According to the hacked archive of SlowMist Blockchain (https://hacked.slowmist.io), there were a total of 37 security incidents in April 2024, resulting in a total loss of approximately $90.81 million. The reasons for these incidents included contract vulnerabilities, third-party vulnerabilities, exit scams, and account theft.
One of the main events involved the DeFi protocol, OpenLeverage, which was attacked on April 1st, resulting in a loss of approximately $260,000. OpenLeverage stated that its insurance, OLE buyback fund, and protocol reserve would be used to compensate for all protocol losses. [img]
Another event occurred on April 2nd, when the decentralized exchange, FixedFloat, was attacked, resulting in a loss of approximately $3 million. The attacker exploited a vulnerability in a third-party service used by FixedFloat. However, FixedFloat stated that the company and user funds were not affected by this attack. [img]
On April 4th, CondomSOL, a project on the Solana network, exit scammed, and the associated wallet raised 4965 SOL, equivalent to approximately $920,000. The official Twitter account of CondomSOL is currently inaccessible. [img]
Zest Protocol, a native Bitcoin lending protocol, was attacked on April 12th. The attackers borrowed an amount greater than the value of their holdings by increasing the collateral value. They removed 324,000 STX (approximately $1 million) from the protocol. Zest Protocol stated that this loss would be compensated from the protocol treasury, and users would receive full compensation. [img]
Grand Base, a physical asset platform built on the Base Layer 2 blockchain, reported on April 15th that the deploying wallet had been hacked, allowing the attacker to drain the project’s liquidity pool. The attacker stole a total of 615 ETH (approximately $2 million) from the project. On April 20th, Grand Base announced that during the token relaunch process, the team had recovered veNFT from the attacked address and transferred it to a multisig wallet. These veNFT positions are valued at $225,000 and will be used to provide liquidity when the time is right. [img]
Hedgey Finance suffered an attack due to a contract vulnerability on April 19th, resulting in a total loss of approximately $44.7 million. Most of the losses occurred on the Arbitrum network. [img]
Recently, users reported on Twitter that the decentralized betting platform, ZKasino, had removed the statement “Ethereum will be refunded and can be bridged back” from the Bridge funds interface, preventing users from withdrawing their funds. It is suspected that ZKasino has exit scammed, leading to losses of approximately $33 million. [img]
On April 26th, the cross-chain lending protocol, Pike Finance, was attacked, resulting in a loss of approximately $300,000 in the USDC pool on Pike Beta. The root cause of this incident was the attacker forging CCTP messages, causing the loss of USDC on Ethereum, Arbitrum, and Optimism chains. [img]
In summary, there were a total of 37 security incidents this month, with 15 of them being exit scams, accounting for 40.54% of the total incidents. These exit scams resulted in losses of approximately $37.57 million, accounting for 41.4% of the total stolen amount this month. The SlowMist security team advises users to thoroughly understand the background and team of a project and carefully choose investment projects before participating.
There were also 10 incidents of contract vulnerability exploits this month, resulting in losses of approximately $46.93 million, accounting for 51.7% of the total stolen amount this month. The SlowMist security team advises project teams to remain vigilant, conduct regular security audits, and track and address new security threats and vulnerabilities to maximize the security of projects and assets.
Lastly, this article only covers the major security events of this month, and personal user theft incidents are not included in the statistics. For more blockchain security events, you can visit the hacked archive of SlowMist Blockchain (https://hacked.slowmist.io/). Clicking on the link will directly redirect you to the original article. [img]
Tags:
WEB3
SlowMist Technology