Bitcoin has once again broken historical highs, approaching $99,000, closing in on the $100,000 mark. A review of historical data shows that during bull markets, scams and phishing activities in the Web3 space have been rampant, with total losses exceeding $350 million. Analysis shows that hackers primarily target the Ethereum network, with stablecoins being the main target. Based on historical trading and phishing data, we conducted an in-depth study of attack methods, target selection, and success rates.
Cryptocurrency Security Ecosystem Map
We have categorized the crypto security ecosystem projects for 2024. In the field of smart contract audits, there are established participants like Halborn, Quantstamp, and OpenZeppelin. Smart contract vulnerabilities remain one of the main attack vectors in the crypto space, and projects providing comprehensive code reviews and security assessment services have their own strengths.
The DeFi security monitoring sector includes professional tools like DeFiSafety and Assure DeFi, specifically aimed at real-time threat detection and prevention for decentralized finance protocols. Notably, the emergence of AI-driven security solutions.
Recently, meme trading has been very popular, and security check tools like Rugcheck and Honeypot.is can help traders identify issues in advance.
USDT is the most stolen asset
According to bitsCrunch data, attacks based on Ethereum account for about 75% of all attack events, with USDT being the most attacked asset, with thefts reaching $112 million, and the average value of each attack on USDT is about $4.7 million. The second most affected asset is ETH, with losses of about $66.6 million, followed by DAI, with losses of $42.2 million.
It is worth noting that lower market cap tokens experience a very high volume of attacks, indicating that attackers are opportunistically stealing assets with lower security. The largest incident occurred on August 1, 2023, involving a complex fraud attack that resulted in a loss of $20.1 million.
Polygon is the second largest target chain for attackers.
Although Ethereum dominates all phishing incidents, accounting for 80% of phishing transaction volume, theft activities have also been observed on other blockchains. Polygon has become the second largest target chain, accounting for about 18% of transaction volume. Theft activities are often closely related to on-chain TVL and daily active users, and attackers assess based on liquidity and user activity.
Time Analysis and Attack Evolution
Attack frequency and scale exhibit different patterns. According to bitsCrunch data, 2023 is the year with the highest concentration of high-value attacks, with multiple incidents exceeding $5 million. Meanwhile, the complexity of attacks is gradually evolving from simple direct transfers to more complex approval-based attacks. The average time between significant attacks (over $1 million) is about 12 days, primarily concentrated around major market events and new protocol launches.
Phishing attack type: Token transfer attack
Token transfer is the most direct attack method. Attackers manipulate users to transfer their tokens directly to accounts controlled by the attackers. According to bitsCrunch data, such attacks often have extremely high single transaction values, exploiting user trust, fake pages, and scam narratives to persuade victims to voluntarily initiate token transfers.
These types of attacks typically follow this pattern: establishing trust by completely mimicking certain well-known websites using similar domain names while creating a sense of urgency during user interactions, providing seemingly reasonable token transfer instructions. Our analysis shows that the average success rate for such direct token transfer attacks is 62%.
Approval phishing
Approval phishing primarily exploits the smart contract interaction mechanism and is a technically complex attack method. In this approach, attackers lure users into providing transaction approvals, thereby granting them unlimited spending rights over specific tokens. Unlike direct transfers, approval phishing creates long-term vulnerabilities, leading to gradual depletion of funds by the victims.
Fake token addresses
Address poisoning is a comprehensive multi-faceted attack strategy where attackers create transactions using tokens with the same name as legitimate tokens but different addresses. These attacks exploit users' negligence in checking addresses, thereby gaining profits.
NFT Zero-Dollar Purchase
Zero-dollar purchase phishing specifically targets the digital art and collectibles market of the NFT ecosystem. Attackers manipulate users to sign transactions, significantly lowering the price or even selling their valuable NFTs for free.
Our research identified 22 major NFT zero purchase phishing incidents during the analysis period, with an average loss of $378,000 per incident. These attacks exploited the inherent transaction signing process of the NFT market.
Distribution of stolen wallets
The data in this chart reveals the distribution pattern of stolen wallets across different transaction price ranges. We found a clear inverse relationship between transaction value and the number of affected wallets— as the price increases, the number of affected wallets gradually decreases.
The number of victim wallets for transactions of $500-1000 is the highest, with about 3,750, accounting for more than one-third. Victims often do not pay attention to details in smaller transactions. The number of wallets for transactions of $1000-1500 drops to 2,140. Transactions over $3000 account for only 13.5% of the total number of attacks. This indicates that as the amount increases, security measures are stronger, or victims consider more thoroughly when dealing with larger amounts.
By analyzing data, we reveal the complex and constantly evolving attack methods in the cryptocurrency ecosystem. With the arrival of the bull market, the frequency of complex attacks will increase, and the average losses will also grow, significantly impacting the economics of project parties and investors. Therefore, not only do blockchain networks need to enhance security measures, but we also need to be more vigilant during transactions to prevent phishing incidents.
