In September, the total loss of Web3 ecosystem due to hacker attacks exceeded 360 million US dollars

It's time for the monthly security inventory again! According to the Beosin EagleEye security risk monitoring, early warning and blocking platform of blockchain security audit company Beosin, the amount of losses from various security incidents in September 2023 increased significantly compared with August. More than 16 typical security incidents occurred in September, and the total loss amount caused by hacker attacks, phishing scams and Rug Pulls reached US$360 million, an increase of about 414% from August. Among them, the attack incidents were about US$323 million, the phishing scams were about US$32.12 million, and the Rug Pulls were about US$5.3 million.
There were 4 security incidents worth more than 10 million US dollars this month: Mixin Network was stolen 200 million US dollars, the hot wallet of the crypto exchange CoinEx was stolen 70 million US dollars, the crypto gambling platform Stake was stolen 41.3 million US dollars, and a whale address was phished and lost about 24.23 million US dollars. These four incidents accounted for 93% of the total losses. In addition, this month's Hong Kong virtual asset trading platform JPEX fraud case had many victims, and the amount involved reached 190 million US dollars, which is the most noteworthy cryptocurrency case in recent times.
Hacker Attacks
A total of 7 typical safety incidents occurred
No.1 On September 4, the crypto gambling platform Stake.com was attacked, resulting in a loss of approximately $41.3 million. The incident was attributed to the North Korean hacker group Lazarus.
No.2 On September 5, Arbitrum ecosystem decentralized exchange GMBL COMPUTER was attacked, resulting in a loss of approximately US$815,000.
No.3 On September 12, the hot wallet of the crypto exchange CoinEx was hacked, resulting in a loss of approximately $70 million. The incident was attributed to the North Korean hacker group Lazarus.
No.4 On September 14, the cryptocurrency exchange Remitano was hacked, resulting in a loss of $2.7 million, of which $1.4 million has been frozen by Tether.
No.5 On September 20, Balancer suffered a social engineering attack, resulting in a loss of approximately US$238,000.
No.6 On September 25, the Mixin Network cloud service provider database was attacked, resulting in losses of approximately US$200 million.
No.7 On September 25, Huobi HTX hot wallet was attacked, resulting in a loss of approximately US$8 million.
Phishing/Rug Pull
A total of 『5』 typical safety incidents occurred
No.1 On September 5, a fake Base token on ETH was Rug Pulled, and the deployer made a profit of approximately US$540,000.
No.2 On September 6, a Rug Pull occurred on the Boost token on ETH, and the deployer made a profit of approximately US$680,000.
No.3 On September 6, the whale address starting with 0x13e suffered a loss of approximately $24.23 million due to a phishing attack. This may be the highest single phishing loss in recent times.
No.4 On September 11, the X account of Ethereum founder Vitalik Buterin was stolen, and the hacker stole about $700,000 after posting a phishing link.
No.5 On September 12, the founder of Milady stated that a Milady developer seized the code base and misappropriated $1 million in treasury funds.
Crypto crime/case supervision
A total of 『4』 typical safety incidents occurred
No.1 On September 3, the Hong Kong police cracked down on a local fraud group that used virtual investment business as a cover, and 19 people were involved in money laundering of more than 300 million Hong Kong dollars (about 38.3 million US dollars).
No.2 On September 11, South Korean police were investigating a Ponzi scheme that caused 12,000 investors to lose a total of 100 billion won (about 75.09 million U.S. dollars).
No.3 On September 12, the Thai Cyber ​​Crime Investigation Bureau (CCIB) arrested five foreigners involved in a fraudulent cryptocurrency investment platform (bchgloballtd.com), involving approximately US$27 million.
No.4 Hong Kong virtual asset trading platform JPEX is suspected of fraud. As of September 25, the Hong Kong police received reports from 2,360 victims, involving a total amount of approximately HK$1.49 billion (approximately US$190 million).
In view of the new situation in the current blockchain security field, "Beosin" summarizes here:
In general, the amount of losses from various blockchain security incidents increased significantly in September 2023. The amount of losses was mainly concentrated in several major incidents with a value of more than 10 million US dollars. The types of attacks mainly included attacks on cloud service data providers, private key leaks, social engineering, and phishing. It is recommended that large crypto service providers regularly conduct security training for employees, implement security practices for high-privileged employees, and establish monitoring and alarm systems for all suspicious activities in infrastructure and applications. Virtual asset fraud cases have increased this month. Users are advised to raise their anti-fraud awareness. If unfortunately deceived, keep the evidence and file a case with the police as soon as possible.