Written by Beosin
It's time for the monthly security inventory again! According to the monitoring of blockchain security audit company Beosin Alert, in June 2024, the amount of losses from various security incidents dropped significantly compared with May. In June 2024, more than "18" typical security incidents occurred, and the total loss amount caused by hacker attacks, phishing scams and rug pulls reached 183 million US dollars, a decrease of about 60% from May. Among them, the attack incidents were about 141 million US dollars, a decrease of about 60%; the phishing scam incidents were about 37.4 million US dollars, a decrease of about 61.6%; the rug pull incidents were about 4.12 million US dollars, an increase of about 102%.
This month, there have been multiple hacker attacks with losses exceeding 10 million US dollars, involving a variety of project types: British exchange Lykke, DeFi lending platform UwU Lend, NFT protocol Holograph, Turkish exchange BtcTurk, and portfolio management company CoinStats. This month, there have also been two phishing scams with losses exceeding 10 million US dollars, so users need to be vigilant.
A total of 9 typical security incidents occurred in terms of hacker attacks
No.1 On June 2, the DEX project Velocore was attacked on the zkSync Era and Linea chains, resulting in a loss of approximately $6.8 million.
No.2 On June 4, the British cryptocurrency exchange Lykke was hacked and $22 million worth of cryptocurrency was stolen.
No.3 On June 9, the Ethereum Layer 2 protocol Loopring wallet was attacked, resulting in a loss of approximately US$5 million.
No.4 On June 10, the DeFi lending platform UwU Lend was attacked and nearly $19.3 million in cryptocurrency was stolen. On June 13, UwU Lend was attacked again by the same attacker and $3.72 million was stolen.
No.5 On June 10, the Blast ecosystem project YOLO Games lost $1.5 million due to a security vulnerability in its smart contract.
No.6 On June 14, the full-chain NFT protocol Holograph was attacked, and hackers illegally minted 1 billion HLG tokens, with a total loss of approximately US$14.4 million.
No.7 On June 22, the Turkish cryptocurrency exchange BtcTurk said it was hacked and lost at least $55 million.
No.8 On June 22, the online gambling platform Sportsbet was attacked by BTCTurk hackers, resulting in losses of more than $3.5 million.
No.9 On June 22, cryptocurrency portfolio management company CoinStats suffered an attack due to a server configuration error, resulting in a loss of approximately $10 million.
Phishing scams/Rug Pulls: 5 typical security incidents
No.1 On June 1, an address starting with 5G9Dpk suffered a phishing attack, resulting in a loss of approximately US$11.2 million.
No.2 On June 5, an address starting with 0xa38a suffered a phishing attack, resulting in a loss of approximately US$2.12 million.
No.3 On June 8, the Gemholic project on the ZKsync chain experienced a rug pull, resulting in a loss of approximately US$3.4 million.
No.4 On June 22, a rug pull occurred in the GUNIT project on the Solana chain, and the scammers made a profit of approximately US$720,000.
No.5 On June 23, an address starting with 0xfb94 suffered a phishing attack, resulting in a loss of approximately US$11 million.
There were 4 typical security incidents in crypto crime
No.1 On June 15, the United States charged two men with operating the dark web market Empire Market, and law enforcement agencies seized $75 million in cryptocurrencies and other assets.
No.2 According to news on June 17, former shareholders and senior executives of Huludao Bank were involved in a virtual currency money laundering case involving 1.8 billion yuan.
No.3 On June 20, the U.S. Department of Justice filed a lawsuit against 24 suspected money launderers. They allegedly transferred more than $50 million in drug sales proceeds for the Sinaloa drug cartel through large amounts of cash, purchases of cryptocurrencies, and cooperation with "Chinese underground banks."
No.4 On June 20, the UK Financial Conduct Authority (FCA) and the London Police arrested two suspects suspected of operating illegal cryptocurrency businesses, suspected of buying and selling more than 1 billion pounds (about 1.3 billion US dollars) of crypto assets through their businesses.
Supervision, compliance and policy
No.1 In June 2024, the Dubai Financial Services Authority (DFSA) announced amendments to its cryptocurrency token regime to strengthen and advance the regulatory framework for tokens within its special economic zones.
These changes are derived from the recommendations made in the "Consultation Paper No. 153 - Update of Crypto Token System" published in January 2024, covering multiple aspects, including the ability of external and foreign funds to invest in the unit offering of recognized cryptocurrencies, the ability of domestic qualified investor funds to invest in unrecognized cryptocurrencies, and the custody of cryptocurrencies. In addition, this amendment adopts anti-financial crime compliance guidelines to address financial crime issues, including the application of the "travel rule", transaction monitoring and blockchain analysis, and the fees for recognized crypto tokens.
No.2 On June 20, 2024, the Singapore government released a 126-page money laundering risk assessment report, which deeply assessed the money laundering risks currently faced by Singapore. The report pointed out that in the process of attracting the world's super-rich and building an international financial wealth center, Singapore also faces severe anti-money laundering challenges and is easily used as a channel for laundering funds from overseas financial fraud and other crimes. In a recent money laundering case, the Singapore authorities seized more than 1.5 billion Singapore dollars from the relevant bank accounts.
In view of the new situation in the current blockchain security field, "Beosin" summarizes here:
In general, the amount of losses from various blockchain security incidents dropped significantly in June 2024. 67% of the losses from attacks this month came from private key leaks, and the types of projects attacked were diverse. It is recommended that all project owners and users should strengthen private key management and conduct regular security training for high-privileged employees. Phishing scams have not decreased this month. It is recommended that users keep private keys properly, carefully verify signature information, and carefully check the correctness of addresses before transferring money.