BTC has once again broken through the historical high, approaching $99,000, and is close to the $100,000 mark. Looking back at historical data, during the Bull Market, there were numerous scams and phishing activities in the Web3 field, with a total loss of over $350 million. Analysis shows that hackers mainly target the Ethereum network, with stablecoins being the primary target. Based on historical transaction and phishing data, we have conducted in-depth research on attack methods, target selection, and success rate.

encryption security ecosystem map

We have subdivided the encryption security ecology project in 2024. In the field of smart contract audit, there are veteran participants such as Halborn, Quantstamp, and OpenZeppelin. Smart contract vulnerabilities are still one of the main attack vectors in the encryption field, and projects that provide comprehensive code review and security assessment services also have their own strengths and weaknesses.

Decentralized Finance Security Monitoring has professional tools such as Decentralized FinanceSafety and Assure Decentralized Finance, specifically designed for real-time threat detection and prevention of Decentralization financial protocol. It is worth noting the emergence of AI-driven security solutions.

Recently, Meme trading has been very popular. Security check tools like Rugcheck and Honeypot.is can help traders identify some issues in advance.

USDT is the most stolen asset

According to bitsCrunch data, attacks based on Ethereum (ETH) account for about 75% of all attack events, with USDT being the most attacked asset, with a theft amount of $112 million. On average, each USDT attack is worth about $4.7 million. The second most affected asset is ETH, with losses of about $66.6 million, followed by DAI with losses of $42.2 million.

It is worth noting that Tokens with a lower Market Cap are also subject to a high level of attack, indicating that attackers will take the opportunity to steal assets with lower security. The largest incident occurred on August 1, 2023, in a complex fraud attack, resulting in a loss of 20.1 million US dollars,

Polygon is the second most targeted chain for attackers

While Ethereum occupies a dominant position in all phishing incidents, accounting for 80% of the phishing volume, other on-chain Blocks have also observed theft activities. Polygon has become the second largest target chain, accounting for approximately 18% of the volume. Theft activities are often closely related to on-chain TVL and daily active users, and attackers will make judgments based on Liquidity and user activities.

Time Analysis and Attack Evolution

The attack frequency and scale have different patterns. According to bitsCrunch data, 2023 is the year with the most concentrated high-value attacks, with multiple events valued at over 5 million US dollars. At the same time, the complexity of attacks is gradually evolving from simple direct transfers to more complex approval-based attacks. The average time between major attacks (> 1 million US dollars) is approximately 12 days, mainly concentrated around major market events and new protocol releases.

Phishing Attack Types

Token transfer attack

Token transfer is the most direct attack method. Attackers manipulate users to transfer their Tokens directly to an account controlled by the attacker. According to bitsCrunch data, the value of such attacks is often extremely high. They exploit user trust, fake pages, and deceptive tactics to persuade victims to initiate Token transfers voluntarily.

This type of attack typically follows the following pattern: it builds trust by completely mimicking some well-known websites through similar domain names, while creating a sense of urgency during user interaction, and providing seemingly legitimate Token transfer instructions. Our analysis shows that the average success rate of such direct Token transfer attacks is 62%.

Approved Phishing

Approving Phishing mainly utilizes the complex interaction mechanism of smart contracts, which is a technically sophisticated attack method. In this method, the attacker tricks the user into providing transaction approval, thereby granting them unlimited spending power over specific Tokens. Unlike direct transfers, approving Phishing creates a long-term vulnerability that gradually drains the victim's funds.

FakeTokenAddress

Address poisoning is a comprehensive and multifaceted attack strategy, where attackers create transactions using tokens with the same name but different addresses from legitimate tokens. These attacks exploit users' negligence in checking addresses and result in gains.

Non-fungible Token Zero-dollar Purchase

Zero-cost Phishing specifically targets attacks on the digital art and collectibles market of the Non-fungible Token ecosystem. Attackers manipulate users to sign transactions, thereby significantly dropping the price or even giving away their high-value Non-fungible Tokens for free.

During our analysis, we discovered 22 significant cases of Non-fungible Token zero-purchase Phishing incidents, with an average loss of $378,000 per incident. These attacks exploit the inherent transaction signing process in the Non-fungible Token market.

Stolen Wallet Distribution

The data in the chart reveals the distribution pattern of the stolen Wallet in different price ranges. We found that there is an obvious inverse relationship between the transaction value and the number of affected Wallets— as the price increases, the number of affected Wallets gradually decreases.

Wallets with transaction amounts between 500-1000 US dollars are the most affected, with about 3,750, accounting for more than one-third. Victims of smaller amounts of each transaction often do not pay attention to details. The number of wallets per transaction between 1000-1500 US dollars drops to 2140. Transactions above 3000 US dollars only account for 13.5% of the total attacks. Therefore, the larger the amount, the stronger the security measures, or the more comprehensive consideration of the victims when dealing with larger amounts.

By analyzing the data, we have revealed the complex and evolving attack methods in the Cryptocurrency ecosystem. With the arrival of the bull run, the frequency of sophisticated attacks will increase, and the average losses will also grow, which will have a significant economic impact on the project party and investors. Therefore, not only does the Blockchain network need to enhance security measures, but we also need to be more vigilant when trading to prevent phishing incidents.