pump.fun attacker arrested and detained by UK law enforcement, subsequently released on bail
On May 19th, user therollupco on X platform posted that pump.fun attacker @STACCoverflow was arrested and detained by British law enforcement in London, and later released on bail. His real name may be Jarett Reginald Dunn.<br>Previously, pump.fun stated on X platform that the pump.fun contract is safe and that a former employee misappropriated about 12,300 SOL coins (approximately $1.9 million). Pump.fun has now been re-launched. Only about $45 million of the affected total liquidity was affected. The Pump.fun team has redeployed the contract, trading has resumed, and trading fees will be 0% in the next 7 days.
OKLink: The cumulative losses caused by security incidents in January exceeded US$73,200, of which phishing incidents accounted for 37.92% of the losses.
According to the security incident inventory analysis released by OKLink in January 2024, the total loss of security incidents in January was about 73,200 US dollars. Among them, the proportion of phishing losses was 37.92%, REKT incidents accounted for 36.53%, and RugPull incident losses accounted for 12.56%. The largest security incident of REKT losses this month was the attack on the DeFi protocol Abracadabra.money, with a loss of about 6.5 million US dollars; the largest security incident of RugPull losses was XKING on the Artribum network, with a loss of about 1.24 million US dollars.In addition, there were a total of 48 cases of official social media being scammed or phished, mainly concentrated in X, Discord and other channels. OKLink reminds users to be vigilant against scams and phishing incidents, especially when browsing X and project official websites, they should pay attention to the authorization, transfer and other scenes that appear after clicking on links.
Hack of SEC's Official Account on X Raises Concerns About X's Security
The recent hack of the U.S. Securities and Exchange Commission's official account on X has raised concerns about the security of Elon Musk's social media platform. However, X's safety team has confirmed that the account was compromised due to the SEC's failure to enable two-factor authentication, rather than any breach of X's systems. The hackers posted false news about the SEC's approval of all spot Bitcoin ETFs, causing massive volatility in the Bitcoin price and over $140 million in total liquidation in hours. The SEC is now working with law enforcement to investigate the matter, while some are blaming Elon Musk for the incident and the lack of security measures on the platform.
North Korean Hackers Steal Over $500 Million in Digital Assets in 2023
TRM Labs, a blockchain intelligence firm, has released data revealing that hackers linked to North Korea stole over $500 million in digital assets in 2023. The report highlights the persistent threat posed by North Korean actors in the cryptocurrency space, with DPRK-affiliated hackers accounting for almost a third of all funds stolen in cryptocurrency attacks last year. The study also delves into the tactics employed by North Korean hackers, including their use of crypto mixing tools to camouflage illicit activities from law enforcement. TRM Labs concludes that North Korea is poised to persist in hacking cryptocurrency wallets throughout 2024, showcasing their adaptability in the face of international pressure.
The Shanghai Baoshan Procuratorate prosecuted an illegal foreign exchange case involving virtual currency amounting to 220 million yuan.
The Baoshan District People's Procuratorate in Shanghai has brought a public prosecution against a case of using virtual currency for illegal foreign exchange settlement for others, where the suspects used overseas accounts to purchase virtual currency in foreign currency and sold it domestically, paying the corresponding amount of RMB to the domestic third-party payment platform account designated by the customer according to the agreed exchange rate, earning the exchange rate difference and service fees in the process. After the case was transferred for review and prosecution, the Baoshan District Procuratorate requested the national foreign exchange management department to make an administrative determination, clarifying that using virtual currency as a trading medium to achieve the monetary value conversion between foreign exchange and RMB, including exchanging RMB for virtual currency, exchanging virtual currency for foreign currency, exchanging foreign currency for virtual currency, and exchanging virtual currency for RMB, constitutes illegal foreign exchange trading. After review, the prosecutor believed that from January 2018 to September 2021, Chen and others built a website and used the method of collecting foreign currency from overseas accounts and paying RMB from domestic accounts to profit from foreign exchange trading, with a total illegal operation amount of RMB 220 million.
Cyvers Alerts: Coinspaid losses in hacker attack rise to $7.5 million
According to Cyvers Alerts monitoring system, on January 7th, Coinspaid hackers once again obtained digital assets worth $1 million, including 924,000 BSC-USD and 268.5 BNB. The total loss of Coinspaid has risen to $7.5 million.
CertiK: Web3 security incidents will cause losses of approximately US$1.84 billion in 2023
CertiK stated on social media that there were 751 security incidents in Web3 in 2023, resulting in losses of approximately 1.84 billion US dollars, a 51% decrease from 2022. Among them, the total loss of private key leakage incidents in 2023 exceeded 880 million US dollars, which was the highest among all types of incidents. The total loss of security incidents on Ethereum was 686 million US dollars, which was the highest among all chains. In addition, 35 cross-chain security incidents caused huge losses of nearly 800 million US dollars, highlighting the need to pay attention to interoperability vulnerabilities.
Web3 Security Trends in 2023: Decrease in On-Chain Vulnerabilities Offset by Surge in Offline Crypto Crimes
According to a recent report by blockchain security firm Beosin, there has been a 53.9% decrease in total losses from hacks, phishing scams, and rug pulls in 2023 compared to the previous year. However, there has been an alarming surge in offline crypto crimes, with global losses increasing by 377% to $65.68 billion. DeFi projects faced the highest number of attacks, with 130 causing approximately $408 million in losses, while Ethereum experienced a substantial reduction in losses. The decline in cross-chain bridge attacks is a positive trend, responsible for only 7% of total losses. The report highlights significant attacks, including Mixin Network's cloud provider breach resulting in $200 million losses, Euler Finance's $197 million loss due to a contract vulnerability, and Poloniex's $126 million breach linked to a private key compromise.
ChainAegis: GrokBank token on BNB Chain is suspected of having a Rug Pull
According to ChainAegis security monitoring, a SharkTeam chain analysis platform, the GrokBank token on the BNB Chain is suspected of experiencing a Rug Pull, and the price of the token has now fallen by 100%.
Ancilia: An old Compound v2 protocol was hacked, costing around $320,000
Web3 security platform Ancilia posted on social media that an old Compound v2 protocol was hacked, resulting in a loss of approximately $320,000. The losses include approximately 46 WBNB, 30,000 BUSD, 178,000 BUSDT, 4,000 USDC, 3,000 DAI, 14.6 ETH, and 1.32 BTC. Ancilia stated that the root cause was exchange rate manipulation. Once the exchange rate is controlled, hackers can borrow more money than the collateral. The contract uses the old Compund V2 protocol, which has known vulnerabilities.