The monthly security incident highlights of Zero Hour Technology have begun! According to statistics from some blockchain security risk monitoring platforms, in May 2024, the amount of losses from various security incidents increased compared with April. In May, more than 37 typical security incidents occurred, and the total loss amount caused by hacker attacks, phishing scams and Rug Pulls reached 154 million US dollars, an increase of about 52.5% from April. Among them, the attack incidents were about 54.51 million US dollars, an increase of about 3.7%; the phishing scam incidents were about 97.40 million US dollars, an increase of about 754%; the Rug Pull incidents were about 2.04 million US dollars, a decrease of about 94.5%.
In addition, there are some specific security incidents and new news, which will be described in detail below.
Hacker attacks
11 typical security incidents
(1) On May 5, GNUS on the Fantom chain was attacked, resulting in a loss of approximately US$1.27 million.
(2) On May 9, the Blast ecosystem Bloom project was attacked, resulting in a loss of approximately US$540,000. 90% of the stolen funds have been recovered (minus 10% of the bug bounty).
(3) On May 10, the Web3 game project Galaxy Fox was attacked, resulting in a loss of approximately US$300,000.
(4) On May 10, the Base ecosystem Tsuru was attacked, resulting in a loss of approximately US$410,000.
(5) On May 14, the Arbitrum on-chain DEX project Predy Finance was attacked, resulting in a loss of approximately US$460,000.
(6) On May 15, Bitcoin DeFi tool Alex Lab suffered a total loss of approximately US$6.3 million on the Stacks and BSC chains due to the theft of private keys.
(7) On May 15, Sonne Finance, a Compound fork project on the Optimism chain, was attacked due to a contract vulnerability, resulting in a loss of $20 million. After the incident, Seal contributors saved about $6.5 million by adding about $100 worth of VELO to the market. The attack exploited a vulnerability in the newly added market. Within two days of the market being created, the attacker used the multi-signature wallet and time lock function to execute key transactions and successfully manipulated the market's collateral factors (c-factors).
(8) On May 16, the Solana ecosystem pump.fun project was attacked, resulting in a loss of approximately $1.9 million. The attacker then began to airdrop funds into some random wallets. pump.fun tweeted that the attack was caused by a former employee who used his privileges in the company to illegally obtain withdrawal permissions and carried out a flash loan attack with the help of the loan agreement.
(9) On May 20, the Web3 gaming platform Gala Games was attacked, resulting in a loss of approximately $21.8 million. The attacker minted 5 billion GALA tokens, worth more than $200 million, and then quickly sold 592 million GALA tokens for 5,952 ETH. On May 22, according to on-chain records and Gala Gamesâ statement on Discord, the hacker returned 5,913.2 ETH.
(10) On May 21, the TON ecosystem Launchpad platform TonUP was attacked due to an engineerâs incorrect configuration of script parameters, resulting in a loss of approximately US$107,000.
(11) On May 26, the Base ecosystem Meme coin Normie was attacked, resulting in a loss of approximately US$490,000.
Rug Pull / Phishing Scam
6 typical safety incidents
(1) On May 3, a certain whale address was poisoned by a scam, resulting in a loss of USD 72 million.
(2) On May 14, a fake Pii Park project on the Polygon chain was rigged and the deployer made a profit of approximately US$490,000.
(3) On May 14, a certain address starting with 0xff49 was the target of a phishing scam by Pink Drainer, resulting in a loss of approximately US$1.66 million.
(4) On May 16, an address beginning with 0x719e was the victim of a phishing scam, resulting in a loss of approximately US$1.25 million.
(5) On May 18, an address starting with 0xee6a was the victim of a phishing scam, resulting in a loss of approximately USD 5.6 million worth of Pendle yield tokens.
(6) On May 26, a certain address starting with 0x2154 was the victim of a phishing scam, resulting in a loss of approximately US$6.9 million.
Crypto Crime
20 typical security incidents
(1) On May 19, the People's Court of Chongqing Liangjiang New Area (FTZ) concluded a highly-watched case of a commission contract dispute involving a dispute over the commission of a pyramid scheme member to purchase virtual currency. After the trial, the court determined that the commission contract violated the mandatory provisions of national laws and administrative regulations and should be deemed invalid. After the first-instance judgment was pronounced, Zhou was dissatisfied and filed an appeal. The Chongqing First Intermediate People's Court made a second-instance judgment, dismissing the appeal and upholding the original judgment. At present, the judgment has come into effect and has been automatically executed.
(2) In May, the police in Maiji District, Tianshui City, traveled through five provinces and nine cities to dismantle a virtual currency money laundering gang, arrested 13 criminal suspects, and recovered more than one million yuan in stolen money. Currently, criminal compulsory measures have been taken against the 13 criminal suspects in accordance with the law, and the case is under further investigation.
(3) On May 15, the Chengdu Public Security Bureau announced the investigation process of a major underground bank case involving virtual currency. The case involved a sum of 13.8 billion yuan, 193 suspects were arrested, and 149 million yuan of funds involved were frozen. Relevant clues were obtained in November 2022. On June 1, 2023, under the command of the Ministry of Public Security and the Public Security Department, 25 suspects including Lin, Weng, and Chen were arrested, and a large number of bank cards, U-shiels and other payment tools used to commit crimes were seized.
(4) On May 13, the Public Security Bureau of Panshi City, Jilin Province, successfully cracked a case of illegal operation of underground banks using virtual currency, involving an amount of approximately RMB 2.14 billion, and arrested six suspects who committed crimes in China and South Korea. The police found that the criminal gang in this case used domestic accounts to receive and transfer funds, OTC virtual currency trading, and Korean won settlement to illegally engage in foreign exchange business, helping Korean purchasing agents, cross-border e-commerce, import and export trading companies and other groups to realize the exchange of RMB and Korean won.
(5) On May 11, the Mingxi police in Fujian Province uncovered a virtual currency fraud case. Li met a stranger through a foreign chat software. Under the deception of the stranger, he wanted to make money by buying "USDT" virtual currency and then reselling it to earn the difference. He transferred money to the man several times to buy "USDT" virtual currency. After receiving the money, the man fabricated various reasons to refuse to provide "USDT" virtual currency to Li. In the end, Li was defrauded of 387,000 yuan. On May 11, the Mingxi police went to Sichuan and successfully arrested the fraud suspect Zhao.
(6) On May 16, the Anti-Fraud Center of the Public Security Bureau of Sunwu County, Heihe City, Heilongjiang Province, immediately organized police forces to carry out the work after discovering clues of a telecommunications network fraud. After learning about it, the police found that Wu Moumou, a resident of a certain city in Jiangxi Province, was suspected of colluding with others to use virtual currency to help telecommunications fraudsters launder money, and quickly identified the suspect. On the same day, the police arrested four suspects, including Wu Mouyuan, Chen Mou, Liu Mouhua, and Wang Mouwei, in a certain city in Jiangxi Province.
(7) On May 16, Hong Kong police arrested three local men in a suspected cryptocurrency fraud case. A man tried to resell Tether (USDT) worth about 1 million Hong Kong dollars in a store in Tsim Sha Tsui, but was defrauded of paying ghost money.
(8) On May 14, the Hong Kong police arrested a cross-border money laundering gang. It is reported that the Hong Kong Police Commercial Crime Bureau targeted a cross-border money laundering group in November 2023. The investigation found that the group recruited mainlanders to open puppet bank accounts in Hong Kong between September 2023 and March 2024, and defrauded victims through various types of fraud cases. According to the instructions of the fraudsters, the victims deposited the fraudulent funds into the puppet accounts controlled by the criminal group. The group then withdrew the fraudulent funds from the puppet accounts in cash and purchased cryptocurrencies on over-the-counter (OTC) cryptocurrency exchanges. At the same time, they opened accounts on overseas cryptocurrency platforms under false identities and deposited the cryptocurrencies purchased with the fraudulent funds, which were then transferred to multiple cryptocurrency wallets to launder the proceeds of the crime.
(9) The U.S. Department of Justice indicted and arrested Cartier, an heir to Cartier jewelry, on charges of using USDT to launder money, allegedly in collusion with a Colombian drug cartel. Cartier, along with five Colombian nationals, attempted to import 100 kilograms of cocaine and launder hundreds of millions of dollars, mostly through over-the-counter (OTC) USDT transactions. They had actually successfully laundered $14.5 million before their arrest. Cartier is currently being held in a Miami detention center, while his accomplices are being held in a Colombian prison.
(10) The U.S. Department of Justice arrested a botnet leader who orchestrated a $130 million cyber fraud. According to the indictment on May 29, the suspect was suspected of "creating and spreading malware to invade and aggregate millions of home Windows computer networks around the world." An independent analysis by blockchain analysis company Chainlysis showed that wallet addresses associated with the suspect held a total of more than $130 million in digital assets earned through illegal commissions.
(11) On May 17, an indictment was made public in the Central District of California, accusing two Chinese nationals of playing a major role in a money laundering scheme involving a cryptocurrency investment scam. They were accused of leading a money laundering scheme related to an international crypto investment scam, with the amount of at least US$73 million.
(12) On May 1, the FBI uncovered a Ponzi scheme led by Idin Dalpour that used crypto investments as bait, with the amount involved being US$43 million.
(13) On May 14, Alexey Pertsev, one of the developers of the Tornado Cash currency mixing service, was found guilty of money laundering and sentenced to 64 months in prison in the Netherlands.
(14) On May 15, Canadaâs âCrypto Kingâ and his accomplices were arrested and accused of defrauding investors of $30 million through cryptocurrency and foreign exchange investment schemes.
(15) On May 21, U.S. authorities arrested and charged a Taiwanese man with operating a dark web drug trading market, allegedly using the site to sell more than $100 million worth of illegal narcotics, including fentanyl, using cryptocurrency.
(16) Paraguayan authorities have arrested nearly 400 Bitcoin miners in the city of Sapucay. The operation was carried out jointly by the police and the National Electricity Administration (ADE) as part of an investigation into suspected electricity theft.
(17) On May 31, Turkish authorities launched a crypto operation in 21 provinces in Ankara, detaining 127 suspects on suspicion of "international fraud through Ponzi schemes" and "crimes and laundering of criminal assets". In this operation, the authorities seized more than 177 real estate and 61 movable properties worth 1 billion Turkish liras. In addition, they confiscated an unlicensed firearm, a blank-loading gun and some crypto assets.
(18) On May 26, Malaysian law enforcement authorities arrested a criminal gang suspected of using cryptocurrency to launder money. A total of 10 people were arrested. In a raid between May 13 and 21, law enforcement officers seized 129 vehicles with a total value of approximately US$3.8 million (RM18 million), as well as brand-name watches, 18 luxury cars, motorcycles and handbags worth more than US$3.9 million, and froze bank accounts with a total value of approximately US$10.8 million. The gang is suspected of making illegal profits through fraudulent transactions of high-end license plates and luxury brand watches, and transferring funds to Malaysia through unregistered exchangers and cryptocurrency transactions.
(19) The Texas State Securities Commission has issued a cease and desist order to Arkbit Capital, alleging that it engaged in fraudulent crypto cloud mining activities. According to the order, the Texas State Securities Commission found that Arkbit Capital and its affiliated entities engaged in fraudulent activities, including the use of deceptive image and video processing technology to promote their investment programs. Arkbit falsely claimed to operate a data center located in Arkansas for cloud mining of various cryptocurrencies, promising a 120-day daily return on investment of 1.6-2.8% on digital asset deposits between US$50 and US$49,999.
(20) On May 26, Indian citizen Chirag Tomar pleaded guilty to federal charges of stealing more than $37 million by deceiving the Coinbase website. He pleaded guilty to wire fraud, which carries a maximum sentence of 20 years in prison and a $250,000 fine. Chirag Tomar and his accomplices designed a fake Coinbase Pro website to trick users into entering their login credentials and two-factor authentication codes. They were arrested at the Atlanta airport when they entered the United States on December 20 last year and are currently in federal custody.
Summarize
From the analysis of the above-mentioned incidents, the amount of losses in May increased compared with April, among which there were two hacker attacks with losses exceeding 10 million US dollars: the game platform Gala Games lost 22.5 million US dollars due to private key leakage, and Sonne Finance lost 20 million US dollars due to contract loopholes.
The Zero Hour Technology Security Team recommends that project parties always remain vigilant, carry out internal security training and authority management, enhance employees' security awareness and avoid internal malicious activities.
Note:
The contents of this article are collected and collated from public information.
Important reminder: This article only organizes industry information and does not constitute any investment advice or guarantee.
