Total losses caused by hacking attacks in February reached US$422 million

Source: Beosin

According to monitoring by the blockchain security audit company Beosin KYT anti-money laundering analysis platform, in February 2024, the amount of losses from various security incidents increased significantly compared with January. More than 19 typical security incidents occurred in February 2024, with total losses caused by hacker attacks, phishing scams and Rug Pull reaching US$422 million, an increase of approximately 102% from January. Among them, attack incidents were approximately US$347 million, an increase of approximately 110%; phishing fraud incidents were approximately US$16.08 million, a decrease of approximately 52%; Rug Pull incidents were approximately US$59.38 million, an increase of approximately 440%.

The largest attack incident this month was the attack on the encrypted gaming platform PlayDapp due to the leakage of private keys. The loss reached 290 million US dollars, which is also the highest loss security incident this year. Other incidents involving more than 10 million US dollars include: the centralized exchange FixedFloat was attacked and lost US$26.1 million; the personal address of Axie Infinity co-founder Jihoz.ron lost approximately US$10 million due to the leakage of private keys. In addition, Hong Kong exchange Bitforex is suspected of having a Rug Pull, with an abnormal outflow of US$56.5 million from the hot wallet. At the same time, there is some new news on regulatory compliance policies, let’s take a look.

In terms of hacker attacks 

A total of "9" typical security incidents occurred

No.1 On February 9 and February 12, the encrypted gaming platform PlayDapp suffered two private key leak attacks. The attackers minted a total of 1.79 billion PLA tokens, worth approximately US$290 million.

No.2 On February 14, the ERC-X project Miner was attacked due to a contract vulnerability, resulting in a loss of approximately US$460,000.

No.3 On February 14, the hot wallet of the encrypted gambling platform Duelbits was attacked, resulting in a loss of approximately US$4.6 million.

No.4 On February 17, the decentralized exchange FixedFloat was attacked, losing $26.1 million worth of Bitcoin and Ethereum.

No.5 On February 22, the DeFi lending protocol Blueberry Protocol was attacked due to a contract vulnerability, resulting in a loss of approximately US$1.35 million, of which US$1.08 million has been returned by the white hat hacker who stole the deal.

No.6 On February 23, Jihoz.ron, co-founder of Axie Infinity, stated that two of his addresses were attacked due to the leak of private keys, resulting in losses of US$10 million.

No.7 On February 27, $5.6 million was stolen from the Serenity Shield wallet of the blockchain data storage protocol.

No.8 On February 28, DeFi protocol Seneca was attacked due to an arbitrary call vulnerability, causing losses of US$6.5 million.

No.9 On February 29, the Layer 1 project Shido was suspected of being attacked. The contract was transferred to the new owner and upgraded immediately. The attacker then withdrew a large amount of SHIDO tokens and sold them, making a profit of approximately US$2.3 million.

Phishing Scam/Rug Pull 

A total of "7" typical security incidents occurred

< p>No.1 On February 4, a fraudulent address starting with 0xe726 made a profit of US$1.14 million from multiple victim addresses through phishing attacks.

No.2 On February 15, an address starting with 0x8366 suffered a phishing attack, resulting in a loss of approximately US$5.17 million.

No.3 On February 18, an address starting with 0x03E4 suffered a phishing attack, resulting in a loss of approximately US$860,000.

No.4 On February 23, there was an abnormal outflow of US$56.5 million from the Bitforex hot wallet of the Hong Kong Exchange, suspected to be a rug pull. The CEO of the exchange resigned a month ago. At present, the official has stopped processing withdrawals and closed the official website. The X account has also stopped updating.

No.5 On February 25, a rug pull occurred in the Blast ecological project RiskOnBlast, resulting in a loss of approximately US$1.3 million.

No.6 On February 27, a rug pull occurred on the TRUMP token on the BNB Chain chain, and the deployer made a profit of approximately US$600,000.

No.7 On February 28, an address starting with 0x6558 suffered a phishing attack, resulting in a loss of approximately US$1.54 million.

Encryption crimes

A total of "3" typical security incidents occurred
< /h3>

No.1 On February 6, South Korean authorities arrested three executives of the revenue platform Haru Invest for allegedly stealing 1.1 trillion won ($828 million) from approximately 16,000 customers. of cryptocurrency.

No.2 On February 7, South Korea sentenced the CEO of cryptocurrency exchange Bitsonic to seven years in prison for stealing customer deposits worth 10 billion won ($7.5 million).

No.3 On February 20, the British National Crime Agency (NCA) announced that it had dismantled LockBit, the world’s largest cybercriminal organization. LockBit ransomware attacks have caused billions of pounds in losses over four years. The group generally only accepts cryptocurrency as ransom payment.

Regulatory Compliance Policy

No.1 On February 5, the official website of the Hong Kong Securities and Futures Commission disclosed thatvirtual companies operating in Hong Kong If an asset trading platform fails to submit a license application to the Securities and Futures Commission on or before February 29, 2024, it will have to end its business in Hong Kong on or before May 31, 2024. Investors using these virtual asset trading platforms should prepare early.

No.2 February 5, according to Bitcoin reports Spain’s Ministry of Finance is seeking to impose controls and oversight on cryptocurrency assets owned by taxpayers. The agency proposed reforming the current tax code to allow the national tax watchdog Agencia Tributaria to seize cryptocurrencies when paying taxpayer debts. The proposal was presented to the European Union (EU) in 2021 and will be implemented soon, with local sources explaining that the government is moving quickly to create the conditions needed for the reforms to be implemented.

No.3 On February 20,the Hong Kong Monetary Authority issued a circular on the sale and distribution of tokenized products, setting out the HKMA’s requirements for authorized institutions when selling and distributing tokenized products to customers. Anticipated regulatory standards to be followed. The HKMA believes that now is the time to provide guidance on activities related to tokenized products and provide the banking industry with clear regulatory requirements to support the industry in continuing to innovate and realize the benefits that tokenization can bring, while also benefiting from consumer/ Take appropriate safeguard measures from the perspective of investor protection.

No.4 On February 25, according to Bitcoinist reports, the U.S. Securities and Exchange Commission (SEC) has solicited public opinions on the possibility of introducing Bitcoin spot ETF options trading. The development prompted a strong reaction from financial markets, with experts predicting regulatory approval could come as early as March.  

Overall, the amount of losses caused by various blockchain security incidents continued to increase significantly in February 2024. In this month's attacks, private key leaks accounted for approximately 90% of the total attack losses ($312 million), once again emphasizing the importance of private key security. It is recommended that project parties take comprehensive private key management measures, strengthen employee security awareness training, and use third-party password management tools with caution. There have been many phishing incidents worth over one million dollars this month. It is recommended that users continue to increase their security awareness, do not click on links from unknown sources, and carefully check the signature content.