Bitcoin has once again broken historical highs, approaching $99,000, coming close to the $100,000 mark. Reviewing historical data, scams and phishing activities in the Web3 space have emerged in droves during bull markets, with total losses exceeding $350 million. Analysis shows that hackers primarily target the Ethereum network, with stablecoins being the main target. Based on historical trading and phishing data, we conducted an in-depth study of attack methods, target selection, and success rates.
Cryptocurrency Security Ecosystem Map
We have categorized the cryptocurrency security ecosystem projects for 2024. In the field of smart contract auditing, there are established participants such as Halborn, Quantstamp, and OpenZeppelin. Smart contract vulnerabilities remain one of the main attack vectors in the cryptocurrency field, with projects providing comprehensive code reviews and security assessment services each having their strengths.
The DeFi security monitoring section includes professional tools such as DeFiSafety and Assure DeFi, specifically aimed at real-time threat detection and prevention for decentralized finance protocols. Notably, the emergence of AI-driven security solutions is noteworthy.
Recently, meme trading has been very popular, and security check tools like Rugcheck and Honeypot.is can help traders identify potential issues in advance.
USDT is the most stolen asset
According to bitsCrunch data, attacks based on Ethereum account for about 75% of all attack events. USDT is the most attacked asset, with theft amounts reaching $112 million, and the average value of each attack on USDT is about $4.7 million. The second most affected asset is ETH, with losses of about $66.6 million, followed by DAI, with losses of $42.2 million.
It is noteworthy that low market cap tokens also experience a very high volume of attacks, indicating that attackers prey on assets with lower security. The largest incident was a complex fraud attack that occurred on August 1, 2023, resulting in a loss of $20.1 million.
Polygon is the second largest target chain for attackers
Although Ethereum dominates all phishing events, accounting for 80% of phishing transaction volume, theft activities have also been observed on other blockchains. Polygon has become the second largest target chain, accounting for about 18% of transaction volume. Often, theft activities are closely related to on-chain TVL and daily active users, and attackers assess based on liquidity and user activity.
Time Analysis and Attack Evolution
Attack frequency and scale exhibit different patterns. According to bitsCrunch data, 2023 is the year with the highest concentration of high-value attacks, with multiple incidents valued over $5 million. At the same time, the complexity of attacks has gradually evolved from simple direct transfers to more complex approval-based attacks. The average time between significant attacks (greater than $1 million) is about 12 days, primarily concentrated around major market events and the release of new protocols.
Types of Phishing Attacks
Token Transfer Attack
Token transfer is the most direct attack method. Attackers manipulate users to directly transfer their tokens to accounts controlled by the attackers. According to bitsCrunch data, these attacks often have extremely high single-transaction values, leveraging user trust, fake pages, and scam rhetoric to persuade victims to voluntarily initiate token transfers.
These attacks typically follow the pattern of establishing trust through similar domain names, completely mimicking certain well-known websites, while creating a sense of urgency during user interaction and providing seemingly reasonable token transfer instructions. Our analysis shows that the average success rate of such direct token transfer attacks is 62%.
Approval-based Phishing
Approval-based phishing primarily utilizes the interaction mechanism of smart contracts and is a technically complex attack method. In this approach, attackers trick users into providing transaction approvals, thereby granting them unlimited spending rights over specific tokens. Unlike direct transfers, approval-based phishing creates long-term vulnerabilities, and the attacked party's funds will be gradually depleted.
Fake Token Addresses
Address poisoning is a comprehensive multi-faceted attack strategy where attackers create transactions using tokens that have the same name as legitimate tokens but different addresses. These attacks exploit users' negligence regarding address verification to gain profits.
Zero-cost NFT Purchase
Zero-cost purchase phishing specifically targets the digital art and collectibles market within the NFT ecosystem. Attackers manipulate users into signing transactions, significantly lowering the price or even selling their high-value NFTs for free.
Our research identified 22 significant NFT zero-purchase phishing incidents during the analysis period, with an average loss of $378,000 per incident. These attacks exploited the inherent transaction signature process of the NFT market.
Distribution of Stolen Wallets
The data in this chart reveals the distribution pattern of stolen wallets within different transaction price ranges. We found a clear inverse relationship between transaction value and the number of affected wallets— as the price increases, the number of affected wallets gradually decreases.
The number of victim wallets with transactions of $500 to $1,000 is the highest, with about 3,750 wallets, accounting for more than one-third. Victims of smaller transaction amounts often do not pay attention to details. The number of wallets drops to 2,140 for transactions of $1,000 to $1,500. Transactions over $3,000 account for only 13.5% of the total attacked wallets. This shows that the larger the amount, the stronger the security measures, or victims consider more carefully when dealing with larger amounts.
By analyzing data, we reveal the complex and evolving attack methods in the cryptocurrency ecosystem. As the bull market arrives, the frequency of complex attacks will increase, and average losses will also grow, significantly impacting the economy of project parties and investors. Therefore, not only do blockchain networks need to strengthen security measures, but we also need to be more cautious during transactions to prevent phishing incidents.
