Analysis of the 2024 Blockchain Security and Anti-Money Laundering Annual Report: Security Landscape
Last week, we released the SlowMist 2024 Blockchain Security and Anti-Money Laundering Annual Report. To help readers gain a more comprehensive and in-depth understanding of the key security challenges and opportunities in the current blockchain ecosystem, we will break the report into four articles for detailed analysis. This article focuses on the security landscape of the blockchain ecosystem.
The security landscape in 2024 continues to face a range of severe challenges, with centralized platforms remaining prime targets. Smart contract flaws and social engineering tactics are frequently exploited, while phishing attacks have grown increasingly covert and sophisticated. Together, these threats reveal the evolving ingenuity of malicious actors and the ongoing need for robust defenses. Supply chain security has also garnered increased attention in 2024. Several high-profile projects suffered malicious code injection attacks, leading to substantial user asset losses.
According to the SlowMist Hacked, a total of 410 security incidents were recorded in 2024, resulting in losses amounting to $2.013 billion. Compared to 2023, which saw 464 incidents and approximately $2.486 billion in losses, the total losses in 2024 represent a year-over-year decrease of 19.02%.
Note: It’s important to note that these figures were recorded at the time of the incidents. With the significant increase in cryptocurrency prices since then, the actual value of the losses could be higher. Additionally, these numbers reflect only publicly known incidents, meaning the real figures are likely much greater due to unreported cases.
Top 10 Security Incidents of 2024
DMM Bitcoin
On May 31, 2024, Japanese cryptocurrency exchange DMM Bitcoin reported an unauthorized transfer of 4,502.9 BTC from its official wallet, resulting in a loss of approximately 48.2 billion yen (~$330 million). This attack ranks as the seventh-largest in cryptocurrency hacking history and the most significant since December 2022. It is also the third-largest crypto exchange hack in Japan, following the Mt. Gox incident in 2014 ($450 million) and the Coincheck hack in 2018 ($534 million).
On December 23, the FBI, the U.S. Department of Defense Cyber Crime Center (DC3), and the Japanese National Police Agency (NPA) linked the theft to the TraderTraitor campaign, also known as Jade Sleet, UNC4899, or Slow Pisces. TraderTraitor typically employs social engineering attacks targeting multiple employees of the same company.
In March 2024, a North Korean hacker posed as a LinkedIn recruiter and sent a malicious Python script to an employee at Ginco, a Japanese enterprise cryptocurrency wallet software company. The employee unknowingly uploaded the code to their GitHub page, leading to a breach. By mid-May, the hackers accessed Ginco’s unencrypted communication system, enabling them to manipulate legitimate transaction requests from DMM Bitcoin staff, resulting in the theft of 4,502.9 BTC, later traced to wallets controlled by TraderTraitor.
PlayDapp
On February 9, 2024, the blockchain gaming platform PlayDapp suffered an attack where hackers compromised the private key of its PLA token smart contract. The attackers gained ownership and minting rights, creating 200 million PLA tokens and transferring them to their accounts. Despite PlayDapp’s efforts to negotiate with the attackers, including offering a $1 million white-hat reward, talks failed.
On February 12, the hackers minted an additional 1.59 billion PLA tokens, but exchange freezes prevented these tokens from entering circulation. Post-incident analysis revealed the attack originated from a phishing email sent to the team on January 16. The email contained a malicious payload disguised as a routine request from a major partner exchange, which installed a tampered remote-access tool, leading to the theft of the admin private key.
WazirX
On July 18, 2024, Indian cryptocurrency exchange WazirX detected suspicious transactions involving its multisig wallet. An investigation revealed that hackers had exploited discrepancies between the interface and actual transactions on Liminal, a service used for transaction verification. This enabled attackers to transfer wallet control to themselves, resulting in losses exceeding $230 million.
BtcTurk
On June 22, 2024, Turkish cryptocurrency exchange BtcTurk suffered an attack, resulting in losses of approximately $90 million. In a statement released on June 22, BtcTurk stated: “The cyberattack affected a portion of the balances of 10 cryptocurrencies in our hot wallet, while the majority of assets stored in cold wallets remain secure.” According to Binance CEO Richard Teng, Binance has frozen $5.3 million worth of the stolen assets.
Munchables
On March 27, 2024, Blast ecosystem project Munchables was hacked, leading to losses of $62.5 million. Subsequently, the Blast team recovered $97 million through a multisig wallet after the attackers, former developers of Munchables, returned the funds voluntarily without ransom.
Radiant Capital
On October 17, 2024, Radiant Capital suspended operations on BNB Chain and Arbitrum due to a malicious contract upgrade by attackers who had compromised three multisig wallets. Losses amounted to approximately $50 million. Security firm Mandiant later attributed the attack to UNC4736, a group linked to North Korea.
BingX
On September 20, 2024, Singapore-based cryptocurrency exchange BingX detected unauthorized access to a hot wallet, resulting in losses of $45 million. Analysis by MistTrack suggested links between this incident and the Indodax hack, both involving laundering through addresses associated with Lazarus Group, a North Korean hacking organization.
Hedgey Finance
On April 19, 2024, Hedgey Finance suffered an attack due to inadequate input validation, leading to unauthorized approvals and losses of approximately $44.7 million on Ethereum and Arbitrum.
Penpie
On September 4, 2024, liquidity rewards project Penpie lost approximately $27.35 million in an attack that exploited its incorrect assumptions about Pendle Finance’s market creation process. Attackers used malicious smart contracts and flash loans to amplify rewards artificially.
FixedFloat
On February 16, 2024, crypto platform FixedFloat lost 409 BTC (~$21.17 million) and 1,728 ETH (~$4.85 million) due to an external vulnerability. A follow-up attack on April 2 increased total losses to approximately $29 million.
Rug Pull
A Rug Pull is a type of scam in which malicious project teams create hype to attract user investments, only to “pull the rug” by absconding with the funds once the time is right. According to the SlowMist Hacked Database, 58 Rug Pull incidents were recorded in 2024, resulting in losses of approximately $106 million.
The rise of meme coins has further fueled speculative and FOMO-driven behavior among users, often leading them to overlook potential risks. Some token issuers don’t bother presenting a vision or publishing a whitepaper, relying solely on a concept or slogan to generate hype and attract buyers. The low cost of executing scams has led to a surge in Rug Pull incidents. Below are common tactics employed by malicious project teams:
- False Advertising and Hype Creation: Attracting users to invest through exaggerated claims of technical capabilities, market potential, fake collaborations, or celebrity endorsements.
- Token Price Manipulation: Pre-holding a large number of tokens, project teams manipulate market prices to create an illusion of prosperity, drawing more funds into the project.
- Smart Contract Vulnerabilities: Leaving backdoors in smart contracts allows project teams to withdraw funds or destroy liquidity pools at any time.
- Disappearing Acts: Just before pulling the rug, project teams often shut down websites, social accounts, or dissolve communities, severing contact with investors.
Understanding these malicious tactics reveals that such scams often exploit users’ speculative mindset and desire for high returns. To avoid falling victim to these schemes, it’s crucial to stay vigilant, enhance verification skills, and adopt the following precautions:
- Examine the Project’s Background: Verify the authenticity and background of team members, and check for any negative records in their past projects.
- Check for Audits: See if the project has undergone professional security audits.
- Monitor Community Feedback: Join the project’s social media or forums to observe community activity and discussions. Be wary of excessive praise or unrealistic promises.
- Diversify Investments: Avoid putting all your funds into one project to mitigate losses from a single failure.
- Beware of High-Yield Promises: There’s no free lunch. High returns often come with high risks. Be extra cautious of claims like “quickly doubling your money” or “zero risk.”
Here’s the link to the full report. Happy reading and feel free to share!
https://www.slowmist.com/report/2024-Blockchain-Security-and-AML-Annual-Report(EN).pdf
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.