Web3 Security Report: Bull Run Approaches, Beware of New Types of Cyber Attacks

Recently, the price of Bitcoin has reached a new high, approaching the $100,000 mark. However, historical data shows that during the bull run, scams and phishing activities in the Web3 space are rampant, with total losses exceeding $350 million. Analysis indicates that hackers primarily target the Ethereum network, with stablecoins being the primary target. This article will delve into key issues such as attack methods, target selection, and success rates.

Overview of the Crypto Security Ecosystem

In 2024, crypto security ecosystem projects can be divided into multiple subfields. In the area of smart contract auditing, several well-known companies provide comprehensive code review and security assessment services. In the field of DeFi security monitoring, there are real-time threat detection and prevention tools specifically targeting decentralized finance protocols. Notably, AI-driven security solutions are gradually emerging.

In the current trading frenzy of Meme tokens, some security inspection tools can help traders identify potential risks in advance.

USDT becomes the most stolen asset

Data shows that attacks based on Ethereum account for about 75% of all incidents. USDT is the most attacked asset, with a total theft amount of $112 million, averaging a loss of about $4.7 million per attack. Next is ETH, with a loss of about $66.6 million, and third is DAI, with a loss of $42.2 million.

It is worth noting that some lower market cap tokens have also suffered large-scale attacks, indicating that attackers exploit vulnerabilities in lower security assets. The largest single loss incident occurred on August 1, 2023, when a complex fraud attack caused a loss of $20.1 million.

Polygon becomes the second largest target chain for attacks

Despite Ethereum dominating all phishing events (approximately 80%), other blockchains have also seen theft activities. Polygon has become the second largest target chain, accounting for about 18% of the transaction volume. Attackers typically choose targets based on on-chain TVL and daily active users, which are closely related to liquidity and user activity.

Time Analysis and Attack Evolution

Attack frequency and scale exhibit different patterns. 2023 is the year with the highest concentration of high-value attacks, with several incidents resulting in losses exceeding $5 million. Attack methods have also become increasingly complex, evolving from simple direct transfers to more sophisticated authorization-based attacks. The average interval between significant attacks (losses over $1 million) is about 12 days, primarily concentrated around major market events and the release of new protocols.

Main Types of Phishing Attacks

token transfer attack

This is the most direct method of attack. The attacker induces the user to transfer tokens directly to an account controlled by them. Such attacks usually involve a single transaction of very high value, utilizing user trust, fake pages, and scamming language to execute. Attackers often mimic well-known websites through similar domain names, while creating a sense of urgency and providing seemingly reasonable transfer instructions. The average success rate of such attacks can be as high as 62%.

approve phishing

This is a technically complex method of attack that utilizes the smart contract interaction mechanism. The attacker deceives the user into providing transaction approval, thereby gaining unlimited consumption rights for specific tokens. Unlike direct transfers, this method creates long-term vulnerabilities, allowing the attacker to gradually deplete the victim's funds.

fake token address

This attack strategy combines multiple tactics. The attacker creates tokens that have the same name as legitimate tokens but different addresses to conduct transactions, profiting from users' negligence in checking addresses.

NFT zero-cost purchase

This type of attack targets digital art and collectibles in the NFT market. Attackers manipulate users into signing transactions to sell their high-value NFTs at very low or even zero prices. During the study, 22 significant zero-dollar purchase incidents of NFTs were identified, with an average loss of $378,000 per incident. These attacks exploit vulnerabilities in the transaction signature process of the NFT market.

Victim Wallet Distribution Analysis

Data shows that the trading value is inversely proportional to the number of victim wallets. The number of victim wallets for transactions between 500-1000 dollars is the highest, at around 3,750, accounting for over one-third. This may be because users pay less attention to details during small transactions. The number of victim wallets in the range of 1000-1500 dollars drops to 2,140. Transactions over 3000 dollars only account for 13.5% of the total number of attacks, indicating that users are more security-conscious or consider more thoroughly during large transactions.

As the bull run approaches, the frequency of complex attacks and the average losses may increase, which will also amplify the economic impact on project parties and investors. Therefore, blockchain networks need to continuously strengthen security measures, and users should remain highly vigilant during transactions to guard against various phishing and fraud activities.