Web3 Security Report: Bull Run Approaches, Beware of Encryption Asset Theft

Recently, the price of Bitcoin has reached a new high, approaching the $100,000 mark. However, historical data shows that during the encryption bull run, scams and phishing activities in the Web3 space have been rampant, resulting in total losses exceeding $350 million. Analysis indicates that hackers primarily target the Ethereum network, with stablecoins being the primary target. This article will delve into the data regarding attack methods, target selection, and success rates.

Encryption Security Ecosystem Overview

The 2024 encryption security ecosystem projects cover multiple areas. In the field of smart contract auditing, several well-known institutions provide comprehensive code review and security assessment services. In the DeFi security monitoring sector, real-time threat detection tools specifically targeting decentralized financial protocols have emerged. Notably, AI-driven security solutions are on the rise.

With the booming trading of Meme tokens, some security checking tools can help traders identify potential risks in advance.

USDT has become the most stolen asset

Data shows that attacks on the Ethereum network account for about 75% of all incidents. USDT is the most severely attacked asset, with a total theft amount of 112 million USD, averaging a loss of about 4.7 million USD per attack. The second is ETH, with a loss of about 66.6 million USD, and the third is DAI, with a loss of 42.2 million USD.

It is worth noting that some lower market cap tokens have also suffered significant attacks, indicating that attackers tend to target assets with weaker security. The largest single incident occurred on August 1, 2023, involving a complex fraud attack that resulted in a loss of $20.1 million.

Polygon Becomes the Second Largest Target Chain

Despite Ethereum dominating all phishing incidents, accounting for about 80% of the trading volume, other blockchains have also experienced theft activities. Polygon has become the second largest target of attacks, with a trading volume of about 18%. Generally, theft activities are closely related to the total value locked (TVL) on-chain and the number of daily active users, with attackers making judgments based on liquidity and user activity.

Attack Time Analysis and Evolution Trends

The frequency and scale of attacks show different patterns. The year 2023 has been the most concentrated year for high-value attacks, with multiple incidents losing over 5 million dollars. At the same time, attack methods have gradually evolved from simple direct transfers to more complex approval-based attacks. The average interval between major attacks (losses exceeding 1 million dollars) is about 12 days, mainly concentrated around significant market events and the release of new protocols.

Main Types of Phishing Attacks

token transfer attack

This is the most direct attack method. The attacker induces the user to transfer tokens directly to an account under their control. Such attacks typically involve a single transaction of high value, leveraging user trust and persuading victims to voluntarily initiate the transfer through fake pages and scam rhetoric. The average success rate for this type of direct token transfer attack is about 62%.

approve phishing

This is a technically complex attack method that utilizes the interaction mechanism of smart contracts. The attacker deceives users into providing transaction approvals, thereby gaining unlimited consumption rights for specific tokens. Unlike direct transfers, this method creates long-term vulnerabilities, allowing the attacker to gradually deplete the victim's funds.

fake token address

This attack strategy combines multiple methods. The attacker creates transactions using tokens that have the same name as legitimate tokens but different addresses. This type of attack exploits users' negligence in checking addresses to gain profits.

NFT zero-cost purchase

This type of attack specifically targets the NFT market. Attackers manipulate users into signing transactions, causing their high-value NFTs to be sold at extremely low or even zero prices. During the research period, 22 significant zero-purchase incidents of NFTs were discovered, with an average loss of $378,000 per incident. These attacks exploit vulnerabilities in the transaction signature process inherent to the NFT market.

Victim Wallet Distribution Analysis

Data shows that there is a clear inverse relationship between transaction value and the number of affected wallets. The number of victim wallets for transactions between 500-1000 dollars is the highest, around 3750, accounting for more than one-third. This may be because users pay less attention to details during small transactions. The number of victim wallets in the range of 1000-1500 dollars drops to 2140. Transactions over 3000 dollars only account for 13.5% of the total attacks. This indicates that the larger the transaction amount, the stricter the security measures users may take, or they consider more thoroughly when it involves large transactions.

As the cryptocurrency market enters a bull run, the frequency of complex attacks and average losses are expected to increase, which will also amplify the economic impact on project parties and investors. Therefore, blockchain networks need to continuously strengthen security measures, and users should remain highly vigilant during transactions to prevent becoming victims of phishing attacks.