Blockchain Security and Regulation Monthly Recap of February: $422M lost in attacks

According to Beosin KYT anti-money laundering analysis platform platform, in February 2024, the number of various security incidents and the amount involved increased significantly compared with January. In this month, more than 19 typical security incidents occurred in February 2024 and the total losses caused by hacker attacks, phishing scams and Rug Pull reached $422 million, an increase of approximately 102% from January. Attack incidents were approximately $347 million, an increase of approximately 110%. Phishing fraud incidents were approximately $16.08 million, a decrease of approximately 52%. Rug Pull incidents were approximately $59.38 million, an increase of approximately 440%.

The biggest security incident in this month was the attack on PlayDapp, a gaming platform, which caused a loss of 290 million dollars. Other incidents with losses of more than 10 million dollars include FixedFloat, a centralized exchange, with a loss of $26.1 million and a personal address of Axie Infinity co-founder Jihoz.ron with a loss of approximately $10 million due to his compromised private keys. In addition, Bitforex, a Hong Kong exchange, is suspected of having a Rug Pull , with an abnormal outflow of $56.5 million from its hot wallet. At the same time, there are new updates on regulatory compliance policies. Let’s take a look.

Hacker Attacks

『9』Typical Security Incidents

No.1 On February 9 and February 12, PlayDapp, a gaming platform, suffered two compromised private keys. The attackers minted a total of 1.79 billion PLA tokens, worth approximately $290 million.

No.2 On February 14, Miner, an ERC-X project, was attacked due to a contract vulnerability, resulting in a loss of approximately $460,000.

No.3 On February 14, the hot wallet of Duelbits, a crypto gambling platform, was attacked, resulting in a loss of approximately $4.6 million.

No.4 On February 17, FixedFloat was attacked, losing $26.1 million worth of Bitcoin and Ethereum.

No.5 On February 22, Blueberry Protocol, a DeFi lending protocol, was attacked due to a contract vulnerability, resulting in a loss of approximately $1.35 million, of which $1.08 million has been returned by the white hat hacker who frontran the attack transaction.

No.6 On February 23, Jihoz.ron, co-founder of Axie Infinity, stated that two of his addresses were attacked due to the compromised private keys, resulting in losses of $10 million.

No.7 On February 27, $5.6 million was stolen from Serenity Shield, a blockchain data storage protocol.

No.8 On February 28, Seneca, a DeFi protocol, was attacked due to an arbitrary call vulnerability, causing losses of $6.5 million.

No.9 On February 29, Shido, a Layer1 blockchain, was suspected of being attacked. The contract was transferred to the new owner and upgraded immediately. The attacker then withdrew a large amount of SHIDO tokens and sold them, making a profit of approximately $2.3 million.

Rug Pull/Crypto Scam

『7』Typical Security Incidents

No.1 On February 4, a fraudulent address 0xe726 made a profit of $1.14 million from multiple victim addresses through phishing attacks.

No.2 On February 15, an address 0x8366 suffered a phishing attack, resulting in a loss of approximately $5.17 million.

No.3 On February 18, an address 0x03E4 suffered a phishing attack, resulting in a loss of approximately $860,000.

No.4 On February 23, an abnormal outflow of $56.5 million occurred from the Bitforex hot wallet. The CEO of the exchange resigned a month ago. At present, the official has stopped processing withdrawals and closed the official website. The X account has also stopped updating.

No.5 On February 25, a rug pull occurred in RiskOnBlast, a project on Blast, resulting in a loss of approximately $1.3 million.

No.6 On February 27, a rug pull occurred on the TRUMP token on BNB Chain and the deployer made a profit of approximately $600,000.

No.7 On February 28, an address 0x6558 suffered a phishing attack, resulting in a loss of approximately $1.54 million.

Crypto Crime

『3』Typical Security Incidents

No.1 On February 6, South Korean authorities arrested three executives of income platform Haru Invest for allegedly stealing 1.1 trillion won ($828 million) worth of cryptocurrency from approximately 16,000 customers.

No.2 On February 7, South Korea sentenced the CEO of cryptocurrency exchange Bitsonic to seven years in prison for stealing customer deposits worth 10 billion won ($7.5 million).

No.3 On February 20, the British National Crime Agency (NCA) announced that it had dismantled LockBit, the world’s largest cybercriminal organization. LockBit ransomware attacks have caused billions of pounds in losses over four years. The group generally only accepts cryptocurrency as ransom payment.

Regulatory Compliance Policy

『1』Typical Security Incidents

No.1 On February 5, the official website of the Hong Kong Securities and Futures Commission disclosed that if a virtual asset service platform operating in Hong Kong does not submit a license application to the Securities and Futures Commission on or before February 29, 2024, it must close its operations in Hong Kong on or before May 31, 2024. Investors using these unlicensed virtual asset service platforms should be careful.

No.2 On February 5, according to Bitcoin.com reports , the Spanish Ministry of Finance is seeking to control and supervise cryptocurrency assets owned by taxpayers. The agency proposed reforming current tax laws to allow state tax regulator Agencia Tributaria to seize cryptocurrencies when paying taxpayer debts. The proposal was presented to the European Union (EU) in 2021 and will be implemented soon, with local sources explaining that the government is moving quickly to create the conditions needed for the reforms to be implemented.

No.3 On February 20, the Hong Kong Monetary Authority issued a circular on the sale and distribution of tokenized products, setting out the expected regulatory standards that the HKMA will comply with when authorized institutions sell and distribute tokenized products to customers. The HKMA believes that it is time to provide guidance on activities related to tokenized products and provide the banking industry with clear regulatory requirements to support the industry in continuing to innovate and realize the benefits that tokenization can bring, while safeguarding the safety of consumers/investors.

No.4 On February 25, according to Bitcoinist reports, the U.S. Securities and Exchange Commission (SEC) has solicited public opinions on the possibility of introducing Bitcoin spot ETF options trading. The development prompted a strong reaction from financial markets, with experts predicting regulatory approval could come as early as March.

Overall, the amount of losses caused by various blockchain security incidents continued to increase significantly in February 2024. In this month's attacks, private key leaks accounted for approximately 90% of the total attack losses ($312 million). It is recommended that projects take comprehensive private key management measures, strengthen employee security awareness training, and use third-party password management tools with caution. There have been many phishing incidents this month causing over $1 million. Users are advised to continue to increase their security awareness, not to click on links from unknown sources, and to carefully check the signature content.

As one of the first blockchain security companies in the world to engage in formal verification, Beosin focuses on the "security + compliance" full ecological business. It has established branches in more than 10 countries and regions around the world, and its business covers code security audits before projects go online. , "one-stop" blockchain compliance products + security services such as security risk monitoring and blocking during project operation, stolen recovery, virtual asset anti-money laundering (AML), and compliance assessments that meet local regulatory requirements.