One article to learn about the total losses caused by hacker attacks and phishing scams in December

It’s time for monthly safety inventory again! According to the Beosin EagleEye security risk monitoring, early warning and blocking platform, a subsidiary of the blockchain security audit company Beosin, monitoring shows that in December 2023, the amount of losses from various security incidents dropped significantly compared with November. More than 21 typical security incidents occurred in December, and the total loss caused by hacker attacks, phishing scams and rug pulls was approximately US$24.94 million, a decrease of approximately 93% from November. Among them, attack incidents amounted to approximately US$12.45 million, phishing fraud incidents amounted to approximately US$9.6 million, and rug pull incidents amounted to approximately US$2.89 million.

There was no major hacking incident this month with losses exceeding tens of millions of dollars. Two security incidents with a large impact occurred this month: a security vulnerability in the Web3 development platform Thirdweb affected multiple smart contracts; the Ledger Connect Kit, a code base commonly used in Web3 projects, suffered a supply chain attack. Fortunately, the amount of damage caused by both incidents did not exceed one million US dollars. In addition, phishing scams continue unabated this month, with multiple incidents involving more than one million dollars stolen from a single address. Users need to be more vigilant.

Hacker attacks 

Total "12" typical security incidents occurred

No.1 On December 5, the Web3 development platform Thirdweb had a security vulnerability, affecting multiple smart contracts. , at least three projects were attacked due to the vulnerability, resulting in losses of approximately US$210,000.

No.2 On December 6, the DeFi protocol BEARNDAO was attacked, and the attacker profited more than US$700,000.

No.3 On December 10, the DeFi protocol Venus Protocol was attacked due to an oracle problem, resulting in a loss of approximately US$200,000.

No.4 On December 12, OKX’s abandoned DEX market maker contract management rights were stolen, resulting in a loss of approximately US$2.7 million.

No.5 On December 14, the Ledger Connect Kit, a code base commonly used by Web3 projects, suffered a supply chain attack, and the attackers gained approximately US$600,000.

No.6 On December 17, NFT Trader was attacked by a re-entrancy vulnerability, resulting in a loss of approximately US$3 million. The stolen assets have been returned by the attacker. The attack The author keeps 10% of the bounty.

No.7 On December 17, the NFT trading market Flooring Protocol was hacked, resulting in a loss of approximately US$1.6 million.

No.8 On December 22, the DeFi protocol Transit Finance was hacked, resulting in a loss of approximately US$110,000.

No.9 On December 23, the DEX project Paraluni suffered a price manipulation attack, resulting in a loss of approximately US$330,000.

Levana Protocol, the perpetual trading protocol on the No.10 Osmosis blockchain, was attacked between December 13 and 26, resulting in losses of more than $1.1 million.

No.11 On December 26, the Telcoin wallet was attacked, resulting in a loss of approximately US$1.2 million.

No.12 On December 30, Channels Finance on BSC was attacked by hackers, causing losses of more than $320,000.

Phishing Scam/Rug Pull 

< strong>A total of "4" typical security incidents occurred

No.1 On December 5, a rug pull occurred on the CKD token on BNB Chain. Deployers profited approximately $540,000.

No.2 On December 26, a rug pull occurred on MegabotETH, and the deployer made a profit of approximately US$740,000.

No.3 On December 26, two victims lost approximately US$1.5 million in assets due to phishing scams.

No.4 On December 29, an address starting with 0xea696 lost $4.4 million worth of LINK tokens due to a phishing scam.

Encryption crime/case supervision

A total of "5" typical security incidents occurred

No.1 On December 5, the Henan Procuratorate disclosed a large-scale virtual currency pyramid scheme case, with the amount involved Over 120 million yuan.

No.2 According to news on December 6, crypto exchange Bitzlato Lianchuang admitted to US$700 million in money laundering.

No.3 On December 10, Hong Kong police uncovered a criminal gang that laundered HK$30 million through virtual currency.

No.4 On December 13, the U.S. Department of Justice charged two men with operating a $25 million crypto Ponzi scheme.

No.5 On December 15, the U.S. Department of Justice disclosed that four people were charged with cryptocurrency fraud and money laundering, causing losses of more than $80 million.

In view of the current new situation in the field of blockchain security, "Beosin" summarizes here:

Overall,December 2023 The amount of losses caused by various blockchain security incidents dropped significantly compared with November. Compared with November, the types of projects attacked this month include new development tools, code libraries, NFTs, etc. This shows that hackers are expanding the scope of their attack targets, and the entire Web3 ecosystem should strengthen security awareness to actively respond to this trend. This month, 50% of the attacks still come from the use of contract vulnerabilities, such as re-entrancy vulnerabilities. It is recommended that project parties must find a professional company to conduct a security audit before going online.