Due to space limitations, this article only lists the key contents of the analysis report. The full content can be downloaded through the PDF at the end of the article.
I. Overview
In 2024, the blockchain industry is moving forward in the battle between security and innovation. Against this background, this report reviews the key regulatory compliance policies and anti-money laundering trends in the blockchain industry in 2024, summarizes blockchain security incidents in 2024, and sorts out typical fraud methods. In addition, we also invited Web3 anti-fraud platform ScamSniffer to write about phishing Wallet Drainers. At the same time, we analyzed and counted the money laundering methods and profits of North Korean hackers. We hope that this report will provide readers with useful information, help practitioners and users to have a more comprehensive understanding of the current status and solutions of blockchain security, and contribute to the safe development of the blockchain ecosystem.
Second, blockchain security situation
According to the SlowMist Hacked Archive, there were 410 security incidents in 2024, with losses of up to US$2.013 billion. Compared with 2023 (a total of 464 incidents, with losses of approximately US$2.486 billion), the losses decreased by 19.02% year-on-year.
Note: The data in this report is based on the token price at the time of the incident. Due to factors such as currency price fluctuations and the fact that losses from some undisclosed events are not included in the statistics, the actual losses should be higher than the statistical results.
(https://hacked.slowmist.io/statistics/?c=all&d=2024)
Overview of Blockchain Security Incidents
From the perspective of project tracks, DeFi is still the most frequently attacked area. In 2024, there were 339 DeFi security incidents, accounting for 82.68% of the total number of security incidents, with losses as high as US$1.029 billion. Compared with 2023 (a total of 282 incidents, with losses of approximately US$773 million), losses increased by 33.12% year-on-year.
(2024 security incident distribution and losses of each track)
(2023 and 2024 DeFi security incident distribution and loss comparison chart)
From the perspective of ecology, Ethereum suffered the highest loss, reaching US$465 million. The second was BSC, reaching US$87.35 million.
(2024 ecological security incident distribution and losses)
From the cause of the incident, the security incidents caused by contract vulnerabilities are the most, reaching 99, resulting in losses of approximately US$214 million. The second largest number is security incidents caused by account hacking.
(2024 security incident method diagram)
Typical attack incidents
This section selects the top 10 security attack incidents with the highest losses in 2024. For details, please see the PDF file at the end of the article.
(2024 Top 10 Security Attacks with the Most Losses)
Rug Pull
Rug Pull is a scam. Its essence is that malicious project parties create momentum to attract user investment, and when the time is right, they "pull the blanket" and run away with the money. According to the SlowMist Hacked Archive, there were as many as 58 Rug Pull incidents in 2024, resulting in a loss of approximately US$106 million. Among them, the zkSync ecosystem suffered the highest loss, reaching US$36.95 million, and the BSC ecosystem had the most runaway incidents, reaching 28.
(2024 Top 10 Losses of Running Away)
(2024 Distribution of Running Away Events and Losses in Each Ecosystem)
With the advent of the Meme coin craze, many users, driven by speculation and FOMO emotions, ignored potential risks. Some coin issuers do not even need to describe their vision or provide white papers to users. With just a concept or slogan, they can hype up the heat and attract users to buy tokens. The low cost of doing evil has led to endless running away events. After user funds are stolen by malicious project parties, they often face a long and difficult recovery process. In this regard, the SlowMist Security Team recommends that users fully understand the background and team information of the project before participating in the project, and carefully choose investment projects to avoid potential risks.
Phishing
Note: This section focuses on analyzing the Wallet Drainer attack on the EVM-compatible chain, which was written by ScamSniffer. Thank you.
Wallet Drainer is an attack method deployed on phishing websites to steal crypto assets by inducing users to sign malicious transactions. In 2024, such attacks caused losses of approximately US$494 million, a year-on-year increase of 67%. Although the number of victims increased by only 3.7% (to 332,000 addresses), the loss of a single attack increased significantly, with the largest single stolen amount reaching US$55.48 million.
(Key data indicators of Wallet Drainer attacks in 2024)
1. Important nodes
Pink exited (end of May): market share was 28%, and the share was absorbed by Inferno.
Angel took over Inferno (end of October): Angel's share declined, and Inferno maintained a 40-45% market share.
2. Evolution of the market landscape
Q1-Q2: Three dominant players (Angel: 42%, Pink: 28%, Inferno: 22%)
Q3: Two-headed competition (Inferno: 43%, Angel: 25%)
Q4: New landscape (Inferno and Angel: 45%, Acedrainer: 20%, other new Drainers: 25%)
As of 2024, known losses based on phishing signatures will reach USD 790 million. Although such attacks have decreased in the second half of the year, this may indicate that attackers are turning to other attack methods, such as malware and other more covert means. As the Web3 ecosystem develops, the challenge of protecting user asset security remains. Regardless of how the attack methods change, continuous security awareness and protection capability building are always the key to protecting asset security.
Fraud
This section selects some of the fraud methods we disclosed in 2024:
1. Mining fraud
2. Arbitrage fraud
3. Airdrop fraud
4. Pirate X fraud
5. Pixiu disk
6. Malicious Trojan
III. Anti-money laundering situation
Anti-Money Laundering and Regulatory Dynamics
In 2024, the regulatory environment for cryptocurrencies has undergone significant developments, most notably the EU's implementation of the MiCA regulation and the United States' advancement of stablecoin legislation. In terms of law enforcement, stricter measures have been introduced around the world this year to combat illegal activities, and significant progress has been made in stablecoin regulation, cross-border crypto policies, and law enforcement actions against major players in the crypto field. For specific policies and law enforcement actions, see the PDF at the end of the article.
Anti-money laundering data
1. Fund freezing data
With the strong support of InMist intelligence network partners, SlowMist assisted customers, partners and public hacking incidents in freezing funds totaling more than 112 million US dollars in 2024.
(https://dune.com/misttrack/2024)
2. Funds Return Data
In 2024, 410 security incidents occurred, and there were 24 incidents in which the lost funds were fully or partially recovered after the attack. According to the disclosed data, a total of approximately US$166 million was returned, accounting for 8.25% of the total security losses (approximately US$2.013 billion).
North Korean Hackers
In 2024, North Korean hacker groups were suspected of multiple cyber thefts, resulting in the theft of hundreds of millions of dollars in cryptocurrency. The following is a list of important incidents committed by North Korean hacker groups (data source: SlowMist Hacked):
This section focuses on analyzing the attack methods of North Korean hackers, and uses the BingX incident followed up by SlowMist as an example to introduce the money laundering methods of North Korean hackers.
Coin Mixing Tool
1. Tornado Cash
(https://dune.com/misttrack/2024)
2. eXch
(https://dune.com/misttrack/2024)
3. Railgun
Railgun Private Proof of Innocence (PPOI) has been implemented, using zero-knowledge proofs to ensure that users can verify that their funds are not linked to illegal activities without compromising privacy. This innovation strikes a critical balance between privacy and compliance, making it more difficult for malicious actors to use the platform to launder money.
Fourth, Conclusion
In 2024, the blockchain industry faces new opportunities and challenges in the wave of continuous innovation and change; various security incidents and anti-money laundering dynamics provide us with profound warnings and prompt us to pay more attention to industry norms and technical guarantees; through the analysis of blockchain security incidents and money laundering cases in 2024, we hope to arouse the attention of all parties to industry security.
In the future, with the gradual improvement of the regulatory framework and the continuous upgrading of technical means, we have reason to believe that the blockchain industry will move towards a more secure, transparent and compliant direction. We hope that this report can provide readers with valuable information and help them understand the security and anti-money laundering status of the blockchain industry more comprehensively. We also look forward to our joint efforts to contribute to the construction of a more secure, stable and trustworthy blockchain ecosystem.
V. Disclaimer
The content of this report is based on our understanding of the blockchain industry, the data support of SlowMist Hacked, the SlowMist blockchain hacked archive, and MistTrack, the anti-money laundering tracking system. However, due to the "anonymous" nature of blockchain, we cannot guarantee the absolute accuracy of all data here, nor can we assume responsibility for errors, omissions or losses caused by the use of this report. At the same time, this report does not constitute the basis for any investment advice or other analysis. If there are omissions and deficiencies in this report, you are welcome to criticize and correct it. The link to the full version is as follows. You can also click to read the original text directly. Welcome to read and share :)
Chinese: https://www.slowmist.com/report/2024-Blockchain-Security-and-AML-Annual-Report(CN).pdf
English: https://www.slowmist.com/report/2024-Blockchain-Security-and-AML-Annual-Report(EN).pdf