SlowMist Monthly Security Report | February Estimated Loss of $404 Million
Overview
According to statistics from the SlowMist Hacked Archive, February 2024 saw a total of 28 security incidents, with an estimated total loss of approximately $404 million. The reasons for these incidents included contract vulnerabilities, DDoS attacks, flash loan attacks, private key leaks, and account theft, among others.
Key Incidents
Phantom
On February 2, 2024, the cryptocurrency wallet Phantom reported a DDoS attack aimed at overloading its system, potentially causing temporary disruptions to some services. However, user assets remained secure throughout the incident. Subsequently, Phantom announced on Twitter that all services had been restored to normal and were operating smoothly again.
Starlay Finance
On February 8, 2024, Starlay Finance, a lending protocol within the Polkadot ecosystem, was attacked, resulting in a loss of approximately $2.1 million. On February 9, Starlay Finance tweeted that preliminary analysis indicated the attack exploited a miscalculation in the liquidity index, leading to unauthorized withdrawals.
PlayDapp
On February 10, 2024, the blockchain gaming platform PlayDapp was attacked, allowing the hacker’s address to be added as a minter and mint 200 million PLA tokens (valued at approximately $36.5 million). Shortly after the incident, PlayDapp sent a message to the hacker through a blockchain transaction, requesting the return of the stolen funds and offering a $1 million white hat reward, but the negotiations ultimately failed. On February 12, PlayDapp was attacked again, with the hacker minting another 1.59 billion PLA tokens (valued at approximately $253.9 million) and beginning to transfer them through cryptocurrency exchanges. The attacks resulted in a total loss of around $290 million.
Duelbits
On February 14, 2024, the crypto gambling platform Duelbits’ hot wallet was attacked, resulting in a loss of approximately $4.6 million, suspected to be due to a private key leak.
FixedFloat
On February 17, 2024, blockchain data indicated that the cryptocurrency exchange FixedFloat was attacked, losing approximately $26.1 million in Bitcoin and Ethereum. FixedFloat clarified regarding the incident: the hack was due to a vulnerability in their security architecture and was an external attack, not perpetrated by an employee, and the user funds were not affected by the “external attack.” On February 18, FixedFloat tweeted: “We confirm that there was indeed a hacking incident and funds were stolen. We are not yet ready to make a public statement as we are working on eliminating all potential vulnerabilities, enhancing security, and conducting investigations. FixedFloat’s services will resume shortly, and more detailed information about this incident will be provided later.”
Blueberry Protocol
On February 22, 2024, the DeFi lending protocol Blueberry Protocol was attacked, resulting in a loss of approximately 457.7 ETH (valued at about $1.35 million). The attack was intercepted by a white hat hacker, c0ffeebabe.eth, who returned 366 ETH to Blueberry Protocol. According to Blueberry Protocol’s incident analysis report, the attack was due to a misdeployment of the oracle.
BitForex
On February 23, 2024, the Hong Kong-based cryptocurrency exchange BitForex is suspected of an exit scam after closing access to its platform following suspicious outflows of funds worth approximately $56.5 million across multiple blockchains. Chainalysis detective ZachXBT was the first to notice the unusual withdrawal activity, pointing out that the exchange had stopped processing withdrawals and had not responded to customers. The company faced regulatory scrutiny in Japan in mid-2023 for operating without a license and was accused of inflating trading volumes. Its CEO resigned in January, promising a new team would take over.
Jihoz
On February 23, 2024, Jihoz, a co-founder of Axie Infinity, announced on Twitter that two of his addresses had been leaked. The scope of the attack was limited to his personal accounts and had no relation to the verification or operation of the Ronin chain, nor was it related to Sky Mavis’s operations. He assured that strict security measures had been taken for all related chain activities. The attack resulted in a loss of approximately $10 million.
Seneca
On February 28, 2024, the full-chain CDP protocol Seneca was attacked due to a contract vulnerability. The hacker utilized crafted calldata parameters to call transferfrom, moving tokens authorized to the project’s contract to their address, and then exchanged them for ETH. Seneca lost over 1900 ETH, valued at about $6.5 million. On February 29, the Seneca hacker returned 1537 ETH (valued at approximately $5.3 million) to the Seneca deployer’s address.
Shido Network
On February 29, 2024, the decentralized cross-chain protocol on the Ethereum chain, Shido Network, was suspected of an exit scam. The owner of the SHIDO token staking contract first upgraded the staking contract, then withdrew a large amount of SHIDO, and finally sold a significant amount of SHIDO for 692 ETH (valued at about $2.1 million).
Summary
In the 28 major security incidents this month, two projects (Blueberry Protocol and Seneca) successfully recovered approximately $6.38 million of stolen funds. The three private key leakage incidents this month accounted for approximately $304 million in losses, which is about 75% of the total losses from security incidents.
The SlowMist security team advises users and project operators to enhance their private key protection measures, such as using hardware wallets and offline storage, to improve the security of private keys. Additionally, the four incidents of contract vulnerability exploitation resulted in losses of approximately $7.25 million. The SlowMist security team recommends that project operators remain vigilant and regularly conduct security audits to identify and address new security threats and vulnerabilities, thus maximizing the protection of projects and assets. Finally, this article includes the major security incidents of the month, and individual user theft incidents are not included in the statistics. For more blockchain security incidents, you can visit the SlowMist Hacked Archive.
About SlowMist
At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.
We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.
