SlowMist | Blockchain Security and Anti-Money Laundering Report for the First Half of 2024

Foreword

SlowMist Technology released the "Blockchain Security and Anti-Money Laundering Report for the First Half of 2024" (hereinafter referred to as the "Report"). This report summarizes the key regulatory compliance policies and trends of the blockchain industry in the first half of 2024, including but not limited to the multi-angle regulatory stance on cryptocurrencies and a series of core policy adjustments. We reviewed and outlined the blockchain security incidents and anti-money laundering trends in the first half of 2024, interpreted some common money laundering tools and phishing theft techniques, and proposed effective prevention methods and response strategies for such problems. In addition, we also disclosed and analyzed the major phishing criminal organizations Wallet Drainers and the hacker group Lazarus Group, in order to provide a reference for preventing such threats.

1. Background

According to CoinMarketCap data, as of June 30, 2024, the total market value of the global cryptocurrency market has reached approximately US$2.34 trillion, fully demonstrating the increasingly strong growth momentum of the global blockchain market. However, with its development momentum comes the increasingly severe challenges facing blockchain security. As blockchain applications expand and deepen, attackers have become more sophisticated and complex, constantly breaking through and exploiting vulnerabilities in blockchain systems to attack, resulting in huge losses.

Against this background, this report focuses on two aspects: blockchain ecosystem security and anti-money laundering (AML) security, so that everyone can have a comprehensive understanding of the current and future security risks of blockchain.

2. Blockchain Security Situation

2.1 Overview of Blockchain Security Incidents

According to incomplete statistics from the SlowMist Hacked Archive, there were 223 security incidents in the first half of 2024, with losses of up to $1.43 billion. Compared with the first half of 2023 (a total of 185 incidents, with losses of approximately $920 million), the losses increased by 55.43% year-on-year. (Note: This report does not include personal losses in the statistics)

(https://hacked.slowmist.io/)

From the perspective of ecology, Ethereum suffered the highest loss, reaching $400 million. It was followed by Arbitrum, with about $72.46 million, and then Blast, with about $70 million. In addition, BSC had the most security incidents, reaching 57, with a loss of about $32.12 million.

From the perspective of project tracks, DeFi is the most frequently attacked area. In the first half of 2024, there were 158 DeFi-related security incidents, accounting for 70.85% of the total number of incidents, with losses of up to $659 million. Compared with the first half of 2023 (a total of 111 incidents, with losses of approximately $480 million), the losses increased by 37.29% year-on-year. Secondly, the losses from security incidents on trading platforms reached $524 million, of which the DMM Bitcoin incident accounted for $305 million, which was also the security incident with the largest loss in the first half of 2024.

In terms of losses, two incidents had losses of over 100 million US dollars. The following are the top 10 security attack incidents with the highest losses in the first half of 2024:

In terms of the causes of security incidents, contract vulnerability incidents accounted for the most, reaching 56 incidents, with a loss of approximately 104 million US dollars. The second largest number was security incidents caused by running away, reaching 50 incidents.

2.2 Phishing/Theft Methods

This section extracts some of the phishing and theft methods disclosed by SlowMist in the first half of 2024:

• Same first and last number phishing

• Malicious extensions

• Malicious Trojans

• Malicious bookmark phishing

• Signature authorization phishing

III. Anti-Money Laundering Situation

3.1 Anti-Money Laundering and Regulatory Dynamics

This section will focus on the major developments in Anti-Money Laundering (AML) and regulatory dynamics in the cryptocurrency field:

• Chinese Courts

• Hong Kong, China

• Singapore

• US Regulation

• European Parliament

• Middle East

3.2 Anti-Money Laundering in Security Incidents

• Fund freezing data

Tether: In the first half of 2024, a total of 374 ETH addresses were blocked, and the USDT-ERC20 assets on these addresses were frozen and could not be transferred.

Circle: In the first half of 2024, a total of 28 ETH addresses were blocked, and the USDC-ERC20 funds on these addresses were frozen and could not be transferred.

With the strong support of SlowMist InMist intelligence network partners, SlowMist assisted customers, partners and public hacking incidents in freezing funds of approximately US$24.39 million in the first half of 2024.  

• Funds Return Data

In the first half of 2024, there were 16 incidents in which all or part of the lost funds were recovered after the attack. In these 16 incidents, the total amount of stolen funds was about 113 million US dollars, of which nearly 98.64 million US dollars were returned, accounting for 87.3% of the stolen funds.

3.3 Hacker Group Profile and Dynamics

This section provides a detailed analysis of the modus operandi of the hacker group Lazarus Group and the phishing service Drainers.

• Lazarus Group

• Drainers

3.4 Money Laundering Tools

This section conducts a statistical analysis of the capital flow and direction of the money laundering tools Tornado Cash and eXch.

(Tornado Cash: https://dune.com/misttrack/first-half-of-2024-stats)

(eXch: https://dune.com/misttrack/first-half-of-2024-stats)

Fourth, Write at the end

In general, we hope that this report can provide readers with an analysis and interpretation of the current security status of the blockchain industry, help readers to have a more comprehensive understanding of the security and anti-money laundering status of the blockchain industry, and contribute to the development of blockchain ecological security.

Finally, thanks to every ecological partner. This includes our service customers, media partners, Black Manual contributors, and SlowMist zone partners. It is your great help that has strengthened our determination to keep making progress and continue to be a good guardian of the blockchain. We hope that we will continue to join forces and work side by side to bring more light to the dark forest of blockchain.

Disclaimer

The content of this report is based on our understanding of the blockchain industry, the SlowMist Hacked archive of the SlowMist blockchain, and the data support of the anti-money laundering tracking system MistTrack. However, due to the "anonymous" nature of the blockchain, we cannot guarantee the absolute accuracy of all data here, nor can we be held responsible for errors, omissions, or losses caused by the use of this report. At the same time, this report does not constitute any investment advice or other analysis.

If there are omissions and deficiencies in this report, please feel free to criticize and correct them.

This is the end of the introduction. For the full version, please read and share

https://www.slowmist.com/report/first-half-of-the-2024-report(CN).pdf