According to PANews, cyber attacks in June resulted in an estimated total loss of $210 million. There were 31 instances of official social media accounts being targeted by scams and phishing attacks, accounting for 9.91% of the losses. Despite a 75.69% decrease compared to the previous month, the report emphasizes the importance of maintaining security awareness as a single click could lead to irreversible losses.
On June 10, the Ethereum-based lending protocol UwU Lend was attacked, resulting in a total loss of $22.7 million. The attacker exploited a vulnerability in the contract's oracle price manipulation, causing a loss of approximately $19 million. The attacker struck again on June 13, taking advantage of a mistake in the project's contract governance operation and profiting $3.7 million.
The attack process involved a series of complex transactions involving various cryptocurrencies, including USD, WBTC, DAI, SUSDSE, and ETH. The attacker manipulated the price of SUSDSE and cleared the loan of one of the addresses involved in the transactions.
In another major security incident, known as a 'RugPull', the zkSync ecosystem emholicECO suffered a loss of approximately $3.4 million on June 8. On June 23, a whale user fell victim to a phishing attack, losing about $11 million.
On June 22, some hot wallets in BtcTurk were attacked, suspected to be related to a private key leak, resulting in a loss of $90 million. Of this, $5.3 million of stolen funds were frozen and recovered.
Despite the decrease in scams and phishing attacks in June, the report warns against complacency. It advises against revealing private keys or mnemonic phrases to anyone and to be skeptical of projects promising unusually high returns. It also recommends conducting thorough research on projects and teams before investing and to be cautious of potential irreversible traps in community messages, text message links, and private message links impersonating official customer service.