Preface
SlowMist Technology released the "Blockchain Security and Anti-Money Laundering Report for the First Half of 2024" (hereinafter referred to as the "Report"). This report summarizes the key regulatory compliance policies and dynamics of the blockchain industry in the first half of 2024, including but not limited to the multi-angle regulatory stance on cryptocurrencies and a series of core policy adjustments. We reviewed and outlined blockchain security incidents and anti-money laundering trends in the first half of 2024, interpreted some common money laundering tools and phishing theft techniques, and proposed effective prevention methods and response strategies for such problems. In addition, we also disclosed and analyzed the major phishing criminal organizations Wallet Drainers and the hacker group Lazarus Group in order to provide a reference for preventing such threats.
Due to space limitations, only the key contents of the report are listed here. The full content can be downloaded via the PDF at the end of the article.
1. Background
According to data from CoinMarketCap, as of June 30, 2024, the total market value of the global cryptocurrency market has reached approximately $2.34 trillion, fully demonstrating the growing momentum of the global blockchain market. However, along with its development momentum comes the increasingly severe challenges facing blockchain security. As blockchain applications expand and deepen, attackers are becoming more sophisticated and complex, constantly breaking through and exploiting vulnerabilities in blockchain systems to attack, resulting in huge losses.
In this context, this report focuses on two aspects: blockchain ecosystem security and anti-money laundering (AML) security, so that everyone can have a comprehensive understanding of current and future blockchain security risks.
2.1 Overview of blockchain security incidents
According to incomplete statistics from the SlowMist Hacked Archive, there were 223 security incidents in the first half of 2024, with losses of up to $1.43 billion. Compared with the first half of 2023 (a total of 185 incidents, with losses of approximately $920 million), the losses increased by 55.43% year-on-year. (Note: This report does not include personal losses in statistics)
https://hacked.slowmist.io/
From the perspective of ecology, Ethereum suffered the highest loss, reaching $400 million. Arbitrum was second, with approximately $72.46 million, and Blast was third, with approximately $70 million. In addition, BSC had the most security incidents, reaching 57, with a loss of approximately $32.12 million.
From the perspective of project tracks, DeFi is the most frequently attacked field. In the first half of 2024, there were 158 DeFi-type security incidents, accounting for 70.85% of the total number of incidents, with losses as high as US$659 million. Compared with the first half of 2023 (a total of 111 incidents, with losses of approximately US$480 million), the losses increased by 37.29% year-on-year. Secondly, the security incident losses on the trading platform reached US$524 million, of which the DMM Bitcoin incident accounted for US$305 million, which was also the security incident with the largest loss in the first half of 2024.
In terms of losses, two incidents caused losses of over 100 million U.S. dollars. The following are the top 10 security attack incidents with the highest losses in the first half of 2024:
In terms of the causes of security incidents, contract vulnerabilities accounted for the largest number of incidents, reaching 56, with losses of approximately $104 million. The second largest number of incidents was security incidents caused by absconding, reaching 50.
2.2 Phishing/theft techniques
This section extracts some of the phishing and theft methods disclosed by SlowMist in the first half of 2024:
Fishing with the same first and last number
Malicious extensions
Malicious Trojans
Malicious bookmark phishing
Signature Authorization Phishing
3. Anti-money laundering situation
3.1 Anti-money laundering and regulatory developments
This section will highlight the major developments in Anti-Money Laundering (AML) and regulatory dynamics in the cryptocurrency space:
Chinese Courts
China Hong Kong
Singapore
US Regulation
European Parliament
the Middle East
3.2 Security incidents and anti-money laundering
Funds Freeze Data
Tether: In the first half of 2024, a total of 374 ETH addresses were blocked, and the USDT-ERC20 assets on these addresses were frozen and could not be transferred.
Circle: In the first half of 2024, a total of 28 ETH addresses were blocked, and the USDC-ERC20 funds on these addresses were frozen and could not be transferred.
With the strong support of SlowMist’s intelligence network partners, SlowMist assisted customers, partners and public hacking incidents in freezing funds of approximately US$24.39 million in the first half of 2024.
Funds return data
In the first half of 2024, there were 16 incidents in which the lost funds were fully or partially recovered after the attack. In these 16 incidents, the total amount of stolen funds was approximately US$113 million, of which nearly US$98.64 million was returned, accounting for 87.3% of the stolen funds.
3.3 Hacker Group Profile and Dynamics
This section provides a detailed analysis of the modus operandi of the hacker group Lazarus Group and the phishing service Drainers.
Lazarus Group
Drainers
3.4 Money laundering tools
This section conducts a statistical analysis of the capital flow and direction of the money laundering tools Tornado Cash and eXch.
(Tornado Cash: https://dune.com/misttrack/first-half-of-2024-stats)
eXch: https://dune.com/misttrack/first-half-of-2024-stats 4. Final Thoughts
In general, we hope that this report can provide readers with an analysis and interpretation of the security status of the blockchain industry, help readers have a more comprehensive understanding of the security and anti-money laundering status of the blockchain industry, and contribute to promoting the development of blockchain ecological security.
Finally, I would like to thank every ecological partner, including our service customers, media partners, Black Manual contributors, and Slow Mist partners. It is your great help that has strengthened our determination to keep making progress and continue to be a good guardian of the blockchain. I hope we can continue to join forces and work together to bring more light to the dark forest of blockchain.
Disclaimer
The content of this report is based on our understanding of the blockchain industry, the data support of SlowMist Hacked, the SlowMist blockchain hack archive, and MistTrack, the anti-money laundering tracking system. However, due to the "anonymous" nature of blockchain, we cannot guarantee the absolute accuracy of all data, nor can we be held responsible for errors, omissions, or losses caused by the use of this report. At the same time, this report does not constitute any investment advice or other analysis.
If there are omissions or deficiencies in this report, we welcome your criticism and correction.
This is the end of the introduction. For the full version, please read and share :)
https://www.slowmist.com/report/first-half-of-the-2024-report(CN).pdf
