November 01, 2023
Blockchain Security Recap of October: $51.61M Lost in Attacks
According to Beosin's security monitoring platform, Beosin EagleEye, the losses from various security incidents decreased significantly in October 2023 compared to September. The month of October saw over 23 typical security incidents that resulted in a total loss of approximately $51.61 million due to hacker attacks, phishing scams, and Rug Pulls, which is an 85.6% decrease compared to September. Attack events accounted for approximately $28.33 million, Rug Pull incidents accounted for around $12.02 million, and phishing scams resulted in about $11.26 million in losses.
Notable security events this month included the theft of around $7 million from the Fantom Foundation wallet, a $6 million theft from the Philippines-based crypto exchange Coins.ph, and the theft of about $4.4 million from the password management tool LastPass. All three cases involved private key comprise The month also saw multiple Rug Pull incidents exceeding a million dollars, including another Web3 game project called FinSoul, developed by the Fintoch team, which was previously involved in fraudulent activities.
『15』typical security incidents
No.1 On October 3, the BSC-based BigWhale.io project suffered a theft of about $1.5 million due to a private key comprise.
No.2 On October 6, the Web3 community platform Galxe fell victim to a DNS hijacking attack, resulting in a theft of approximately $270,000.
No.3 On October 7, the Avalanche ecosystem's social protocol, Stars Arena, was targeted in a reentrancy vulnerability attack, resulting in a loss of about $2.9 million. The project team claimed to have recovered 90% of the stolen funds.
No.4 On October 11, the BH token (BlackHole Token) was attacked, leading to a loss of about $1.2 million.
No.5 On October 12, Platypus Finance suffered its third hacker attack of the year, resulting in a loss of approximately $2.2 million. Prior to this, the project had experienced two attacks in February and July, with losses of $8.5 million and $50,000, respectively.
No.6 On October 13, lending project Wise Lending faced a price manipulation attack, resulting in a loss of about $260,000.
No.7 On October 13, the Arbitrum-based Beluga Protocol project was attacked, causing a loss of about $170,000.
No.8 On October 17, the Fantom Foundation wallet was breached, leading to a loss of about $7 million. Fantom's official statement attributed the attack to a "zero-day vulnerability on Google Chrome."
No.9 On October 17, the Philippines-based cryptocurrency exchange Coins.ph was hacked, resulting in the theft of over 12 million XRP tokens (equivalent to about $6 million).
No.10 On October 18, the stablecoin project HopeLend was attacked, resulting in a loss of about $820,000. The stolen funds were returned by the attacker.
No.11 On October 19, the Solana-based Synthetify Protocol fell victim to a governance attack, resulting in a loss of approximately $230,000.
No.12 On October 25, the password management tool LastPass was hacked, with losses totaling $4.4 million.
No.13 On October 25, the Telegram Bot project Maestro was attacked, resulting in a theft of about $510,000.
No.14 On October 28, the Ethereum liquidity re-staking project Astrid was hacked, leading to a loss of about $228,000. The hacker later returned 80% of the stolen funds.
No.15 On October 31, the Telegram Bot project Unibot suffered a hacker attack, resulting in a loss of at least $640,000.
Phishing Scam / Rug Pull
『6』typical security incidents
No.1 - On October 9, the BSC-based Lucky Star Currency (LSC) token underwent a Rug Pull, leading to a profit of around $1.11 million for the deployer.
No.2 - On October 10, the FinSoul gaming project experienced a Rug Pull, swindling $1.6 million. This project's team was previously associated with the scam project Fintoch (previously known as FunTogether), which encountered a $31.6 million Rug Pull in May.
No.3 - On October 11, the FSL project faced a Rug Pull, resulting in a loss of approximately $1.68 million.
No.4 - On October 16, the BNB Chain-based IVY token encountered a Rug Pull, resulting in a loss of about $1.58 million.
No.5 - On October 24, the Safereum token experienced a Rug Pull, leading to a loss of around $1.3 million.
No.6 - On October 26, a fraudulent Linea token underwent a Rug Pull, involving an amount of approximately $1.3 million.
Cryptocurrency Crime / Case Supervision
『2』typical security incidents
No.1 - On October 20, the Federal Bureau of Investigation (FBI) accused six individuals of converting cryptocurrency into cash via the dark web for illegal businesses, totaling around $30 million.
No.2 - On October 26, Australian police raided multiple outlets of "Changjiang Currency Exchange" and arrested seven individuals. Law enforcement revealed that in the past three years, the Changjiang Currency Exchange facilitated the laundering of nearly $230 million AUD for criminals, involving cryptocurrency laundering.
In view of the new situation in blockchain security, Beosin suggests:
Overall, the total losses from various blockchain security incidents in October 2023 significantly decreased compared to September. Events due to private key comprise still accounted for 67% of total losses from hacker attacks. It's recommended that project teams adopt comprehensive measures for managing private keys and enhance employee security awareness. There were two instances this month of Telegram bots being attacked, and such bots carry various risks (related reading: Telegram bots, a powerful tool for degens or another story to be shilled?). Users are advised to use them cautiously. Additionally, there has been an increase in Rug Pull incidents this month. Users are advised to conduct thorough background checks on projects, especially with non-open-source project contracts.
If you need any blockchain security services, welcome to contact us:
Related Project Secure Score
Guess you like
Unveiling Celestia: A Prelude to a Modular Blockchain Ecosystem and Its Token Dynamics
November 01, 2023
Focusing on EVM and Cosmos SDK chains, Beosin provides security services for the Celestia ecosystem
November 01, 2023
Beosin KYT Analysis of Virtual Currency Addresses Associated with Hamas Sanctions
November 03, 2023
Analysis of $2.18 Million Loss in Hacker Attack on OnyxProtocol
November 03, 2023