In February, there were a total of 28 security incidents, resulting in approximately $404 million in losses. Reasons include contract vulnerabilities, DDoS attacks, flash loan attacks, private key leaks, and account thefts.
According to the SlowMist Blockchain Security Incident Database, in February 2024, there were a total of 28 security incidents, resulting in approximately $404 million in losses. Reasons for these incidents included contract vulnerabilities, DDoS attacks, flash loan attacks, private key leaks, and account thefts.
On February 2, 2024, the
cryptocurrency
wallet Phantom reported a DDoS attack, with attempts made to overload its system. Some services may experience temporary interruptions, posing potential risks to user assets. Subsequently, Phantom tweeted that all services had been restored to normal operation and were running smoothly once again.On February 8, 2024, the lending protocol Starlay Finance within the Polkadot ecosystem was attacked, resulting in losses of approximately $2.1 million. On February 9, Starlay Finance tweeted that preliminary analysis indicated the attack was due to exploitation of an error in liquidity index calculation, leading to unauthorized withdrawals.
On February 10, 2024, the blockchain gaming platform PlayDapp was attacked, with the hacker's address being added as a minter, minting 200 million PLA tokens (approximately $36.5 million). Shortly after the incident, PlayDapp sent a message to the hacker via on-chain transaction, requesting the return of the stolen funds and offering a $1 million white-hat reward, but negotiations ultimately failed. On February 12, PlayDapp was subjected to a second attack, with the hacker minting an additional 1.59 billion PLA tokens (approximately $253.9 million) and beginning to transfer them via cryptocurrency trading platforms. According to statistics, the hacker's attacks resulted in approximately $290 million in losses.
Duelbits
On February 14, 2024, the hot wallet of the cryptocurrency gambling platform Duelbits was attacked, resulting in losses of approximately $4.6 million. The suspected cause of the theft was private key leakage.
On February 17, 2024, according to on-chain data, the
cryptocurrency exchange
platform FixedFloat was attacked, resulting in losses of approximately $26.1 million worth of Bitcoin and Ethereum. FixedFloat clarified regarding the attack: “This hacking incident was an external attack caused by vulnerabilities in our security structure and was not carried out by employees. User funds were not affected by the 'external attack'.” On February 18, FixedFloat stated on Twitter: “We confirm that there was indeed a hacking attack and funds were stolen. We are not yet ready to make a public comment on this matter as we are working diligently to eliminate all potential vulnerabilities, enhance security, and conduct an investigation. Services of FixedFloat will be restored soon, and detailed information regarding this incident will be provided later.”On February 23, 2024, the Hong Kong-based cryptocurrency exchange BitForex was suspected of exiting operations (running away with investors' funds), as it closed access to its platform after approximately $56.5 million in suspicious funds outflows across multiple blockchains. On-chain investigator ZachXBT was the first to notice unusual withdrawals from the exchange. He pointed out that the exchange had ceased processing withdrawals and had not responded to customers. The company faced regulatory scrutiny in Japan in mid-2023 for operating without a license and was accused of inflating trading volumes. Its CEO resigned in January, promising that a new team would take over.
Among the 28 major security incidents in February, two projects (Blueberry Protocol and Seneca) collectively recovered approximately $6.38 million of stolen funds. The losses from a total of three incidents of private key leaks amounted to approximately $304 million, accounting for about 75% of the total losses in security events this month. Additionally, four incidents of contract vulnerabilities exploitation resulted in approximately $7.25 million in losses.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
South Korea: Upbit Investigated for Over 500,000 KYC Violations
MacBook Users with Intel Chips Urged to Update for Enhanced Security
Solana-Based Trading Terminal DEXX Hacked, Over $21M in User Losses
South Korea to Enforce 20% Crypto Tax in 2025 with Increased Exemption Limit
0.00