SlowMist | 2024 Blockchain Security and Anti-Money Laundering Annual Report

9 min readJan 4, 2025

Due to space constraints, this article lists only the key points from the analysis report. The full content can be downloaded as a PDF at the end of this article.

Overview

Amid this dynamic landscape, the blockchain industry advances at the intersection of security and innovation. This report provides an in-depth review of key regulatory policies and anti-money laundering (AML) developments in 2024. It summarizes major blockchain security incidents, highlights typical fraud techniques, and features content contributed by the Web3 anti-scam platform ScamSniffer on phishing wallet drainers. Additionally, the report includes a statistical analysis of laundering methods and gains by North Korean hackers. We hope this report serves as a valuable resource for readers, helping industry participants and users gain a more comprehensive understanding of the current state of blockchain security and solutions. Our ultimate goal is to contribute to a safer blockchain ecosystem.

Blockchain Security

According to the SlowMist Hacked, a total of 410 security incidents were recorded in 2024, resulting in losses amounting to $2.013 billion. Compared to 2023, which saw 464 incidents and approximately $2.486 billion in losses, the total losses in 2024 represent a year-over-year decrease of 19.02%.

Note: It’s important to note that these figures were recorded at the time of the incidents. With the significant increase in cryptocurrency prices since then, the actual value of the losses could be higher. Additionally, these numbers reflect only publicly known incidents, meaning the real figures are likely much greater due to unreported cases.

https://hacked.slowmist.io/statistics/?c=all&d=2024

Overview of Blockchain Security Incidents

In terms of type of security incidents, DeFi remains the most frequently targeted sector for attacks. In 2024, a total of 339 DeFi-related security incidents were reported, accounting for 82.68% of all security breaches, with losses reaching an astonishing $1.029 billion. Compared to 2023, which saw 282 incidents resulting in losses of approximately $773 million, this represents a year-over-year increase in losses of 33.12%.

Distribution and Losses of Security Incidents Across Ecosystems in 2024

Comparison of DeFi Security Incidents and Losses in 2023 and 2024

From a blockchain perspective, Ethereum experienced the highest losses, totaling $465 million, followed by BSC (Binance Smart Chain) with losses amounting to $87.35 million.

Distribution and Losses of DeFi Security Incidents in 2024

When looking at the causes of these incidents, smart contract vulnerabilities were the most common, with 99 reported incidents resulting in approximately $214 million in losses. The second most frequent cause was account compromises.

Distribution of Causes for Security Incidents in 2024

Top 10 Security Incidents of 2024

This section highlights the Top 10 security incidents in terms of losses for 2024.

Top 10 Security Attack Incidents with the Highest Losses in 2024

Rug Pull

A Rug Pull is a type of scam in which malicious project teams create hype to attract user investments, only to “pull the rug” by absconding with the funds once the time is right. According to the SlowMist Hacked Database, 58 Rug Pull incidents were recorded in 2024, resulting in losses of approximately $106 million. The zkSync ecosystem experienced the highest losses, totaling $36.95 million, while the BSC (Binance Smart Chain) ecosystem saw the most incidents, with 28 Rug Pulls reported.

Distribution and Losses of Rug Pull Security Incidents Across Ecosystems in 2024

The rise of meme coins has further fueled speculative and FOMO-driven behavior among users, often leading them to overlook potential risks. Some token issuers don’t bother presenting a vision or publishing a whitepaper, relying solely on a concept or slogan to generate hype and attract buyers. The low cost of executing scams has led to a surge in Rug Pull incidents. Once users’ funds are stolen, recovering them is typically a long and arduous process. To mitigate these risks, the SlowMist Security Team advises users to thoroughly research a project’s background and team before participating and to exercise caution before investing. Being well-informed can help users avoid falling victim to such scams.

Phishing Attack

This section focuses on analyzing Wallet Drainer attacks on EVM-compatible chains. Special thanks to ScamSniffer for their valuable contribution to this analysis.

A Wallet Drainer is a type of attack deployed on phishing websites that steals crypto assets by inducing users to sign malicious transactions. In 2024, such attacks caused approximately $494 million in losses, a 67% increase year-over-year. While the number of victims only increased by 3.7% (reaching 332,000 addresses), the loss per attack increased significantly, with the largest single theft amounting to $55.48M USD.

Key Data Indicators of Wallet Drainer Attacks in 2024

The attack landscape evolved significantly throughout the year, marked by several key transitions:

Pink’s Exit (End of May): Held 28% market share, which was subsequently absorbed by Inferno
Angel’s Takeover of Inferno (End of October): Angel’s share decreased while Inferno maintained 40–45% market share

2. Major Events of the Year

Q1-Q2: Three major players dominated (Angel: 42%, Pink: 28%, Inferno: 22%)
Q3: Dual competition (Inferno: 43%, Angel: 25%)
Q4: New landscape (Inferno and Angel: 45%, Acedrainer: 20%, Other new Drainers: 25%)

As of 2024, known losses from phishing signature attacks have reached $790 million. Although these types of attacks decreased in the second half of the year, this might indicate that attackers are shifting towards other attack methods, such as malware and other more covert approaches.

As the Web3 ecosystem continues to develop, the challenges of protecting user assets remain. Regardless of how attack methods evolve, continuous security awareness and building protective capabilities remain key to safeguarding assets.

Scam Techniques

This section highlights some of the scam techniques we disclosed in 2024:

X Account Compromise

Anti-Money Laundering(AML) Trends

This section is divided into four parts: AML and Regulatory Dynamics, Anti-Money Laundering Data, DPRK, Money Laundering Tools.

AML and Regulatory Dynamics

In 2024, the regulatory landscape for cryptocurrencies experienced significant developments, highlighted by the European Union’s implementation of the Markets in Crypto-Assets (MiCA) regulation and the United States advancing stablecoin legislation. This year saw the introduction of more stringent measures worldwide to combat illicit activities, with notable advancements in stablecoin regulation, cross-border crypto policies, and enforcement actions targeting major players in the crypto space. Detailed policies and enforcement actions can be found in the PDF at the end of this article.

Anti-Money Laundering Data

Frozen Funds Data

With significant support from partners in the InMist intelligence network, SlowMist assisted clients, partners, and public hacking incident victims in freezing over $112 million in 2024.
In 2024, Tether froze $540,195,442 worth of USDT, while Circle froze $13,359,597 worth of USDC.

2. Fund Recovery Data

In 2024, there were 410 reported security incidents, with 24 cases successfully recovering all or part of the stolen funds. According to disclosed data, approximately $166 million was recovered, representing 8.25% of the total losses, which amounted to $2.013 billion.

DPRK

In 2024, the Democratic People’s Republic of Korea (DPRK) was implicated in a series of high-profile cyber heists, collectively stealing over hundreds of millions of dollars in cryptocurrency. The following is a chronological list of significant incidents attributed to DPRK-affiliated groups, with data from SlowMist Hacked:

This section focuses on analyzing the attack techniques employed by North Korean hackers, using the BingX incident followed up by SlowMist as an example to illustrate their money laundering methods.

Money Laundering Tools

1. Tornado Cash

2. eXch

3. Railgun

Railgun has implemented Private Proofs of Innocence (PPOI), leveraging zero-knowledge proofs to ensure users can verify their funds are not linked to illicit activities without compromising privacy. This innovation strikes a crucial balance between privacy and compliance, making it harder for malicious actors to exploit the platform for laundering funds.

Conclusion

In 2024, the blockchain industry continued to ride the wave of innovation and transformation, presenting both new opportunities and challenges. The numerous security incidents and anti-money laundering (AML) developments of the year serve as stark reminders of the importance of industry standards and robust technological safeguards. By analyzing blockchain security incidents and money laundering cases from 2024, we aim to raise awareness of the critical need for enhanced security across the ecosystem.

Looking ahead, as regulatory frameworks become more comprehensive and technological capabilities advance, there is every reason to believe the blockchain industry will progress toward greater safety, transparency, and compliance. We hope this report provides valuable insights, offering readers a clearer understanding of the current state of blockchain security and AML practices. Together, we can contribute to building a more secure, stable, and trustworthy blockchain ecosystem.

Disclaimer

The content of this report is based on our understanding of the blockchain industry, data from the SlowMist blockchain hacked archive database SlowMist Hacked, and the anti-money laundering tracking system MistTrack. However, due to the “anonymous” nature of blockchain, we cannot guarantee the absolute accuracy of all data and cannot be held responsible for errors, omissions, or losses caused by using this report. Additionally, this report does not constitute any investment advice or the basis for other analyses. We welcome criticism and corrections for any oversights or inadequacies in this report.

The full version is available at the link below. Happy reading and feel free to share!

https://www.slowmist.com/report/2024-Blockchain-Security-and-AML-Annual-Report(EN).pdf

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.

SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.