In a major setback for the crypto industry, February 2024 saw a series of unfortunate events, resulting in losses totaling a significant $67 million. Hacks dominated, causing 97.54% of the damage, with the remaining losses attributed to fraud. Despite this, the losses were slightly less than January 2024, indicating potential improvements in security or increased caution among the crypto community.
A $200 Million Hit
Immunefi’s February report disclosed a whopping $200 million loss due to hacks and frauds in the crypto market. The worst-hit were PlayDapp, a crypto gaming platform, and FixedFloat, a decentralized exchange, losing $32.35 million and $26.1 million, respectively. Even Duelbits, an online casino with crypto features, wasn’t spared, facing a loss of $4.6 million.
Together, these incidents contributed to $63.05 million of February’s total losses.
Ethereum – A Key Target?
Ethereum emerged as the prime target in February 2024, enduring 12 attacks, while projects on BNB Chain and Bitcoin each faced one. DeFi platforms bore the brunt, constituting 97.54% of total losses, leaving CeFi unscathed.
The crypto industry’s yearly losses hit $200 million, marking a 15.4% increase compared to the same period last year. Notably, certain attacks were omitted from the January and February reports, including incidents on Seneca, LastPass users, the MIM stablecoin, and a $112 million attack on Ripple co-founder Chris Larsen’s wallet. If included, February’s losses would skyrocket to $198.1 million, with year-to-date losses reaching a staggering $398.1 million.
Urgent Call to Action
As DeFi hacks continue to rise, it’s crucial to prioritize crypto security. Collaborative efforts between platforms and experts are essential to identify and fix vulnerabilities.

#Write2Eam #HackAlert #BNBChain $ETH $XRP $BNB

Hackers executed a sophisticated attack on the sPMM algorithm, the heart of WOOFi Swap’s price mechanism on the Arbitrum network on March 5th. Employing a clever pattern of flash loans, they deftly manipulated the value of WOO tokens, driving it perilously close to zero.
But swift action from the WOOFi team, within a mere 13 minutes, curtailed the stolen amount at $8.5 million, preventing further escalation.
Understanding Exploiter’s Tactics
Independent on-chain investigator, Spreek, detected the unusual transactions and promptly alerted the WooFi team.

In response, the team temporarily halted the affected pools, assuring users of a fully functional return within two weeks.

According to the team’s post-mortem analysis, the exploiter borrowed 7.7 million WOO and other assets, selling the WOO into WOOFi. This action led to an erroneous adjustment in WOOFi’s sPMM, drastically reducing the WOO token’s value to near-zero.
Striking Gold – Thrice!
Exploiting the glitch, the attacker exchanged 10 million WOO in the same transaction at almost no cost. This relentless assault was repeated three times in quick succession, yielding a staggering $8.75 million in profits after repaying the flash loans.
Moving Away from Stability
Unlike its uneventful journey since the 2021 launch, WOOFiSwap faced unprecedented challenges in this latest ordeal. The integration of lending markets for WOO in Arbitrum, coupled with limited liquidity elsewhere, presented a golden opportunity for hacking.
Despite being deployed across 10+ networks, the absence of both the WOO token and the WOO lending market in other chains acted as a crucial barrier, preventing the replication of the exploits.

On the Road to Recovery
As of now, the WOOFi team is tirelessly working to recover the lost funds. Offering a substantial 10% white hat bounty, they have initiated on-chain negotiations with the hacker. Simultaneously, a reward has been posted on Arkham Intelligence for any valuable information leading to the identification of the hackers.

#HackAlert $WOO

The world of cryptocurrency took a wild ride this week, with a series of high-profile hacks, phishing attacks, and even a rug pull causing millions in losses. From corporate giants to individual investors, no one was immune.
Corporate Bitcoin Holder’s Nightmare
In a shocking turn of events, hackers infiltrated the largest corporate holder of Bitcoin, obtaining unauthorized access to the coveted X credentials. The fallout was immense, with the malevolent actors posting malicious phishing links. Though the links were promptly deleted, the losses amounted to nearly half a million dollars.
Scam Sniffer, the Web3 anti-scam platform, shed more details and revealed that the hacker stole multiple altcoins and that the exact loss was $424,786 worth of $wBAI, $wPOKT and $CHEX. What is surprising is that a single user lost all this crypto, highlighting the intensity of the hack.
Token Drain
A misleading airdrop post lured unsuspecting users into a trap, directing them to a fake “official” Ethereum-based MSTR token airdrop. Clicking the link led to a counterfeit MicroStrategy page, tricking users into connecting their wallets and, in turn, allowing attackers to drain their tokens.
Serenity Shield’s Soaring Fall
The Serenity Shield token once hailed as a “crypto legacy solution” has witnessed a staggering decline of almost 99% in its value after approximately 6.9 million SERSH tokens worth $5.6 million at the time were reportedly siphoned off from one of the team’s MetaMask wallets.

Serenity Shield confirmed the breach in a tweet on February 27th, announcing to its community that they are temporarily halting all trading, deposits and withdrawals of SERSH on centralized exchanges.
The team assured the community that they are actively working to restore liquidity to all new token contracts and will replace all liquidity lost due to the exploit.They are also launching a new SERSH token through a robust smart contract to safeguard the whole of their ecosystem.
Seneca’s Chamber Breach
On Wednesday, 28th of February, Seneca’s Chamber contracts, previously audited by Halborn Security, were affected by a bug approval and user’s funds were compromised. In the attack, Seneca’s Chamber.sol contract was implicated. The attacker exploited Chamber’s performOperations() function, allowing calls to functions in other contracts using the Chamber contracts to send tokens to their address.
$6.4 million were stolen during the attack and 80% of funds approximately $5.3 million were recovered through a Whitehat request while keeping 20% valued at $1.04 million as bounty. The good news was that the breach didn’t affect funds directly deposited into Seneca but rather targeted assets held in users’ wallets.
Grayscale’s Unwanted Gift
Capital Killer, an anti-capitalist hacker group, revealed on twitter that they have attacked the Grayscale official website, claiming it as a gift to the AVAV community in support of fairness and anti-capitalism. Currently, the Grayscale official website is inaccessible, but the page for Grayscale’s Bitcoin ETF GBTC remains accessible.

Aleo’s KYC Mishap
On 26th February, Aleo, a blockchain project that advertises it’s a place for fully private applications with built-in privacy emailed private identification documents such as selfies and photographs of government identification cards to the wrong users. 
Aleo released a statement regarding the Know Your Customer (KYC) information exposure addressing the issue. The zero-knowledge platform blamed the leak on a copy/paste error in email metadata.

Aleo said in a post on X that the KYC information leak affected only about 10 participants from its recent Aleo Learn and Earn events. Aleo stated that it removed the exposed information, investigated the cause and informed the affected individuals.
Shido Network’s Ethereum Exodus
In a final twist, the decentralized cross-chain protocol Shido Network executed a rug pull on the Ethereum blockchain. The owner of the SHIDO token staking contract upgraded the contract, withdrew a substantial amount of SHIDO tokens, and dumped them for 692 ETH, equivalent to $2.1 million.
A Week of Crypto Turbulence
As we wrap up this tumultuous week in the realm of crypto hacks, keep a vigilant eye out for our next weekly roundup, specially curated for you. Stay tuned for more updates like this.

#Write2Eam #HackAlert $ETH $CAKE $BTC