Beosin Beosin 2024-06-03 10:00 Singapore

It's time for the monthly security inventory again! According to Beosin Alert, a blockchain security audit company, the amount of losses from various security incidents in May 2024 increased significantly compared to April. In May 2024, more than 28 typical security incidents occurred, and the total loss amount caused by hacker attacks, phishing scams and Rug Pulls reached 454 million US dollars, an increase of about 349% compared to April. Among them, the attack incidents were about 355 million US dollars, an increase of about 574%; the phishing scam incidents were about 97.4 million US dollars, an increase of about 754%; the Rug Pull incidents were about 2.04 million US dollars, a decrease of about 94.5%.

The biggest security incident this month was the loss of approximately $300 million in Bitcoin by Japanese crypto exchange DMM Bitcoin. In addition, there were two hacker attacks with losses exceeding $10 million: the gaming platform Gala Games lost $22.5 million due to private key leaks, and Sonne Finance lost $20 million due to contract vulnerabilities. Phishing scams increased significantly this month, with multiple phishing incidents with losses exceeding $1 million, including one address poisoning scam with a loss of $72 million. Crypto crime cases continued to increase this month, with many crimes involving more than $100 million.

Hacker attacks

A total of 12 typical safety incidents occurred

No.1 On May 5, GNUS on the Fantom chain was attacked, resulting in a loss of approximately $1.27 million.

No.2 On May 9, the Blast Ecosystem Bloom project was attacked, resulting in a loss of approximately $540,000. 90% of the stolen funds have been recovered (minus 10% of the bug bounty).

No.3 On May 10, the Web3 game project Galaxy Fox was attacked, resulting in a loss of approximately $300,000.

No.4 On May 10, the Base ecosystem Tsuru was attacked, resulting in a loss of approximately $410,000.

No.5 On May 14, the Arbitrum on-chain DEX project Predy Finance was attacked, resulting in a loss of approximately US$460,000.

No.6 On May 15, Bitcoin DeFi tool Alex Lab lost a total of approximately US$6.3 million on the Stacks and BSC chains due to the theft of private keys.

No.7 On May 15, Sonne Finance, a Compound fork project on the Optimism chain, was attacked due to a contract vulnerability, resulting in losses of $20 million.

No.8 On May 16, the Solana ecosystem pump.fun project was attacked, resulting in a loss of approximately $1.9 million. Afterwards, a former employee of the project openly admitted the theft on Twitter.

No.9 On May 20, the Web3 gaming platform Gala Games was hacked and the hacker minted 5 billion GALA tokens. The attacker has returned ETH worth about $22.5 million.

No.10 On May 21, the TON ecosystem Launchpad platform TonUP was attacked due to engineers misconfiguring script parameters, resulting in a loss of approximately $107,000.

No.11 On May 26, the Base ecosystem Meme coin Normie was attacked, resulting in a loss of approximately $490,000.

No.12 On May 31, Japanese crypto exchange DMM Bitcoin was attacked, resulting in losses of up to $300 million. About 4,502 BTC were distributed to 10 addresses.

Phishing/Rug Pull

A total of 『6』 typical safety incidents occurred

No.1 On May 3, a certain giant whale address suffered an address poisoning scam, with a loss of 72 million US dollars.

No.2 On May 14, a Rugpull occurred in the fake Pii Park project on the Polygon chain, and the deployer made a profit of approximately US$490,000.

No.3 On May 14, a certain address starting with 0xff49 was the victim of a phishing scam by Pink Drainer, resulting in a loss of approximately $1.66 million.

No.4 On May 16, an address starting with 0x719e suffered a phishing scam, resulting in a loss of approximately $1.25 million.

No.5 On May 18, an address starting with 0xee6a was the victim of a phishing scam, resulting in a loss of Pendle yield tokens worth approximately $5.6 million.

No.6 On May 26, an address starting with 0x2154 was the victim of a phishing scam, resulting in a loss of approximately US$6.9 million.

Crypto Crime

A total of 『10』 typical safety incidents occurred

No.1 On May 2, the US FBI uncovered a Ponzi scheme that used crypto investment as bait, involving a total amount of US$43 million.

No.2 On May 10, the Jilin police uncovered a case of illegal underground banking using virtual currency, involving a total amount of approximately RMB 2.14 billion.

No.3 On May 14, Alexey Pertsev, one of the developers of the Tornado Cash mixing service, was convicted of money laundering and sentenced to 64 months in prison in the Netherlands.

No.4 According to news on May 15, the Chengdu police recently cracked a major underground money laundering case using USDT as a medium, involving a total of 13.8 billion yuan.

No.5 On May 15, Canada’s “Crypto King” and his accomplices were arrested and accused of defrauding investors of $30 million through cryptocurrency and foreign exchange investment plans.

No.6 On May 17, the U.S. Department of Justice arrested two Chinese nationals on suspicion of leading a money laundering scheme related to an international cryptocurrency investment scam, with an amount of at least US$73 million.

No.7 On May 21, U.S. authorities arrested and charged a Taiwanese man with operating a dark web drug trading market, allegedly using the website to sell more than $100 million worth of illegal narcotics, including fentanyl, using cryptocurrencies.

No.8 On May 24, Jian Wen, a British woman of Chinese descent, was sentenced to 6 years and 8 months in prison by a British court for assisting in the money laundering case of 61,000 bitcoins in the UK (Tianjin Lantian Green's 43 billion yuan illegal fund-raising case).

No.9 On May 26, the former president of Heartland Tri-State Bank in the United States pleaded guilty to embezzling $47.1 million and causing the bank to collapse. The embezzled funds were transferred to a cryptocurrency account.

No.10 On May 31, Turkey detained 127 suspects suspected of "international fraud through a Ponzi scheme" that allegedly stole more than $1 billion in the past few years.

Supervision, compliance and policy

No.1 On May 7, Emilio B. Aquino, chairman of the Securities and Exchange Commission (SEC) of the Philippines, said that the commission plans to launch a regulatory framework for crypto assets and their trading in the second half of this year. Cryptocurrency exchanges targeting Filipinos must obtain the necessary licenses required by Republic Act No. 8799 before commencing operations.

No.2 On May 22, the U.S. House of Representatives passed a bill by 279 votes to 136 to create a new legal framework for digital currency - the 21st Century Financial Innovation and Technology Act (FIT21), which aims to clarify the regulatory responsibilities of the U.S. SEC and CFTC for digital assets.

No.3 On May 28, the South African Financial Intelligence Centre (FIC) proposed a directive on the transfer of crypto assets. The directive follows the South African Financial Sector Conduct Authority's licensing of 75 crypto asset service providers (CASPs). The FIC aims to tighten regulation by requiring CASPs to implement more detailed and stricter requirements for digital transactions.

No.4 On May 29, Canada is expected to adopt the international Crypto-Asset Reporting Framework (CARF) for taxation by 2026. CARF will impose new reporting requirements on crypto-asset service providers (CASPs), such as cryptocurrency exchanges, crypto-asset brokers and traders, and crypto-asset ATM operators, whether individuals or corporate entities.

No.5 On May 31, the Acting Financial Secretary of the Hong Kong Special Administrative Region Government, Michael Wong, delivered a keynote speech at the 2024 Caixin Summer Summit, stating that Hong Kong will continue to fully promote financial innovation, with key areas including DeFi (decentralized finance) related to financial technology, green finance, Web3 (third-generation Internet), virtual assets, etc.

In view of the new situation in the current blockchain security field, "Beosin" summarizes here:

In general, the amount of losses from various blockchain security incidents increased in May 2024. This month's attacks involved many chain platforms, including Ethereum, BNB Chain, Blast, Fantom, Stacks, Optimism, Arbitrum, Solana, Ton, Base, etc., indicating that hackers are looking for opportunities on different chains. It is recommended that all project parties and users should improve their security awareness. Phishing scams have increased significantly this month. Users are advised to properly keep private keys, carefully verify signature information, and carefully check the correctness of addresses before transferring money.