Cyvers: Blast Ecosystem Project Bloom has a contract vulnerability, resulting in a loss of $600,000
According to Cyvers Alerts monitoring, the Blast ecological project Bloom has a contract vulnerability, with a total loss of 600,000 US dollars. The attacker has transferred all stolen funds to the ETH network.
Slow Mist: A total of 464 security incidents occurred in 2023, with losses reaching US$2.486 billion
SlowMist released a blockchain and anti-money laundering report for 2023. According to blockchain event records, a total of 464 security incidents occurred in 2023, resulting in a loss of up to 2.486 billion US dollars. Compared with 2022, the losses decreased by 34.31%. In 2022, there were 303 accidents with losses of about 3.777 billion US dollars. In 2023, DeFi became the most vulnerable area in the blockchain security field. In 282 incidents, DeFi accounted for 60.77% of the total violations, but the losses decreased to 773 million US dollars, a decrease of 62.73% compared to the 2.075 billion US dollars in losses in 183 incidents in 2022. 117 Rug Pulls cases have been reported, with losses exceeding 83 million US dollars. The Base ecosystem suffered the most severe blow, losing 32.5 million US dollars, followed by BSC, which lost 23.05 million US dollars.
Radiant Protocol on Arbitrum Suffers Flashloan Attack, Resulting in $4.5M Loss: In-Depth Analysis Reveals Exploit Details
On Jan-03–2024 UTC+8:00, the Radiant protocol on Arbitrum was under the flashloan attack. The hacker attacked the #Radiant protocol 3 times, resulting in a total loss of 1.9K $ETH(worth $4.5m). The root cause is the mathematical rounding issue in the `burn` function that is amplified and used, on a new $USDC market, which makes the hacker withdraw an extra $USDC.
MetaTrust Labs conducted in-depth research and analysis on the exploit, revealing how the hacker exploits vulnerability.
Web3 Security Trends in 2023: Decrease in On-Chain Vulnerabilities Offset by Surge in Offline Crypto Crimes
According to a recent report by blockchain security firm Beosin, there has been a 53.9% decrease in total losses from hacks, phishing scams, and rug pulls in 2023 compared to the previous year. However, there has been an alarming surge in offline crypto crimes, with global losses increasing by 377% to $65.68 billion. DeFi projects faced the highest number of attacks, with 130 causing approximately $408 million in losses, while Ethereum experienced a substantial reduction in losses. The decline in cross-chain bridge attacks is a positive trend, responsible for only 7% of total losses. The report highlights significant attacks, including Mixin Network's cloud provider breach resulting in $200 million losses, Euler Finance's $197 million loss due to a contract vulnerability, and Poloniex's $126 million breach linked to a private key compromise.
OKLink: Blockchain security incidents will cost $1.7 billion in 2023, down 54% from $3.728 billion in 2022
OKLink's 2023 Security Incident Report shows that there were more than 520 publicly reported security incidents in the blockchain ecosystem in 2023, resulting in losses of over 1.7 billion USD, a decrease of about 54% from 2022's 3.728 billion USD. This decrease is due to the improvement of the global regulatory system and breakthroughs in on-chain security technology. Of these incidents, 485 were related to DApps, DeFi, NFTs, and other security incidents, while 8 were related to exchanges, 10 were related to public chains, 9 were related to wallets, and 14 were related to other types of incidents.Some of the larger security incidents resulting in losses included: Euler Finance, an Ethereum lending protocol, was hacked in March, resulting in losses of approximately 197 million USD; Atomic Wallet was hacked in June, resulting in losses of over 100 million USD; Mixin Network was attacked in September, resulting in losses of 200 million USD; and Poloniex, a trading platform, had approximately 125 million USD stolen due to private key leaks in November.In addition, social media platforms such as Twitter and Discord became hotspots for scams and phishing incidents, with a total of 519 such incidents occurring in 2023. For example, in September, Ethereum founder Vitalik's Twitter account was hacked, resulting in the theft of over 690,000 USD in assets.
The attacker's address starting with 0xd82e sells the stolen INSC NFT in exchange for 2 ETH
According to Pai Shield monitoring, the attacker address starting with 0xd82e will sell the stolen INSC (ins-20) NFT and exchange it for 2 ETH. Earlier, multiple X users claimed that the INSC (ins-20) contract may have vulnerabilities and their INSC was stolen. The GoPlus Chinese community reminded that there are vulnerabilities in the INSC NFT contract, and multiple hackers used them to steal NFTs and transfer them to Blur and OpenSea for sale. Users should immediately stop interacting with the project contract.
Cryptocurrency Users Lose Nearly $2 Billion to Scams, Rug Pulls and Hacks in 2023, Despite Improved Security Protocols
According to a report by security app De.Fi, cryptocurrency users lost nearly $2 billion to scams, rug pulls, and hacks in 2023, which is roughly half of the amount lost in the previous year. The reduction is largely attributed to improved security protocols, increased awareness within the community, and decreased activity in the market. However, the industry remains susceptible to security risks, as evidenced by the losses incurred by Ethereum, BNB Chain, zkSync Era, and Solana, among others. The most damaging attacks were access control exploits, followed by flash-loan attacks and exit scams.
Telcoin was hacked and lost about US$1.3 million
According to BlockBeats news on December 26, Telcoin, a blockchain payment application, suffered a vulnerability attack and lost approximately $1.3 million. Its token TEL fell by 43.25% in 24 hours. Currently, Telcoin has temporarily frozen the use of the application.
Nearly $2.4 billion stolen in crypto attacks in 2023
According to data from blockchain security and analysis company Certik, cryptocurrency hacks have resulted in nearly $2.4 billion in stolen funds this year alone. The third quarter was the most active period for hackers, with 184 known attacks resulting in almost $700 million in stolen funds. The report states that the losses caused by hackers in the third quarter alone were greater than the total for the first and second quarters combined. While these numbers are alarming, they are significantly lower than last year's total of over $3.5 billion. According to SlowMist, there have been 450 confirmed hacking incidents as of 2023, with decentralized protocols on the Ethereum and BNB smart chains being the most common targets.
Apple releases emergency updates for macOS, iOS, iPadOS, tvOS and watchOS targeting security vulnerabilities
Blockfence has issued a reminder that due to frequent exploitation of security vulnerabilities, Apple has released emergency updates for macOS, iOS, iPadOS, tvOS, and watchOS. Please update to the following versions as soon as possible: iOS 17.2.1, iPadOS 17.2, macOS 14.2.1, tvOS 17.2, and watchOS 10.2.