jakiro
Author of this chapter: Beosin Research Team Mario, Tian Hero Donny
>
According to Beosin Alert monitoring and early warning,In the first quarter of 2024, the total loss caused by the WEB3 field due to hacking, fishing fraud and project party Rug Pull reached $ 778 million.Among them, there were 39 main attacks, with a total loss of about 617 million US dollars; the project party’s Rug Pull incident had 43, with a total loss of about 75.5 million US dollars; the total loss of fishing fraud was about 86.24 million US dollars.
>
>
In the first quarter of 2024, the total loss was about 778 million US dollars, an increase of about 126%year -on -year, and a month -on -month increase of about 72%.Among them, the amount of losses of hackers was higher than any quarter of 2023.
The total loss of February reached US $ 422 million, the month with the highest loss in the first quarter of 2024.
>
From the perspective of the type of attack itemsFor the first time, the game platform has become the type of project with the highest loss amount.A total of 365 million US dollars of losses on the Web3 game platform, accounting for 59%of all attack losses.
Judging from the amount of loss of each chainEthereum is still the chain with the highest loss amount and the most attacking incident.The attack on Ethereum 18 times caused a loss of 342 million US dollars, accounting for 55.4%of the total loss.
Judging from the attack methodIn this quarter, a total of 13 private key leaks occurred, resulting in a loss of 458 million US dollars, accounting for 74.3%of the total attack loss amount, which accounted for the highest proportion type.
From the perspective of capital flowMost of the stolen assets this quarter were frozen and recovered.About $ 303 million (49.2%) was frozen, and 79.45 million US dollars (12.9%) were recovered.
From the perspective of audit conditions, the proportion of the audited project party has increased.
>
39 major attacks caused a total of $ 616.7 million in losses
In the first quarter of 2024, Beosin Alert monitored 39 major attack events in the Web3 field, with a total loss of 616.7 million US dollars.Among them, there were two security incidents with a loss of more than 100 million US dollars, with a total of 5 incidents that lost more than 10 million US dollars to $ 100 million, and 21 incidents from 1 million US dollars to 10 million US dollars.
Loss of attacks with a loss of more than 10 million US dollars (sorted by amount):
● PlayDapp-$ 290 million
Attack method: private key leak chain platform: Ethereum
On February 9, the blockchain game platform PlaydApp was attacked, and the hacker address cast 200 million PLA token, worth $ 36.5 million.Then PlayDapp failed to negotiate with hackers. Hackers cast 1.59 billion PLA tokens on February 12, worth $ 253.9 million, and sent some funds to the Gate.io Exchange.Afterwards, the project party suspended the PLA contract and migrated the PLA token to the PDA token.
● Chris Larsen (co-founder of Ripple) -112 million US dollars
Attack method: private key leak chain platform: XRP
On January 31st, Chris Larsen, co -founder of Ripple, said that his four wallets were hacked, and a total of about $ 112 million was stolen.The Binance team has successfully frozen XRP worth $ 4.2 million stolen by the attacker.
● Munchables-$ 62.3 million
Attack method: Social Engineering Chain Platform: BLAST
On March 26, Munchables, a BLAST Web3 game platform, suffered an attack with a loss of about $ 62.5 million.The suspected project party was attacked for hiring North Korean hackers for developers.All stolen funds have been returned by hackers afterwards.
● FIXEDFLOAT-26.1 million US dollars
Attack method: Security structure vulnerability chain platform: Ethereum
On February 17, the encrypted exchange FIXEDFLOAT suffered an attack with a loss of about $ 26.1 million. Hackers have transferred most of the stolen funds to the Exch exchange.On February 20th, Fixedfloat said that the attack was “not what our employees did, but an external attack caused by our security structure vulnerability”.
● Curio Ecosystem-$ 16 million
Attack method: contract vulnerability-access control vulnerability chain platform: Ethereum
On March 23, the RWA infrastructure Curio Ecosystem was attacked and lost about $ 16 million.
● SOMESING-$ 11.58 million
Attack method: private key leak chain platform: klaytn
On January 27th, South Korea ’s web3 social music service was attacked and lost 730 million native currencies SSX for $ 11.58 million.
● Jihoz.ron (co-founder of Ronin) -10 million US dollars
Attack method: private key leak chain platform: Ronin
On February 23, the two addresses of Ronin co -founder Jihoz.ron lost about 10 million US dollars due to private key leakage.
>
For the first time, the game platform has become the project type with the highest loss amount
The most lossed project type in this quarter was the game platform. The attack on the Web3 game platform 6 times caused a total of $ 365 million in losses, accounting for 59%of all attack losses.For the first time, the game platform has become the type of attack items with the highest loss.
>
The type of victims in the second place is the personal wallet.Two personal wallets were stolen, causing $ 122.5 million in losses.The two personal wallets were stolen by the well -known project party co -founder and theft (Ripple Lianchuang and Roninlin).
Of the 39 hackers attacks, a total of 17 incidents occurred in the DEFI field, accounting for about 43.6%.The 17 DEFI attacks caused a total of $ 39.96 million, ranking third in all project types.
The types of other attacking items also include:DEX, infrastructure, payment platform, web3 music platform, etc.
>
Ethereum is the chain with the highest loss amount and the most attacking incident
>
Same as 2023, Ethereum is still the most loser public chain.The attack on Ethereum 18 times caused a loss of 342 million US dollars, accounting for 55.4%of the total loss.
>
The second public chain with the second losses is XRP, from the stolen incident of a co -founder of Ripple co -founder, Chris Larsen.
The third public chain with losses is BLAST.The attack on the 3 BLAST chain caused a total of $ 67.5 million.The BLAST chain ranks first in the losses in major emerging public chains.
In this quarter, BNB CHAIN only had four major security incidents, with a loss of about 8.01 million US dollars, and the number of losses and the number of incidents was greatly reduced compared with 2023.
>
74.3%of the amount of loss comes from the private key leak incident
A total of 13 private key leaks occurred in this quarter, resulting in a loss of 458 million US dollars, accounting for 74.3%of the total attack loss amount.Same as 2023, the loss caused by the private key leakage incident is still the first of all attack types.The private key leaked incidents of large losses include: PlayDApp ($ 290 million), co -founder of Ripple, Chris Larsen ($ 112 million), Somersing ($ 11.58 million), and Ronin co -founder Jihoz.ron ($ 10 million).
>
In the 39 attacks, the use of loopholes from the contract was used at 21, with a total loss of 65.56 million US dollars, ranking second.
>
The third attack method for losses is the attack on social engineering. Three social engineering attacks have caused about $ 65 million in losses.
According to the subdivision of the vulnerability, the loopholes of the top three of the losses are: algorithm defects (US $ 22.78 million), visit control loopholes (16.32 million US dollars), and business logic vulnerabilities ($ 11.28 million).The most vulnerable vulnerabilities are business logic vulnerabilities. Among the 21 contract vulnerabilities, there are 7 times for business logic vulnerabilities.
>
>
Atom Asset (AAX) Escape Anti -Money Laundering (AML) analysis
Recently, the closure Hong Kong Exchange Atom ASSET (AAX) has begun to transfer funds from its wallet to various decentralized exchanges and centralized platforms, which is said to be to avoid anti -money laundering (AML) control.Before being discovered, the last known transactions involved in AAX exchanges wallets occurred in October 2023 and November 2022.Before closure, AAX was one of the largest cryptocurrency exchanges in Hong Kong and had more than 2 million users.
According to the analysis of the Beosin team, it was found that since January 29, 2024, the AAX Exchange began to transfer 2,5100 ETH out of its exchanges. Among them600ETH, a 24000 ETH.The transfer funds converted more than 74 million US dollars according to the current price.
AAX exchange incident
On November 13, 2022, two days after the cryptocurrency exchange FTX applied for bankruptcy, AAX also stopped withdrawing withdrawal due to the exposure of the risk of the transaction and cleared all social channels.Initially, AAX will be frozen due to security measures against malicious attacks.
>
On November 15, 2022, the AAX Exchange issued a statement saying that its platform needs to be maintained. In addition to the suspension of withdrawal, the derivatives will be automatically liquidated.Since then, AAX has stopped platform operation and social media updates.
>
The strange thing is that after 426 days of silence, the AAX exchange wallet began to move, and a large amount of funds began to transfer to other addresses. Try to avoid the recognition and monitoring of AML tools!
>
link: https://etherscan.io/address/0x56c1319b316a327bd889d58633b204536c
Analysis of funds on the AAX exchange event chain
The Beosin Kyt Anti -Money Laundering Analysis Platform conducted in -depth research on the recent chain activities of the AAX Exchange’s wallet, and discovered a series of risk activities.First of all, all 25,100 ETHs have been transferred. The operator has adopted various means to convert some ETH to USDT, and then the funds are transferred to different blockchains through cross -chain bridges to clean the funds.
>
Beosin Kyt Anti -Money Laundering Platform
Among them, most of the funds were transferred to the TRON blockchain, and some addresses were transferred, and then it was deposited in certain addresses without transferring.This behavior shows the obvious attempt to escape AML, trying to cover up the real source and whereabouts of the funds.
>
Beosin Kyt Anti -Money Laundering Platform
The Hong Kong police quickly took action against fraud and arrested two people related to AAX. At present, they are working hard to draw the path of transfer funds and find the assets of the affected users.
The AAX exchange uses technical means such as decentralized exchanges, cryptocurrency exchange and cross -chain bridges to try to blur the path and source of the flow of funds.This has brought huge challenges to regulatory agencies and AML analysis platforms.
>
Most of the stolen assets are frozen and recovered
According to the analysis of Beosin Kyt’s anti -money laundering platform, about $ 303 million (49.2%) of the stolen funds in the first quarter of 2024 were frozen, and 79.45 million US dollars (12.9%) were recovered.This ratio is much higher than 2023.
>
About $ 105.5 billion was transferred to each exchange, accounting for about 17.1%.Compared with 2023, the proportion of hackers to the stolen funds this year increased significantly.This puts forward higher requirements for anti -money laundering and compliance.
A total of 30.12 million US dollars (4.9%) transferred to the mixed coin: 29.9 million US dollars were transferred to Tornado Cash; $ 216,000 transferred to other mixed coins.Compared with last year, the stolen funds that were cleaned through mixed coins in the first quarter of 2024 decreased significantly.
>
The proportion of audited project parties has increased
In 39 attacks, 12 project parties have not been audited, and the project party of 24 incidents has been audited.The proportion of audited project parties is slightly higher than 2023, which shows that the entire web3 industry project party has increased its importance to security.
>
Among the 12 projects that have not been audited, the contract vulnerabilities accounted for 8 (66.7%).In contrast, of the 24 audited projects, the contract vulnerabilities accounted for 13 (54.2%).This shows that the audit can improve the security of the project to a certain extent.
>
43 Rug Pull incidents lost 75.5 million US dollars
In the first quarter of 2024, a total of 43 project party Rug Pull incidents were monitored, involving a amount of $ 75.5 million.
The Rug Pull incident with the top 5 losses is: BITFOREX ($ 56.5 million), Hector Network ($ 2.7 million), Mangofarm ($ 2 million), Ordizk ($ 1.4 million), RiskonBlast ($ 1.3 million).These 5 Rug Pull events are distributed in four chains: Ethereum, Fantom, Solana, and Blast.
>
The total Rug Pull on the Ethereum chain involved a total of $ 59.68 million, accounting for 79%of the total loss.The most Rug Pull incident occurred on the BNB Chain chain, 29 times, accounting for 67.4%of the total number of events.
>
Compared with the previous quarter, the total loss caused by hackers in the first quarter of 2024 due to hacking, fishing fraud, and the project party Rug Pull increased significantly, reaching $ 778 million.In this quarter, the increase in currency prices has a certain impact on the increase in total amount, but in general, the situation in the field of Web3 security is still not optimistic.
The most harmful type of attack this quarter is the leakage of private keys,About 74.3%of the amount of losses came from the private key leakage incident, which was consistent with data in 2023.From the perspective of project types, the private key leaks are located in various fields of Web3: game platforms, DEFI, personal wallets, infrastructure, NFT, payment platforms, gaming platforms, data storage platforms, etc.Each web3 project party/individual users need to be vigilant, offline store private keys, use multiple signatures, use third -party services, and conduct regular security training for privileges.
Most assets of this quarter were frozen and recovered,This marks the improvement of the global regulatory system and the strengthening of money laundering.The proportion of hackers transferred to the stolen funds this quarter also increased significantly. This requires the exchange of hackers in a timely manner, actively cooperating with law enforcement agencies and project parties to freeze funds and regulate certificates.At present, the cooperation between exchanges and law enforcement agencies, project parties, and security teams has achieved relatively obvious results. I believe that more stolen funds will be recovered in the future.
Among the 39 attacks this quarter,There are still 21 self -contract vulnerabilities. It is recommended that the project party sought professional security companies to audit before launch.
