Web3 encryption Security Data Report: Beware of Phishing in Bull Market Returns

BTC has once again broken through its all-time high, approaching $99,000 and nearing the $100,000 mark. Looking back at historical data, during the bull run, the Web3 sector saw a surge in scams and phishing activities, resulting in a total loss of over $350 million. Analysis shows that hackers primarily targeted the Ethereum network, with stablecoins being the main objective. Based on historical transactions and phishing data, we have conducted in-depth research on attack methods, target selection, and success rates.

encryption security ecosystem map

We have subdivided the encryption security ecosystem project in 2024. In the field of Smart Contract audit, there are veteran participants such as Halborn, Quantstamp, and OpenZeppelin. Smart Contract vulnerabilities are still one of the main attack vectors in the encryption field, and projects that provide comprehensive code review and security assessment services have their own strengths and weaknesses.

The security monitoring section of Decentralized Finance has professional tools such as Decentralized FinanceSafety and Assure Decentralized Finance, specifically for real-time threat detection and prevention of Decentralization financial protocol. It is worth noting the emergence of AI-driven security solutions.

Recently, MEME trading has been very hot, and security check tools like Rugcheck and Honeypot.is can help traders identify some issues in advance.

USDT is the most stolen asset

According to bitsCrunch data, attacks based on Ethereum (ETH) account for about 75% of all attack events. USDT is the most attacked asset, with a theft amount of 112 million US dollars. The average value of each USDT attack is about 4.7 million US dollars. The second most affected asset is ETH, with a loss of about 66.6 million US dollars, followed by DAI, with a loss of 42.2 million US dollars.

It's worth noting that tokens with lower Market Caps are also receiving a very high volume of attacks, suggesting that attackers are looking for opportunities to steal less secure assets. The largest incident was a sophisticated fraud attack that occurred on August 1, 2023, resulting in a $20.1 million loss.

Polygon is the second target chain for attackers

Although Ethereum occupies a dominant position in all phishing incidents, accounting for 80% of the phishing volume, other on-chain Blocks have also observed theft activities. Polygon has become the second largest target chain, accounting for approximately 18% of the volume. Theft activities are often closely related to on-chain TVL and daily active users, and attackers will make judgments based on Liquidity and user activity.

Time Analysis and Attack Evolution

The attack frequency and scale have different patterns. According to bitsCrunch data, 2023 is the year with the highest concentration of high-value attacks, with multiple incidents worth over 5 million dollars. At the same time, the complexity of attacks has gradually evolved from simple direct transfers to more complex approval-based attacks. The average time between major attacks (>1 million dollars) is about 12 days, mainly concentrated around major market events and before and after the release of new protocols.

Phishing attack type Token transfer attack

Token transfer is the most direct method of attack. Attackers manipulate users to transfer their Tokens directly to an account controlled by the attacker. According to bitsCrunch data, the value of such attacks is often very high, using user trust, fake pages, and fraudulent rhetoric to persuade victims to initiate Token transfers voluntarily.

These types of attacks typically follow the following pattern: by using similar domain names, completely imitating some well-known websites to build trust, while creating a sense of urgency during user interaction, and providing seemingly legitimate Token transfer instructions. Our analysis shows that the average success rate of such direct Token transfer attacks is 62%.

Approve Phishing

Approval Phishing primarily exploits the interaction mechanism of Smart Contracts, which is a technically more complex attack method. In this approach, attackers deceive users into providing transaction approval, thereby granting them unlimited spending rights to specific Tokens. Unlike direct transfers, Approval Phishing creates long-term vulnerabilities, gradually depleting the funds of the victims.

FalseTokenAddress

Address poisoning is a comprehensive and multifaceted attack strategy, in which attackers use tokens with the same name as legitimate tokens but with different addresses to create transactions. These attacks exploit users' negligence in checking addresses, thereby gaining profits.

Non-fungible Token Zero Purchase

Zero-cost Phishing is a type of attack specifically aimed at the digital art and collectibles market of the Non-fungible Token ecosystem. Attackers manipulate users into signing transactions, causing a significant drop in price or even selling their highly valuable Non-fungible Tokens for free.

During our analysis, we discovered 22 significant Non-fungible Token zero-purchase Phishing incidents, with an average loss of $378,000 per incident. These attacks exploit the inherent transaction signing process in the Non-fungible Token market.

Stolen Wallet Distribution

The data in this chart reveals the distribution pattern of stolen Wallets in different transaction price ranges. We found a clear inverse relationship between transaction value and the number of affected Wallets - as the price increases, the number of affected Wallets decreases.

The wallets with the highest number of victims are those with transaction amounts between $500 and $1000, accounting for more than one third, with approximately 3,750 wallets affected. Victims of smaller transactions often do not pay attention to details. The number of wallets affected decreases to 2,140 for transactions between $1000 and $1500. Transactions above $3000 only account for 13.5% of the total number of attacks. It can be seen that the larger the amount, the stronger the security measures, or the more cautious the victims are when dealing with larger amounts.

By analyzing the data, we reveal the complex and evolving attack methods in the cryptocurrency ecosystem. With the bull run approaching, the frequency of complex attacks will increase, and the average losses will also be larger, which will have a significant impact on the project party and investors' economy. Therefore, not only does the blockchain network need to strengthen security measures, but we also need to pay more attention to prevent phishing incidents when trading.