 32 more typical security incidents, and the total loss caused by hacking, phishing scams and Rug Pull reached $101 million, a decrease of about 36% from March. Among them, the attack incident was about 52.56 million US dollars, a decrease of about 55%, and the phishing fraud incident was about 11.4 million US dollars, a decrease of about 69%; The Rug Pull incident was about 37.05 million US dollars, an increase of about 624%.
In addition, there are some specific security incidents and new news, which will be described in detail below.
Hacking aspect
There were 11 typical security incidents
(1) On April 1, the DeFi protocol OpenLeverage was attacked due to a contract vulnerability, losing about $230,000.
(2) On April 1, BNB Chain's on-chain ATM token was attacked due to a contract vulnerability, losing about $180,000.
(3) On April 2, the decentralized exchange FixedFloat was attacked again, losing about $2.8 million. FixedFloat claims that hackers exploited vulnerabilities in its third-party services.
(4) On April 12, SumerMoney, a BASE ecological project, was attacked due to a contract vulnerability and lost about $350,000.
(5) On April 12, the Zest Protocol project on the Stacks chain was hit by a price manipulation attack, and the attackers removed 324,000 STX (about $1 million) from the protocol. Zest Protocol says that this part of the loss will be compensated by the protocol treasury, and users will be fully compensated.
(6) On April 15, Grand Base, a BASE-based ecological RWA project, lost about $2 million due to the leakage of the deployer's private key.
(7) On April 19, the Hedgey Finance project was attacked due to a contract vulnerability on the Ethereum and Arbitrum chains, with a loss of $44.7 million.
(8) On April 24, the BNB Chain on-chain YIETL project was attacked due to a contract vulnerability, losing about $300,000.
(9) On April 24, Saita Chain's cross-chain bridge project, Xbridge, was attacked due to a contract vulnerability, losing at least $200,000.
(10) On April 25, the NGFS token on BNB Chain was attacked due to a contract vulnerability, losing about $190,000.
(11) On April 26, Pike Finance, a cross-chain lending protocol, was attacked, losing about $300,000. The hackers drained USDC on Ethereum, Arbitrum, and Optimism chains via fake CCTP messages.
Rug Pull / 钓鱼诈骗
6 typical security incidents
(1) On April 2, a Rug pull occurred on the Solarare chain, and the deployer made a profit of $520,000.
(2) On April 4, a Rug pull occurred in CondomSOL on the Solana chain, and the deployer made a profit of $920,000.
(3) On April 11, an address starting with a 0x5ea8 lost about $840,000 on the Base chain due to phishing fraud.
(4) On April 11, an address starting with a 0x05f4 lost about $1.2 million on the Base chain due to phishing fraud.
(5) On April 19, an address starting with a 0x5789 lost about $770,000 due to phishing fraud.
(6) On April 20, a Rug pull occurred on the decentralized betting platform ZKasino, and users were unable to withdraw funds, and the project team deposited $33 million of user funds into the staking protocol Lido.
Crypto crime aspect
There were 15 typical security incidents
(1) On 20 April, Hong Kong Customs successfully dismantled a money laundering syndicate involving over HK$1.8 billion and arrested three persons. According to investigations, the gang handled more than 1,000 transactions through the opening of a number of local companies and multiple bank accounts, including the transfer of funds from virtual currency trading platforms.
(2) On April 23, the Public Security Bureau of Linyi County, Shandong Province, after accurate research and judgment, successfully destroyed a criminal gang that used the purchase of virtual currency to launder money for overseas fraudsters, and arrested a total of 6 criminal suspects, involving more than 2 million yuan
(3) On April 16, the Dantu District People's Court of Zhenjiang City pronounced a verdict on the case of online pyramid marketing activities organized and led by Wang. Wang is the first "red notice" person to be sentenced by the Zhenjiang Public Security Bureau in Jiangsu Province. In March 2021, the Zhenjiang Dantu Public Security Bureau discovered that a virtual currency platform called moom was suspected of online pyramid schemes, and then the police arrested 12 suspects involved in the case in many places. The main culprit, Wang, absconded abroad, but in May 2023, under the continuous pursuit and persuasion of the police, Wang surrendered and returned to China. At the time of the case, the platform had more than 100,000 registered members, with 1,000 layers and an amount of more than 100 million yuan.
(4) On April 7, four countries, Italy, Austria, Romania and Slovakia, arrested 22 people in a joint operation alleging their involvement in the European Union's post-pandemic recovery fund fraud, during which the police seized and confiscated more than 600 million euros in assets, including luxury sports cars, watches, jewelry, and virtual currency.
(5) On April 19, a jury in Manhattan, New York, convicted Mango Markets attacker Avi Eisenberg of fraud and market manipulation, and New York District Court Judge Arun Subramanian will sentence him on July 29, expecting him to face up to 20 years in prison. It is reported that in October 2022, Mango Markets was attacked by Avi Eisenberg and lost $110 million in crypto assets.
(6) Taiwanese prosecutors have recommended a minimum of 20 years in prison for the four main suspects in the fraud and money laundering case related to the cryptocurrency trading platform ACE Exchange. Prosecutors currently believe that more than 1,200 people were scammed, with an estimated total loss of NT$800 million (US$24.56 million).
(7) On April 25, Jebara Igbara, known as "Jay Mazini," was sentenced to seven years in prison and $10 million forfeited by U.S. District Judge Frederic Block for her involvement in multiple cryptocurrency-related fraud cases. Igbara, 28, carried out a Ponzi scheme targeting Muslims through his company, Halal-Capital LLC. Claiming to be a successful crypto millionaire on social media such as Instagram, he deceived investors by offering above-market cryptocurrency prices and sending fake wire transfer confirmation images, eventually swindling at least $8 million.
(8) Shanxi police cracked a major case of infringement of citizens' personal information, eradicated a large new cybercrime gang that used virtual currency to buy and sell citizens' information on overseas platforms, arrested a total of 7 criminal suspects, froze more than 3,000 yuan of funds involved in the case, and seized more than 30 mobile phones and computers involved in the case.
(9) According to the U.S. Department of Justice, 45-year-old Charles O. Parks III is suspected of stealing $3.5 million worth of cloud computing services to mine $1 million worth of cryptocurrency through a so-called "cryptojacking" scheme. According to information released by the official government, Parks is suspected of defrauding two "well-known" cloud computing providers for wire fraud, money laundering, and illegal currency transactions.
(10) On April 14, Russian police seized more than 3,200 crypto-mining rigs in raids at four large "illegal" data centers in Siberia, and police have filed criminal charges against the mining center operator. It is estimated that miners stole a total of $2.1 million worth of electricity from the Novosibirsk power grid.
(11) On April 13, according to the Xinmin Evening News, a man defrauded three "friends" of a total of more than 100 yuan in the name of investing in virtual currency.
(12) ON APRIL 12, U.S. ATTORNEYS FOR THE SOUTHERN DISTRICT OF NEW YORK ANNOUNCED THAT HACKER SHAKEEB AHMED WAS FORMALLY SENTENCED TO THREE YEARS IN PRISON BY A U.S. DISTRICT JUDGE FOR HACKING TWO SEPARATE DECENTRALIZED CRYPTOCURRENCY EXCHANGES AND STEALING MORE THAN $12 MILLION WORTH OF CRYPTOCURRENCY.
(13) On April 12, according to Korean media YTN, a suspect in his 40s met with a victim near Samseong Station in Seoul, offered to sell tokens at a price lower than the market price, and then fled, brandishing a blunt object and stealing 500 million won in cash. Previously, three men in their 30s were arrested in Yeoksan-dong, Seoul for stealing 550 million won in cash using token trading as bait, but the police believe they have no connection with the suspect.
(14) In October 2023, a wealthy Chinese businessman was kidnapped at gunpoint at a well-known golf course in the United Kingdom, threatened with a knife, beaten and locked in a cage for more than 30 hours by a crypto extortion gang, and demanded $15 million in bitcoin. Recently, the suspect in the case is on trial.
(15) On April 24, the co-founder of Samourai Wallet, a crypto mixing service, was arrested on suspicion of laundering $100 million from Silk Road and other illegal markets.
summary
Judging from the analysis of the above multiple incidents, although the loss amount of various blockchain security incidents continued to decline in April, there was still a loss of $46.93 million from contract vulnerability exploits.
Among them, the largest security incident of the month was the attack on Hedgey Finance due to a contract vulnerability, which lost about $44.7 million, which accounted for 85% of the total loss of hacking attacks in the month.
The security team of Zero-hour Technology recommends that the project team always be vigilant, find a professional security company to conduct an audit and do a background check on the project before the project is launched.
Annotation:
The content of this article is from the public data collation and collection.
Important reminder: This article is only for industry information and does not constitute any investment advice or guarantee.