SlowMist Monthly Security Report | Web3 Security Incidents Totaling Approx. $147 Million in Losses

SlowMist
5 min readNov 1, 2024

--

Overview

In October 2024, Web3 security incidents led to total losses of approximately $147 million. According to the SlowMist Blockchain Hack Archive, 28 separate attacks resulted in about $129 million in losses, with $19.3 million later recovered. These incidents involved various tactics, including exit scams, account takeovers, and price manipulation.

In addition, Web3 anti-fraud platform Scam Sniffer recorded 12,058 phishing victims, with losses totaling $18.04 million this month.

https://dune.com/scam-sniffer/october-scam-sniffer-2024-phishing-report

Major Security Incidents

EIGEN Token Theft

On October 5, 2024, EigenLayer announced on X that an isolated attack occurred in which a communication thread between an investor and a custodian was compromised, resulting in the unauthorized transfer of 1,673,645 EIGEN tokens to the attacker. The attacker then exchanged the tokens through decentralized platforms, transferring the proceeds to centralized exchanges. Collaborative efforts with these platforms and law enforcement have led to partial funds being frozen. SlowMist was invited as an independent investigator, concluding that the incident was initiated by a phishing attack on the investor’s employee email account, allowing the attacker to impersonate both the investor and custodian to redirect the token transfer. EigenLayer expressed gratitude to SlowMist for their thorough and timely investigation.

https://x.com/eigenlayer/status/1851084312549970425

Radiant Capital Attack

On October 17, 2024, Radiant Capital reported a security issue on BNB Chain and Arbitrum, leading to the suspension of its Base and mainnet markets. SlowMist analysis revealed that after taking control of three multisig permissions, the attacker upgraded a malicious contract to steal funds. By October 18, Radiant Capital released an incident report, confirming around $50 million in losses due to a complex malware injection, which compromised devices of three core contributors, enabling malicious transaction signing.

https://medium.com/@RadiantCapital/radiant-post-mortem-fecd6cd38081

Tapioca DAO Exploit

On October 18, Tapioca DAO suffered a security breach, losing around $4.7 million through a social engineering attack. Attackers gained access to a key developer’s private keys through an infectious “interview” tactic. The hacker group, identified as a North Korean entity, infiltrated the developer’s device with malware to acquire the private key. This “infectious interview” approach involved disguising as job candidates or recruiters, luring targets into downloading malicious files.

https://x.com/tapioca_dao/status/1847330264139145361

SHARPEI Token Price Crash

Launched on October 23, 2024, the meme token SHARPEI (SHAR) saw its market cap surge to $54 million, only to drop 96% after a sudden $3.4 million sell-off by project insiders. Leaked promotional documents exposed several false claims, including fake endorsements from KOLs who later denied involvement, as well as fictitious partnerships. The token’s value continued to fluctuate as these deceptions were revealed.

U.S. Government-Controlled Wallet Suspicious Activity

On October 25, 2024, MistTrack reported unusual outflows from a U.S. government-controlled wallet at address `0xc9E6E51C7dA9FF1198fdC5b3369EfeDA9b19C34c`, amounting to roughly $20 million in tokens, including 5.4 million USDC, 1.12 million USDT, 13.7 million aUSDC, and 178 ETH. Most of these tokens were swapped for ETH. Following the transaction, approximately $19.3 million was returned to the government address.

https://dashboard.misttrack.io/address/ETH/0xc9E6E51C7dA9FF1198fdC5b3369EfeDA9b19C34c

Event Analysis and Security Recommendations

In October, attack methods became increasingly sophisticated, including contract vulnerabilities, account takeovers, and new tactics like supply chain attacks, multisig theft, and price manipulation. Two major exit scams resulted in multimillion-dollar losses, highlighting the need for due diligence on project backgrounds and teams before investing.

There was also an uptick in account compromise incidents, especially on platform X. Users and project teams can follow SlowMist’s X Account Security Guidelines to review permissions and bolster security settings. SlowMist further advises increased vigilance against social engineering attacks, which, while technically unsophisticated, can discreetly compromise assets. For details on these techniques, refer to our article, “Beware of Fake Journalist Phishing Attacks.”

Despite a decline in phishing-related losses compared to last month, the number of victims has risen. Users are urged to exercise caution, routinely verify permissions, and avoid clicking unknown links or entering private keys/seed phrases. Installing antivirus software (like Kaspersky, AVG) and anti-phishing plugins (like Scam Sniffer) can enhance device security.

For a complete record of blockchain security incidents, visit the SlowMist Blockchain Hack Archive.

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

No responses yet