Author: SlowMist AML Team
Full content is available here
1. Overview
In 2024, the blockchain industry is moving forward in the battle between security and innovation. Against this background, this report reviews the key regulatory compliance policies and anti-money laundering trends in the blockchain industry in 2024, summarizes blockchain security incidents in 2024, and sorts out typical fraud methods. In addition, we also invited the Web3 anti-fraud platform ScamSniffer to write about phishing Wallet Drainers. At the same time, we analyzed and counted the money laundering methods and profits of North Korean hackers. We hope that this report will provide readers with useful information, help practitioners and users to have a more comprehensive understanding of the current status and solutions of blockchain security, and contribute to promoting the safe development of the blockchain ecosystem.
II. Blockchain Security Situation
According to statistics from the SlowMist Hacked database, there were 410 security events in 2024, resulting in losses of up to $2.013 billion. In comparison to 2023 (464 events, losses about $2.486 billion), the losses decreased by 19.02% year-on-year.
Note: The data in this report is based on token prices at the time of the events. Due to price fluctuations and the exclusion of losses from some undisclosed events, the actual losses are expected to be higher than the statistical results.
(https://hacked.slowmist.io/statistics/?c=all&d=2024)
Overview of Blockchain Security Events
From the perspective of project tracks, DeFi remains the most attacked field. In 2024, there were a total of 339 DeFi security events, accounting for 82.68% of the total number of security events, with losses reaching $1.029 billion, compared to 2023 (282 events, losses about $773 million), representing a year-on-year increase of 33.12%.
(Distribution and Loss of Security Events in Various Tracks in 2024)
(Distribution and Loss Comparison of DeFi Security Events in 2023 and 2024)
In terms of ecosystems, Ethereum suffered the highest losses at $465 million, followed by BSC at $87.35 million.
(Distribution and Loss of Security Events in Various Ecosystems in 2024)
From the perspective of the causes of events, security events caused by contract vulnerabilities are the most frequent, totaling 99 incidents, leading to losses of approximately $214 million, followed by security events caused by account hacking.
(2024 Security Event Techniques Chart)
Typical Attack Events
This section highlights the top 10 security attack events by losses in 2024. For details, see the PDF document at the end.
(Top 10 Security Attack Events by Losses in 2024)
Rug Pull
Rug Pull is a scam where malicious project parties create hype to attract user investments, and when the time is ripe, they 'pull the rug' and run away with the funds. According to statistics from the SlowMist Hacked database, there were 58 Rug Pull incidents in 2024, resulting in losses of approximately $106 million. Among them, the zkSync ecosystem suffered the highest loss at $36.95 million, while the BSC ecosystem experienced the most exit scams, totaling 28 incidents.
(Top 10 Exit Scam Events by Losses in 2024)
(Distribution and Loss of Exit Scams in Various Ecosystems in 2024)
With the rise of meme coins, many users, driven by speculation and FOMO emotions, overlook potential risks. Some issuers can hype up interest and attract users to buy tokens based solely on a concept or slogan, without needing to present a vision or provide a white paper. The low cost of malicious acts has led to a proliferation of exit scams. After users' funds are rug-pulled by malicious project parties, they often face a long and difficult process to recover their funds. In this regard, the SlowMist security team advises users to thoroughly understand the project's background and team information and to carefully choose investment projects to avoid potential risks before participating.
Phishing
Note: This subsection focuses on analyzing Wallet Drainer attacks on EVM-compatible chains, generously written by ScamSniffer, for which we express our gratitude.
Wallet Drainer is an attack method deployed on phishing websites that steals crypto assets by inducing users to sign malicious transactions. In 2024, such attacks caused losses of approximately $494 million, a year-on-year increase of 67%. Although the number of victims increased only by 3.7% (reaching 332,000 addresses), the losses per attack significantly increased, with the largest single theft amount reaching $55.48 million.
(Key Data Indicators of Wallet Drainer Attacks in 2024)
1. Important Nodes
Pink Exit (End of May): Market share 28%, absorbed by Inferno.
Angel Takes Over Inferno (End of October): Angel's share declines, Inferno maintains a 40-45% market share.
2. Evolution of Market Landscape
Q1-Q2: Three Major Leaders (Angel: 42%, Pink: 28%, Inferno: 22%)
Q3: Duopoly Competition (Inferno: 43%, Angel: 25%)
Q4: New Pattern (Inferno and Angel: 45%, Acedrainer: 20%, Other New Drainers: 25%)
As of 2024, known losses from phishing signatures reached $790 million. Although such attacks decreased in the second half of the year, this may indicate that attackers are shifting to other methods of attack, such as malware and other more covert means. With the development of the Web3 ecosystem, the challenge of protecting user asset security remains. Regardless of how attack methods change, ongoing security awareness and capacity building are always key to protecting asset security.
Fraud
This section selects some fraud techniques disclosed in 2024:
1. Mining Scam
2. Arbitrage Scam
3. Airdrop Scam
4. Theft X Scam
5. Pixiu Plate
6. Malicious Trojan
III. Anti-Money Laundering Situation
This section is divided into four parts: Anti-Money Laundering and Regulatory Dynamics, Anti-Money Laundering Data, North Korean Hackers, and Coin Mixing Tools.
Anti-Money Laundering and Regulatory Dynamics
In 2024, the regulatory environment for cryptocurrencies underwent significant developments, most notably the EU's implementation of the MiCA regulation and the US's advancement of stablecoin legislation. In terms of law enforcement, stricter measures have been introduced worldwide to combat illegal activities, with significant progress in stablecoin regulation, cross-border crypto policies, and law enforcement actions targeting major participants in the crypto space. For specific policies and law enforcement actions, please refer to the PDF at the end.
Anti-Money Laundering Data
1. Fund Freezing Data
With strong support from partners in the InMist intelligence network, SlowMist assisted clients, partners, and publicly hacked events in freezing funds totaling over $112 million in 2024.
In 2024, Tether froze approximately $540 million of USDT; in 2024, Circle froze approximately $13.36 million of USDC.
(https://dune.com/misttrack/2024)
2. Fund Recovery Data
In 2024, there were 410 security events, with 24 events able to fully or partially recover lost funds after being attacked. Based on disclosed data, approximately $166 million was returned, accounting for 8.25% of the total security losses (approximately $2.013 billion).
North Korean Hackers
In 2024, North Korean hacker groups were implicated in several cyber theft cases, resulting in hundreds of millions of dollars of cryptocurrency being stolen. Below is a list of significant events committed by North Korean hacker groups (data source: SlowMist Hacked):
This section focuses on analyzing the attack methods of North Korean hackers and introduces their money laundering methods using the BingX incident followed up by SlowMist as an example.
Coin Mixing Tools
1. Tornado Cash
(https://dune.com/misttrack/2024)
2. eXch
(https://dune.com/misttrack/2024)
3. Railgun
Railgun has implemented Private Proof of Innocence (PPOI), using zero-knowledge proofs to ensure that users can verify their funds are not related to illegal activities without compromising privacy. This innovation strikes a critical balance between privacy and compliance, making it harder for malicious actors to use the platform for money laundering.
IV. Summary
In 2024, the blockchain industry faces new opportunities and challenges amid continuous innovation and transformation; various security events and anti-money laundering dynamics provide us with profound warnings and prompt us to pay more attention to industry norms and technical safeguards. Through the analysis of blockchain security events and money laundering cases in 2024, we hope to raise awareness of industry security among all parties.
In the future, as the regulatory framework gradually improves and technological means continue to upgrade, we have reason to believe that the blockchain industry will move towards a more secure, transparent, and compliant direction. We hope this report can provide valuable information to readers, helping them gain a more comprehensive understanding of the current state of blockchain security and anti-money laundering efforts, and we look forward to working together to contribute to building a more secure, stable, and trustworthy blockchain ecosystem.
