SlowMist Monthly Security Report: Total Losses For July Approximate $279 Million

SlowMist
5 min readAug 1, 2024

--

Overview

According to the SlowMist Blockchain Threat Intelligence Database https://hacked.slowmist.io, there were 37 security incidents in July 2024, with total losses estimated at approximately $279 million, of which $8.76 million was recovered. The causes of these incidents ranged from contract vulnerabilities and account hacks to exit scams and domain hijacking.

Major Incidents

1. Bittensor (July 2, 2024)

The decentralized AI project Bittensor was attacked, resulting in the theft of approximately 32,000 TAO tokens, valued at around $8 million. Blockchain analyst ZachXBT suggested that the attack might have been due to a private key leak. Bittensor later clarified that affected users were targeted by a malicious Bittensor package uploaded to Python’s PyPi package manager.

2. Authy (July 5, 2024)

SlowMist CISO 23pds reported an attack on 2FA service Authy, leading to the theft of phone numbers from 33 million users. The official developer, Twilio, confirmed the breach. Many Web3 users utilize this 2FA software, so asset security should be a priority.

https://x.com/im23pds/status/1809047195750183257

3. Doja Cat (July 8, 2024)

The rapper Doja Cat’s X account was hacked, with the attacker posting tweets promoting a memecoin. Doja Cat confirmed the hack on her Instagram.

4. Compound (July 11, 2024)

Compound DAO security advisor Michael Lewellen tweeted that the Compound Finance website was compromised, hosting a phishing site.

https://x.com/LewellenMichael/status/1811303839888261530

5. LI.FI (July 16, 2024)

The cross-chain bridge aggregation protocol LI.FI experienced suspicious transactions, resulting in user losses exceeding $10 million. On July 18, LI.FI’s security incident report identified the issue as related to a problem with transaction verification, which stemmed from the interaction with a shared LibSwap codebase used by multiple decentralized exchanges and other DeFi protocols. Approximately 153 wallets were affected, losing an estimated $11.6 million in USDC, USDT, and DAI stablecoins.

https://x.com/SlowMist_Team/status/1813195343057866972

6. WazirX (July 18, 2024)

The Indian cryptocurrency exchange WazirX reported a security breach involving a multisignature wallet, resulting in losses exceeding $230 million, roughly 45% of customer funds.

https://x.com/WazirXIndia/status/1813843289940058446

7. Rho Markets (July 19, 2024)

Due to an oracle configuration error, the lending protocol Rho Markets was arbitraged by an MEV bot for 2203 ETH, valued at approximately $7.6 million. The MEV bot owner subsequently offered to return the funds, stating that the incident resulted from exploiting a price oracle configuration error.

https://scrollscan.com/tx/0xd9c2e4f0364b13ada759f2dd56b65f5025e70cce4373e7c57ac31bf5226023e0

8. Casper Network (July 26, 2024)

Casper Network was attacked, leading to the network being paused in collaboration with validators to minimize the impact. An initial security incident report on July 31, 2024, revealed that 13 wallets were affected, with illegal transactions totaling approximately $6.7 million. The attack exploited a vulnerability allowing bypass of access control checks on uref resources.

https://x.com/Casper_Network/status/1817145818631098388

9. Terra (July 31, 2024)

The Terra chain suffered an attack, with the attacker minting several tokens using a known vulnerability related to third-party module IBC hooks, resulting in losses of $5.28 million. The Terra team took emergency measures to prevent further losses and coordinated with validators to apply patches. Although the vulnerability was fixed in the Cosmos ecosystem in April, Terra’s June upgrade did not include this patch, leading to its exploitation.

https://x.com/terra_money/status/1818498438759411964

On the same day, the decentralized trading protocol Astroport announced that the ASTRO tokens on Neutron were secured in the Astroport Treasury, and the attacker’s Terra address was blacklisted. The IBC Hook vulnerability was patched, and Astroport continued to work closely with the Terra team for solutions.

Summary

Data security issues resurfaced this month, with reports from Protos on July 1 indicating that Evolve Bank & Trust, a crypto-friendly bank, acknowledged the theft of approximately 33 TB of user data discovered a month earlier. Such incidents can lead to identity theft, account hacks, and financial losses. The SlowMist security team advises users to beware of phishing attacks, update passwords regularly, and avoid using the same password across multiple platforms.

With the memecoin craze, incidents of celebrity or project team accounts being hacked have increased. Attackers use the influence of these accounts to promote phishing links or tokens. Users should be cautious and informed, avoiding impulsive investments. The SlowMist guide on X account security can be accessed through the provided link for more information on enhancing account security.

Recent domain hijacking incidents highlight the need for project teams to take preventive measures to ensure website and user security:

- Choose a reliable domain registrar to reduce the risk of hijacking.

- Regularly check and monitor domain status, DNS settings, and other related configurations.

- Educate team members on the risks of domain hijacking and preventive measures, including recognizing common phishing techniques and social engineering attacks to prevent sensitive information leaks.

- Develop an emergency response plan to quickly react and contain the impact in case of domain hijacking.

This article includes the main security incidents for the month of July. For additional blockchain security incidents, please visit the SlowMist Blockchain Threat Intelligence Database.

--

--

SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.