Overview
In May 2024, we documented a total of 32 incidents on our SlowMist hacked archive, resulting in total losses of approximately ~$429 million. The causes of these incidents included security & contract vulnerabilities, address spoofing attacks, rug pulls, and account theft. It is important to note that this report is not exhaustive, as many incidents go unreported or were excluded due to lower amount loss. This report offers a concise analysis of these incidents, highlighting their financial impact, recovery status, and providing strategic recommendations to enhance security. Our goal is to raise awareness of the security risks observed during the month of May and how we can prevent them in the future.
Major Incidents
$305M DDM Bitcoin Hack
DMM Bitcoin, a Japanese cryptocurrency exchange, announced it lost 48 billion yen ($305 million) worth of bitcoin (BTC) due to a hack. In a blog post on its website, DMM Bitcoin reported that 4,502.9 BTC “leaked” out of the exchange. Measures have been implemented to prevent further unauthorized outflows. The hacker divided the stolen bitcoin across 10 wallets in batches of 500 BTC.
WBTC Whale Phishing
On May 3, 2024, a whale fell victim to an address spoofing phishing attack, losing 1,155 WBTC, valued at approximately $70 million. For more details, refer to the article “Small Bait, Big Catch: Unveiling the 1,155 WBTC Phishing Incident.” On May 10, the SlowMist security team reported that the hacker returned the stolen funds.
Sonne Finance
On May 14, 2024, Sonne Finance, an Optimism-based lending protocol built on Compound, suffered a flash loan attack, resulting in losses exceeding $20 million. Following the incident, Seal contributors salvaged approximately $6.5 million by adding $100 worth of VELO to the market. The attack exploited a newly introduced market vulnerability, utilizing a multisig wallet and time lock functionality to execute critical transactions within two days of the market’s creation, manipulating the market’s collateral factors.
pump.fun
On May 16, 2024, the Solana-based meme coin generator pump.fun was attacked, resulting in the loss of 12,300 SOL (valued at approximately $1.9 million). The attacker then airdropped the funds to various random wallets. pump.fun stated on Twitter that the attack was orchestrated by a former employee who exploited their privileges to gain unauthorized withdrawal access, using a lending protocol to execute a flash loan attack.
Gala Games
On May 20, 2024, the Web3 gaming platform Gala Games was attacked, resulting in a loss of approximately $21.8 million. The attacker minted 5 billion GALA tokens, valued at over $200 million, and quickly sold 592 million GALA, obtaining 5,952 ETH. On May 22, according to on-chain records and a statement from Gala Games on Discord, the hacker returned 5,913.2 ETH.
Summary
The 2 largest loss this month was from a security vulnerability and address spoofing phishing incident. Just these two incidents alone accounted for ~375M in losses. Additionally, two private key leakage incidents resulted in losses of approximately $26 million. The SlowMist security team recommends that project teams enhance internal security training and permission management to raise employee awareness and prevent insider threats.
There was four security incidents this month that resulted in the recovery of approximately $92.58 million, with nearly all funds recovered in three incidents. An effective incident response mechanism can help mitigate losses and increase the chances of fund recovery. Therefore, the SlowMist security team advises project teams to not only implement preventive measures but also establish comprehensive emergency plans.
Out of the 32 security incidents this month, 14 were due to contract vulnerabilities, accounting for ~42% of the total incidents. The SlowMist security team advises project teams to remain vigilant, conduct regular security audits, and address new security threats and vulnerabilities to protect projects and assets effectively.
Finally, the events documented in this article are the major reported security incidents of the month, and incidents regarding individual users were not included in the statistics. For additional updates, please visit the SlowMist Blockchain Security Incident Database.
About SlowMist
At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.
We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.
