According to data from Beosin EagleEye, a blockchain security auditing company, the total amount of losses from various security incidents in December 2023 significantly decreased compared to November. In December, there were more than 21 typical security incidents, resulting in a total loss of approximately $24.94 million, a decrease of about 93% from November. Among them, attack incidents accounted for about $12.45 million, phishing scams about $9.6 million, and Rug Pull incidents about $2.89 million.

There were no large-scale hacking events with losses exceeding $10 million this month. Two significant security incidents occurred: a security vulnerability in the Web3 development platform Thirdweb affecting multiple smart contracts, and a supply chain attack on the Ledger Connect Kit, a commonly used code library for Web3 projects. Fortunately, the losses from these two incidents did not exceed one million dollars each. Additionally, phishing scams continued to occur this month, with several cases of individual addresses being stolen for amounts exceeding one million dollars, emphasizing the need for increased vigilance among users.

Hacker Attacks

『12』Notable Security Incidents

  1. On December 5th, a security vulnerability was identified in the Web3 development platform Thirdweb, affecting multiple smart contracts. At least three projects were attacked due to the vulnerability, resulting in a loss of approximately $210,000.

  2. On December 6th, the DeFi protocol BEARNDAO was attacked, with the attacker profiting over $700,000.

  3. On December 10th, the DeFi protocol Venus Protocol was attacked due to an oracle issue, resulting in a loss of approximately $200,000.

  4. On December 12th, the abandoned DEX market maker contract management authority on OKX was stolen, resulting in a loss of approximately $2.7 million.

  5. On December 14th, the commonly used code library Ledger Connect Kit for Web3 projects suffered a supply chain attack, with the attacker profiting approximately $600,000.

  6. On December 17th, NFT Trader was attacked due to a reentrancy vulnerability, resulting in a loss of approximately $3 million. The stolen assets were returned by the attacker, who kept 10% as a bounty.

  7. On December 17th, the NFT trading market Flooring Protocol was attacked by hackers, resulting in a loss of approximately $1.6 million.

  8. On December 22nd, the DeFi protocol Transit Finance was attacked by hackers, resulting in a loss of approximately $110,000.

  9. On December 23rd, the DEX project Paraluni was subjected to a price manipulation attack, resulting in a loss of approximately $330,000.

  10. The perpetual trading protocol Levana Protocol on the Osmosis blockchain was attacked between December 13th and 26th, resulting in a loss exceeding $1.1 million.

  11. On December 26th, the Telcoin wallet was attacked, resulting in a loss of approximately $1.2 million.

  12. On December 30th, Channels Finance on the BSC was attacked by hackers, resulting in a loss exceeding $320,000.

Phishing Scam / Rug Pull

『4』Notable Security Incidents

  1. On December 5th, a rug pull occurred with the CKD token on the BNB Chain, resulting in the deployer profiting approximately $540,000.

  2. On December 26th, MegabotETH experienced a rug pull, with the deployer making approximately $740,000 in profit.

  3. On December 26th, two victims lost assets totaling over $1.5 million due to a phishing scam.

  4. On December 29th, an address starting with 0xea696 suffered a loss of $4.4 million worth of LINK tokens due to a phishing scam.

Cryptocurrency Crimes / Regulatory Cases

『5』Notable Security Incidents

  1. On December 5th, the Henan Prosecutor’s Office revealed a large-scale virtual currency pyramid scheme case, involving an amount exceeding 120 million Chinese Yuan.

  2. On December 6th, Bitzlato, a crypto exchange co-founder, admitted to a money laundering offense totaling 700 million USD.

  3. On December 10th, the Hong Kong police cracked down on a criminal gang involved in laundering 30 million Hong Kong dollars through virtual currencies.

  4. On December 13th, the U.S. Department of Justice charged two individuals with operating a 25 million USD cryptocurrency Ponzi scheme.

  5. On December 15th, the U.S. Department of Justice disclosed charges against four individuals for cryptocurrency fraud and money laundering, resulting in losses exceeding 80 million USD.

Conclusion

Overall, in December 2023, the total losses from various blockchain security incidents significantly decreased compared to November. In comparison to November, this month saw new types of attacked projects, including development tools, code libraries, NFTs, indicating that hackers are expanding their target range. The entire Web3 ecosystem should enhance security awareness to actively counter this trend.

This month, 50% of the attack incidents still originated from contract vulnerabilities exploitation, such as reentrancy vulnerabilities. It is advisable for project teams to seek professional security audits before launching to mitigate such risks.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin