![[Security Monthly Report] | Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million](https://cdn-img.panewslab.com/panews/images/huTzKy9W2f.jpg)
The monthly security event highlights of Zero Hour Technology have begun! According to statistics from some blockchain security risk monitoring platforms, in October 2024, the amount of losses from various security incidents increased compared to September. In October, more than 28 typical security incidents occurred, and the total loss amount caused by hacker attacks, phishing scams and Rug Pulls reached 147 million US dollars, an increase of about 22.5% from September, and 19.3 million US dollars were returned. In addition, according to statistics from the Web3 anti-fraud platform Scam Sniffer, there were 12,058 victims of phishing incidents this month, with a loss scale of 18.04 million US dollars.
Hacker attacks
5 typical safety incidents
(1) On October 5, EigenLayer posted on X: An independent attack occurred this morning, and an email thread involving investors transferring tokens to escrow was compromised by a malicious attacker. As a result, 1,673,645 EIGEN tokens were mistakenly transferred to the attacker's address. The attacker sold these stolen EIGEN tokens through decentralized exchange platforms and transferred the stablecoins to centralized exchanges. We are in contact with these platforms and law enforcement agencies. Some funds have been frozen.
![[Security Monthly Report] | Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million](https://cdn-img.panewslab.com/panews/images/ru4suDSrXQ.jpg)
(2) On October 17, the lending protocol Radiant Capital tweeted that its lending markets on the BNB Chain and Arbitrum networks had been hacked, and that markets on the Base network and Ethereum mainnet had also been suspended. The Zero Hour Technology security team analyzed that the root cause of the attack was that the hardware wallets of three core developers were hacked. The front-end of the hardware wallet displayed a normal and compliant signature, but in fact the operation was to sign an attack transaction constructed by the hacker himself. When the three core developers signed, the attack was completed. The attack caused a total loss of US$58 million.
![[Security Monthly Report] | Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million](https://cdn-img.panewslab.com/panews/images/8a0h4PH261.png)
![[Security Monthly Report] | Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million](https://cdn-img.panewslab.com/panews/images/9C31F1A922.png)
https://mp.weixin.qq.com/s/7v2i8piOMBO2gs6f6lY53g
(3) On October 18, Tapioca DAO suffered a major security breach. The attacker obtained the relevant private keys through social engineering attacks and stole about $4.7 million in cryptocurrency. On October 25, Tapioca DAO released an incident analysis report stating that the security breach occurred because the attacker successfully hacked into the private key of a core contributor responsible for smart contract development. SEAL911 confirmed that the attacker was a North Korean hacker group that used an infectious interview attack method to inject malware into the contributor's computer to obtain the private key of his address to carry out the theft.
![[Security Monthly Report] | Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million](https://cdn-img.panewslab.com/panews/images/H394pl3C0E.png)
(4) On October 25, USDC/USDT/aUSDC/ETH worth $20.71 million was stolen from the address of the Bitfinex hacker funds managed by the U.S. government. After the stolen funds were transferred to the address 0x348...40A9f, part of the stablecoins were exchanged for 2,709 ETH worth $6.8 million. The exchanged ETH has been distributed to Binance and two new addresses. The hacker wallet currently still holds AUSDC worth $13.2 million. Subsequently, approximately $19.3 million in tokens were returned to the U.S. government address.
![[Security Monthly Report] | Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million](https://cdn-img.panewslab.com/panews/images/s9BpuPpXMk.jpg)
(5) On October 31, the SUNRAY FINANCE private key was leaked; the attacker gained ownership of the SUN and ARC tokens and minted a large number of tokens, which were then sold to exhaust the trading pairs. Currently, the attacker has stolen $2.855 million. Previously, SUNRAY FINANCE issued an announcement stating: "Regarding the transfer of SUN and ARC token vault assets, efforts are currently being made to restore them. Don't worry, all user assets are available on the chain."
![[Security Monthly Report] | Blockchain security incidents increased in October, with losses due to hacker attacks reaching $147 million](https://cdn-img.panewslab.com/panews/images/rEBarDmw8T.jpg)
Rug Pull / Phishing Scam
11 typical security incidents
(1) On October 6, the address starting with 0x213b was phished. The person withdrew funds from MEXC by signing “approval” of the phishing transaction and lost $100,000 in just 20 minutes.
(2) On October 7, the address starting with 0x5bfb was attacked by a phishing attack, resulting in a loss of USD 192,000 to steakLRT.
(3) On October 9, the address starting with 0x63e4 was attacked by a phishing attack, resulting in a loss of $133,000 in VOW.
(4) On October 11, 0xeab2 lost 15,079 fwDETH ($35 million) after signing a phishing signature for a “license”.
(5) On October 14, the address starting with 0xb0b8 lost PEPE, MSTR and APU worth $1.39 million after signing the "permit2" phishing signature.
(6) On October 15, a holder who had made 20x profit on MSTR lost $347,868 after signing a phishing transaction for “transfer”.
(7) On October 18, the address starting with 0x84b7 was attacked by a phishing attack, resulting in a loss of $800,000 in mETH.
(8) On October 21, the address starting with 0x2Ff7 was the target of a phishing scam, resulting in a loss of $148,000 in BEAM.
(9) On October 25, the address starting with 0x05f5 lost $126,000 worth of HyPC after signing the "increase allowance" phishing transaction.
(10) On October 26, a victim lost approximately $40,000 after signing a phishing signature from SOL and Bonk.
(11) On October 31, the address starting with 0x3d00 was attacked by a phishing attack, resulting in a loss of 10 BTC (US$723,436).
Summarize
From the analysis of the above multiple events, we can see that the hacker attacks in October were very diverse. In addition to the common contract vulnerability exploitation and account theft, there were also supply chain attacks and price manipulation. In addition, there were two runaway incidents this month, resulting in losses of tens of millions of dollars.
The losses caused by phishing incidents this month decreased compared to last month, but the number of victims increased.
The Zero Time Technology security team recommends that project owners always remain vigilant and reminds users to beware of phishing attacks. Users are advised to fully understand the background and team of the project before participating in the project and carefully choose investment projects. In addition, internal security training and authority management should be carried out, and professional security companies should be found to conduct audits and conduct project background investigations before the project goes online.
