In July, the number of various security incidents and the losses caused by them increased explosively compared with June. There were more than 36 typical security incidents in July, and the total amount of losses caused by various security incidents was about 411 million US dollars (excluding the amount involved in virtual currency cases), an increase of about 321% compared with June. The Rug Pull resulted in losses of approximately US$20.65 million, more than five times the amount lost in the June Rug Pull. There was also an abnormal outflow of funds from MultiChain involving an amount of US$210 million.
This month, there have been many security incidents worth more than tens of millions of dollars: the cross-chain bridge MultiChain has an abnormal outflow of 210 million U.S. dollars; the old version of Vyper has multiple Curve pools being attacked due to vulnerabilities, resulting in a loss of 61.7 million U.S. dollars; Alphapo’s hot wallet was stolen 60 million US dollars; crypto payment service provider CoinsPaid was stolen for US$37.3 million; cross-chain protocol Poly Network was attacked, resulting in a loss of US$10.1 million. In addition, fraud and scammers have also occurred frequently this month, with the largest amount involved being the BALD project on the Base chain, with the deployer profiting approximately US$9.28 million.
#DeFiField
There were 16 typical security incidents , causing losses of approximately US$ 330.48 million.
① On July 2, the Aave fork project on the Pulse chain suffered a governance attack, resulting in a loss of approximately US$900,000.
② On July 2, the cross-chain protocol Poly Network was suspected of being attacked due to the leakage of private keys, resulting in a loss of approximately US$10.1 million.
③ Starting from July 7, a total of US$210 million has flowed out from the cross-chain bridge Multichain. On July 14th, according to the official Twitter, the outflow of funds was transferred by the family of the team CEO. CEO Zhao Jun was taken away by the Chinese police, and the Multichain team was forced to stop operations.
④ On July 8, the Civfund contract was attacked, resulting in a loss of approximately US$180,000.
⑤ On July 10, ArcadiaFi was attacked on two chains, Ethereum and Optimism, resulting in a loss of approximately US$450,000.
⑥ On July 11, Libertify suffered re-entry attacks on Polygon and Ethereum chains, resulting in losses of approximately US$450,000.
⑦ On July 11, Arbitrum’s ecological leveraged income protocol Rodeo Finance suffered a price manipulation attack, resulting in a loss of approximately US$880,000.
⑧ On July 12, WGPT on BNB Chain was attacked by a flash loan, resulting in a loss of approximately US$80,000.
⑨ On July 18, BNO on BNB Chain suffered a flash loan attack, resulting in a loss of approximately US$500,000.
⑩ On July 20, a series of airdrop() vulnerability attacks occurred on BNB Chain, involving FFIST, AI-Doge, QX, Utopia and other tokens, with a total loss of about 300,000 US dollars.
⑪ On July 21, Conic Finance suffered a re-entry attack, resulting in a loss of approximately US$3.2 million.
⑫ On July 22, Estonian crypto payment service provider CoinsPaid said it suffered an attack and $37.3 million worth of cryptocurrency was stolen.
⑬ On July 25, Palmswap on BNB Chain was attacked, resulting in a loss of approximately US$900,000.
⑭ On July 25, Eralend, the lending protocol on Zksync, suffered a flash loan attack, resulting in a loss of approximately US$3.4 million.
⑮ On July 27, Carson on BNB Chain was attacked, resulting in a loss of approximately US$140,000.
⑯ On July 30, due to the anti-reentry lock failure vulnerability in the old versions of Vyper 0.2.15, 0.2.16 and 0.3.0, multiple Curve pools were attacked by hackers. The pETH/ETH, msETH/ETH, alETH/ETH, and CRV/ETH pools lost a total of $61.7 million.
#cryptowalletarea
A typical security incident causes a loss of approximately US$ 60 million.
①The hot wallet of cryptocurrency payment service provider Alphapo was stolen, causing losses of US$60 million.
#fraud escape
There were 8 typical security incidents , causing losses of approximately US$ 20.65 million.
① On July 3, a Rug Pull occurred in the encryption project Encryption AI. The developer took away 2 million US dollars and posted an announcement on social media, claiming that he was "seriously addicted to gambling."
② On July 18, a Rug Pull occurred on GMETA on BSC, and the deployer made a profit of US$3.67 million.
③ On July 19, a Rug Pull occurred on the IPO token on BSC, and the deployer made a profit of US$480,000.
④ On July 20, a Rug Pull occurred on the Flashmall project on BSC, and the deployer made a profit of US$550,000.
⑤ On July 22, a Rug Pull occurred on the IEGT token on BSC, and the deployer made a profit of approximately US$1.14 million.
⑥ On July 28, DefiLabs on BNB Chain ran away, and the scammers made a profit of US$1.4 million. DeFiLabs claimed on Twitter that the platform “encountered unexpected issues” while “conducting maintenance and updates.”
⑦ On July 29, a Rug Pull occurred on the zkSync Era revenue aggregator protocol Kannagi Finance, involving an amount of approximately US$2.13 million.
⑧ On July 31, a rug pull occurred on the BALD project on the Base chain, and the deployer made a profit of approximately 5,000 ETH (approximately US$9.28 million).
#encryption case
11 typical security incidents
① On July 18, the Public Security Bureau of Qinshui County, Jincheng City, Shanxi Province successfully uncovered a fraud case involving the use of USDT for money laundering. After investigation, it was found that since October 2021, the criminal Zhou has established a USDT over-the-counter trading group, purchased USDT at a low price, and sold it at a high price through WeChat groups and running sub-platforms to realize it, helping criminals who use information to trade between USDT and RMB. Make payment and settlement between them, and make illegal profits from it. After investigation, the gang helped relevant criminals pay and settle more than 54.8 million USDT, equivalent to about 380 million yuan.
② The Honghuagang Public Security Bureau of Zunyi City, Guizhou Province is targeting new crimes such as telecommunications networks. Recently, the provincial and urban public security organs worked together to successfully destroy a money laundering group that used the virtual currency U coin to trade, arrested 20 criminal suspects, seized 118 criminal mobile phones, 3 criminal computers, and 32 bank cards. The amount involved was as high as 38 million yuan. .
③ On July 9, the Public Security Bureau of Laohekou City, Hubei Province took advantage of multiple police forces to take down a den of a criminal gang specializing in defrauding foreigners. A total of 5 suspects involved in the case were arrested and 8 computers and 15 mobile phones were seized. The Ministry investigated and dealt with illegal profits of more than 1.7 million yuan.
④Qiu Moumou and others, the main culprits in the “first virtual currency case” in the country, have been sent to trial in accordance with the law. It is reported that the case was found to be a cross-border online gambling case during the investigation. The amount involved in the case amounted to 400 billion yuan. There were more than 50,000 people involved in the case. The server was set up outside the country. The main backbone of the case is outside the country. From 2021 to 2022, the local police successively arrested the relevant persons involved in the case. In December 2022, three main suspects hiding abroad were arrested and then deported back to the country. In June 2023, the principal culprit Qiu Moumou and others were transferred to the Shayang County People's Court by the Shayang County People's Procuratorate in accordance with the law, and the case entered the court hearing stage. At this point, the country’s “first virtual currency case” has finally come to an end thanks to the efforts of the task force.
⑤ Two British cryptocurrency investment fraudsters were sentenced to more than 6 years in prison. The scam revolves around a fictitious cryptocurrency called “Telecoin.” The two orchestrated a fraudulent sales scam. Operating under the guise of a company called Digi Ex, they targeted potential investors with cold calls, convincing them to commit money in exchange for digital assets that didn't even exist. Between 2015 and 2017, £509,599 was deposited into Digi Ex accounts, of which £409,493 can be traced back to payments made by investors. The investigation found that Jay and Freckleton took advantage of the appeal of the nascent cryptocurrency market, used deceptive methods to lure victims and misappropriated their funds for personal enrichment, while providing no legitimate investment services.
⑥According to related reports, several core members of a well-known domestic DAO organization were arrested in many places in China at the same time. Criminal DAO organization.
⑦According to related reports, a criminal gang composed of 12 people was sentenced at the Cardiff Crown Crown Court in the United Kingdom on charges of selling more than 40 kilograms of cocaine as well as MDMA, ketamine and other Class A drugs, and the team was accused of relying on the family members of the imprisoned members He and his friends laundered money through Coinbase, involving a total amount of 4.6 million pounds ($5.2 million). A British court has sentenced the criminal gang to a total of 88 years in prison.
⑧ According to news on July 11, the U.S. Department of Justice announced the first criminal case involving an attack on smart contracts running on DEX. Shakeeb Ahmed, a senior security engineer at an international technology company, used his expertise to defraud the exchange and its users, stealing approximately $9 million in cryptocurrency.
⑨ News on July 18, Eddy Alexandr, founder of the New York encryption trading platform EminiFX, was sentenced to nine years in prison for defrauding more than 25,000 investors on the EminiFX trading platform, amounting to more than 248 million US dollars.
⑩ On July 25th, the U.S. Commodity Futures Trading Commission (CFTC) filed charges against Tennessee couple Michael and Amanda Griffis, who allegedly defrauded more than 100 people through a digital asset commodity pool called "Blessings of God Thru Crypto", Raised over $6 million.
⑪ According to news on July 25, South Korean prosecutors prosecuted 49 people suspected of virtual asset speculation, because they used virtual asset speculation to obtain 390 billion won (about 304 million U.S. dollars) in improper profits.