Security Monthly Report | Stay Vigilant! The total losses caused by hacker attacks and other factors in the Web3 ecosystem in September exceeded $360 million!

Security Monthly Report | Total losses in Web3 ecosystem exceeded $360 million in September due to hacker attacks and other factors! Stay vigilant!

It’s time for the monthly security review! According to Beosin EagleEye, a security risk monitoring, warning, and blocking platform under Beosin, a blockchain security audit company, the amount of losses from various security incidents in September 2023 has increased significantly compared to August. In September, there were more than 16 typical security incidents, resulting in a total loss of $360 million, an increase of about 414% compared to August. Among them, the losses from attack incidents were about $323 million, losses from phishing scams were about $32.12 million, and losses from Rug Pull were about $5.3 million.

There were a total of 4 security incidents with losses exceeding tens of millions of dollars this month: Mixin Network was hacked for $200 million, the hot wallet of the cryptocurrency exchange CoinEx was hacked for $70 million, the cryptocurrency gambling platform Stake was hacked for $41.3 million, and a certain whale address suffered a loss of approximately $24.23 million due to a phishing attack. These four incidents accounted for 93% of the total losses. In addition, the recent cryptocurrency fraud case of JPEX, a virtual asset trading platform in Hong Kong, has affected many victims, with a total amount involved of $190 million, making it the most noteworthy cryptocurrency case in recent times.

• An analysis of three concepts related to Lagrange products State Proof, Lagrange Committee, and ZK Big Data.
• From the discussion of the Friend.Tech fork, what other use cases does SocialFi have?
• Playing with deception Overseas version of ‘Miao Ya’ BeFake goes viral worldwide

Hacker Attacks

There were a total of 7 typical security incidents.

No.1 On September 4th, the cryptocurrency gambling platform Stake.com was attacked, resulting in a loss of approximately $41.3 million. This incident was carried out by the North Korean hacker group Lazarus.

No.2 On September 5th, the decentralized exchange GMBL COMPUTER in the Arbitrum ecosystem was attacked, resulting in a loss of approximately $815,000.

No.3 On September 12th, the hot wallet of the cryptocurrency exchange CoinEx was attacked, resulting in a loss of approximately $70 million. This incident was carried out by the North Korean hacker group Lazarus.

No.4 On September 14th, the cryptocurrency exchange Remitano was attacked, resulting in a loss of $2.7 million, of which $1.4 million has been frozen by Tether.

No.5 On September 20th, Balancer suffered a social engineering attack, resulting in a loss of approximately $238,000.

No.6 On September 25th, the cloud service provider database of Mixin Network was attacked, resulting in a loss of approximately $200 million.

No.7 On September 25th, the hot wallet of Huobi HTX was attacked, resulting in a loss of approximately $8 million.

Phishing Scams/Rug Pull

There were a total of 5 typical security incidents.

No.1 On September 5th, a fraudulent Base token on ETH experienced a Rug Pull, with the deployer profiting approximately $540,000.

No.2 On September 6th, a Boost token on ETH experienced a Rug Pull, with the deployer profiting approximately $680,000.

No.3 On September 6th, a whale address starting with 0x13e suffered a loss of approximately $24.23 million due to a phishing attack. This may be the highest single phishing loss in recent times.

No.4 On September 11th, the X account of Ethereum founder Vitalik Buterin was hacked, and the hacker stole about $700,000 after posting a phishing link.

No.5 On September 12th, the founder of Milady stated that one of the Milady developers seized the code repository and misappropriated $1 million from the treasury.

Cryptocurrency Crime/Regulation

A total of ‘4’ typical security incidents occurred.

No.1 On September 3rd, it was reported that the Hong Kong police had smashed a local fraud group disguised as a virtual investment business, with 19 people involved in money laundering of over HKD 300 million (approximately $38.3 million).

No.2 On September 11th, it was reported that the South Korean police are investigating a Ponzi scheme that caused a total loss of KRW 100 billion (approximately $75.09 million) for 12,000 investors.

No.3 On September 12th, it was reported that the Thailand Central Crime Investigation Bureau (CCIB) arrested five foreigners involved in a fraudulent cryptocurrency investment platform (bchgloballtd.com), with approximately $27 million involved.

No.4 The Hong Kong virtual asset trading platform JPEX is suspected of fraud. As of September 25th, the Hong Kong police have received reports from 2,360 victims, involving a total amount of approximately HKD 1.49 billion (approximately $190 million).

In view of the new situation in the field of blockchain security, ‘Beosin’ summarized as follows:

Overall, the losses from various blockchain security incidents in September 2023 have increased significantly. The losses are mainly concentrated in several major incidents involving tens of millions of dollars, with attack types including cloud service data breaches, private key leaks, social engineering, and phishing. It is recommended that large cryptocurrency service providers regularly train their employees in security, implement security practices for high-privileged employees, and establish monitoring and alert systems for any suspicious activities in infrastructure and applications. There has been an increase in virtual asset fraud cases this month, and users are advised to be more aware of fraud. If unfortunately deceived, it is recommended to retain evidence and report to the police as soon as possible.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!