Source: Beosin
It’s time for the monthly security check! According to Beosin Alert, a blockchain security audit company, the total amount of losses from various security incidents in June 2024 decreased significantly compared to May. In June 2024, there were over 18 typical security incidents that resulted in a total loss of $183 million due to hacker attacks, phishing scams, and Rug Pull, down by approximately 60% from May. Hacker attacks accounted for about $141 million of the total, down by about 60%; phishing scams accounted for about $37.4 million, down by about 61.6%; and Rug Pull accounted for about $4.12 million, an increase of approximately 102%.
This month, there were several hacker attacks involving losses of over tens of millions of dollars, impacting various types of projects including the UK exchange Lykke, DeFi lending platform UwU Lend, NFT protocol Holograph, Turkish exchange BtcTurk, and investment portfolio management company CoinStats. There were also two phishing scams this month with losses exceeding tens of millions of dollars, indicating the need for increased vigilance among users.
In terms of hacker attacks:
There were 9 typical security incidents
No.1 On June 2nd, the DEX project Velocore was attacked on zkSync Era and Linea chains, resulting in a loss of approximately $6.8 million.
No.2 On June 4th, the UK cryptocurrency exchange Lykke was hacked, resulting in the theft of $22 million worth of cryptocurrency.
No.3 On June 9th, the Ethereum Layer 2 protocol Loopring wallet was attacked, resulting in a loss of approximately $5 million.
No.4 On June 10th, the DeFi lending platform UwU Lend was attacked, resulting in the theft of nearly $19.3 million in cryptocurrency. On June 13th, UwU Lend was attacked again by the same attacker, resulting in a loss of $3.72 million.
No.5 On June 10th, the Blast ecosystem project YOLO Games was hacked, resulting in a theft of $1.5 million due to a security vulnerability in its smart contract.
No.6 On June 14th, the entire-chain NFT protocol Holograph was attacked, with hackers illegally minting 1 billion HLG tokens, resulting in a total loss of approximately $14.4 million.
No.7 On June 22nd, the Turkish cryptocurrency exchange BtcTurk reported being hacked, resulting in a loss of at least $55 million.
No.8 On June 22nd, the online gambling platform Sportsbet was attacked by the BTCTurk hacker, resulting in a loss of over $3.5 million.
No.9 On June 22nd, the cryptocurrency investment portfolio management company CoinStats was attacked due to server configuration errors, resulting in a loss of approximately $10 million.
In terms of phishing scams/Rug Pull:
There were 5 typical security incidents
No.1 On June 1st, an address starting with 5G9Dpk was targeted by a phishing attack, resulting in a loss of approximately $11.2 million.
No.2 On June 5th, an address starting with 0xa38a was targeted by a phishing attack, resulting in a loss of approximately $2.12 million.
No.3 On June 8th, the ZKsync-based project Gemholic experienced a rug pull, resulting in a loss of approximately $3.4 million.
No.4 On June 22nd, the Solana-based project GUNIT experienced a rug pull, with the scammer profiting approximately $720,000.
No.5 On June 23rd, an address starting with 0xfb94 was targeted by a phishing attack, resulting in a loss of approximately $11 million.
Regarding crypto-related crimes:
There were 4 typical security incidents
No.1 On June 15th, the US accused two men of operating the dark web market Empire Market, and law enforcement seized $75 million in cryptocurrency and other assets.
No.2 On June 17th, shareholders and executives of Huludao Bank were involved in a virtual currency money laundering case, involving 1.8 billion RMB.
No.3 On June 20th, the US Department of Justice filed a lawsuit against 24 individuals suspected of money laundering. They are alleged to have transferred over $50 million in drug sales proceeds for the Sinaloa drug trafficking organization through a large amount of cash, purchasing cryptocurrency, and cooperating with “Chinese underground banks”.
No.4 On June 20th, the Financial Conduct Authority (FCA) and the London Police arrested two suspects for operating an illegal cryptocurrency business, allegedly trading over £1 billion (approximately $1.3 billion) in crypto assets through their operations.
In terms of regulation, compliance, and policies:
No.1 In June 2024, the Dubai Financial Services Authority (DFSA) announced revisions to its cryptocurrency token regime to strengthen and advance its regulatory framework for tokens within its special economic zone. These revisions were based on proposals put forth in Consultation Paper No. 153, “Cryptocurrency Token Regime Update”, released in January 2024. They cover various aspects, including the ability for external and foreign funds to invest in recognized cryptocurrency units, domestic qualified investor funds to invest in unrecognized cryptocurrencies, and custody of cryptocurrencies. Additionally, these amendments include anti-money laundering compliance guidelines to address financial crime issues, including the application of “travel rules”, transaction monitoring, blockchain analysis, and fees for recognized cryptocurrency tokens.
No.2 On June 20th, the Singapore government released a 126-page report assessing the money laundering risks currently facing Singapore. The report delves into the serious anti-money laundering challenges Singapore faces as it aims to attract global ultra-high-net-worth individuals and create an international financial hub, making it susceptible to being used as a channel for overseas financial fraud and other criminal fund laundering. In a recent money laundering case, Singapore authorities seized over $1.5 billion Singapore dollars from related bank accounts.
Given the new situation in the blockchain security field, Beosin summarized:
Overall, the total amount of losses from various blockchain security incidents in June 2024 decreased significantly. 67% of the loss from attack incidents this month was due to private key leakage, and various project types were targeted. It is recommended that all project parties and users strengthen private key management and provide regular security training for high-privilege employees. Phishing scams continue to occur this month, and users are advised to safeguard their private keys, carefully verify signature information, and double-check the correctness of addresses before transferring funds.