温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/id/37639.html
点击访问原文链接

A review of the top ten most influential Web3 attacks in 2024 | Bee Network

进入原网站 导航首页
A review of the top ten most influential Web3 attacks in 2024 | Bee Network Login Berita Trending Meme Launchpad Agen AI DeSci Penjelajah Rantai Atas Untuk Newbee 100x Koin Permainan Lebah Situs Web Penting APLIKASI yang Harus Dimiliki Selebriti Kripto DePIN Pemula Penting Detektor Perangkap Alat Dasar Situs Web Tingkat Lanjut Pertukaran Alat NFT Hai, Keluar Alam Semesta Web3 permainan DApp Sarang lebah Platform Berkembang IKLAN Mencari Bahasa inggris Isi Ulang Koin Gabung Unduh Universitas Web3 permainan DApp Sarang lebah IKLAN rumah-Analisis-Teks utama A review of the top ten most influential Web3 attacks in 2024Analisis1 tahun yang lalu (2024)更新Wyatt 41,4092 99 Sumber asli: Beosin

In 2024, the blockchain industry is facing increasingly severe security challenges while innovating technology and expanding its ecosystem. According to the Alert platform of security audit company Beosin, as of press time, the total losses in the Web3 field in 2024 due to hacker attacks, phishing scams and project party Rug Pulls reached US$2.491 billion.
These incidents not only exposed technical defects such as private key management and smart contract vulnerabilities, but also highlighted the potential risks of social engineering and internal management. This article will review the top ten Web3 security incidents in 2024 to help the industry learn lessons from them and better deal with future security threats.

No.1 Bitcoin DMM
Amount of loss: $304 million

Attack method: private key leakage

On May 31, 2024, DMM Bitcoin, a long-established kriptocurrency exchange in Japan, suffered a historic attack. The attacker used the leaked private key to directly transfer more than $300 million worth of Bitcoin and quickly dispersed the stolen funds to more than 10 different addresses. This attack exposed DMM Bitcoins serious deficiencies in private key management and multi-layer security protection. Although the exchange tried to track the hacker through on-chain monitoring and freezing funds, the stolen Bitcoin was dispersed and transferred and cleaned using mixing tools, which brought great challenges to tracking.

On December 24, Japanese police determined that the DMM Bitcoin theft was the work of the North Korean hacker group Lazarus Group. For a detailed analysis of Lazarus Groups past attacks and fund laundering, please read The Most Bold Cryptocurrency Theft Gang in History, Analysis of Money Laundering by the Hacker Group Lazarus Group .

No.2 PlayDapp

Amount of loss: $290 million

Attack method: private key leakage

On February 9, 2024, PlayDapp suffered a heavy blow. Hackers minted 2 billion PLA tokens with an initial value of $36.5 million by stealing private keys . As negotiations between the project and the hackers failed, the hackers further minted 15.9 billion PLA tokens worth $253.9 million in a short period of time. After some of these tokens flowed into the Gate exchange, PlayDapp was forced to suspend the PLA contract and migrate to the PDA token contract. This incident highlights the shortcomings of blockchain projects in private key protection Dan incident emergency response .

No.3 WazirX Amount of loss: $235 million

Attack methods: Cyber attacks and phishing

On July 18, 2024, the Safe Wallet multi-signature wallet of WazirX, Indias largest cryptocurrency exchange, was precisely attacked by hackers. The attacker used social engineering to induce the multi-signature signer to sign a contract upgrade transaction, and then used the upgraded contract permissions to transfer all the assets in the wallet. This case highlights the potential risks of multi-signature wallets in terms of management authority configuration and operational transparency, and has also triggered in-depth reflection within the industry on the internal risk control and security mechanisms of the project.

For a detailed analysis of the incident and fund tracking, please read Beosin | Analysis of the $235 million theft from Indian exchange WazirX .

No.4 Gala Games Amount of loss: $216 million

Attack method: Access control vulnerability

On May 20, 2024, a privileged address of Gala Games was hacked. The attacker minted 5 billion GALA tokens at one time by calling the mint function in the token contract. Subsequently, the hacker exchanged the additional tokens for ETH in batches, directly causing a loss of 216 million US dollars. After the incident, the Gala Games team urgently activated the blacklist function to block some hacker accounts and recovered the losses through legal channels.

No.5 Chris Larsen (Ripples co-founder) Amount of loss: $112 million

Attack method: private key leakage

On January 31, 2024, four personal wallets of Chris Larsen, co-founder of Ripple, were hacked, resulting in the theft of $112 million in XRP. These wallets were suspected to have become targets of attack due to the lack of dual protection of hardware devices. After the incident, Binance successfully froze $4.2 million worth of XRP and assisted Larsen in tracking the stolen assets, but most of the funds had been laundered through decentralized exchanges and currency mixing services.

No.6 Munchables Amount of loss: $62.5 million

Attack method: social engineering attack

On March 26, 2024, Munchables, a Web3 game platform based on Blast, suffered a rare internal penetration attack. The attacker was a North Korean hacker disguised as a blockchain developer, who obtained the core code and sensitive keys through long-term lurking. Although the attack caused huge losses, due to pressure from the community and the team, the hacker eventually returned all the stolen funds. This incident reveals the importance of supply chain security, especially for blockchain projects that rely on third-party development.

No.7 BtcTurk Amount of loss: $55 million

Attack method: private key leakage

On June 22, 2024, Turkeys largest cryptocurrency exchange, BtcTurk, was attacked by a private key leak, losing more than $55 million in crypto assets. With the assistance of the Binance team, $5.3 million of the stolen funds were successfully frozen, but other assets have not yet been recovered. This incident has deepened the markets concerns about the private key management of centralized exchanges.

BtcTurk officially releases an attack announcement

No.8 Radiant Capital Amount of loss: $53 million

Attack method: private key leakage

On October 17, 2024, Radiant Capitals multi-signature wallet was hacked. Because it adopted a low-threshold 3/11 signature verification mode, the hacker initiated an off-chain signature by mastering the private keys of three signers, transferred the ownership of the wallet contract to a malicious address, and ultimately led to the theft of $53 million. This attack triggered an industry reflection on the design and governance mechanism of multi-signature wallets.

Before this attack, Radiant Capital lost $4.5 million due to a contract vulnerability , and more than 1,900 ETH were stolen. Web3 project owners still need to pay more attention to security.

No.9 Hedgey Finance Amount of loss: $44.7 million

Attack method: Contract vulnerability

On April 19, 2024, Hedgey Finance suffered an attack on multiple on-chain contracts. Hackers exploited the approval vulnerability of its ClaimCampaigns contract and successfully extracted tokens on both Ethereum and Arbitrum chains, with a total loss of $44.7 million. This incident shows the importance of code auditing, especially the strict verification of token approval logic.

No.10 BingX Amount of loss: $44.7 million

Attack method: private key leakage

On September 19, 2024, the hot wallet of BingX exchange was hacked, involving multiple public chains including Ethereum, BNB Chain, Tron, etc. Although the exchange quickly launched the asset transfer and withdrawal freezing mechanism, the hacker successfully withdrew assets worth 44.7 million US dollars. This attack reflects the high risk of hot wallet management of centralized exchanges and further promotes the industry to explore safer asset storage solutions.

The frequent security attacks in 2024 remind us again that the development of the blockchain industry cannot be separated from the escort of security. From private key leaks to contract loopholes, from internal management omissions to the escalation of external attack methods, each incident has brought profound lessons. In order to cope with the increasingly complex attack threats, all parties in the industry need to continue to increase investment in technology research and development, management standards and risk prevention and control. In the future, we look forward to jointly building a more secure blockchain ecosystem through industry collaboration and technological innovation, and providing more reliable protection for users and investors.

This article is sourced from the internet: A review of the top ten most influential Web3 attacks in 2024

Related: Analysis of daos.fun: Can the sudden popularity of ai16z recreate the myth of pump.fun? Original | Odaily Planet Daily ( @OdailyChina ) Author: Azuma ( @azuma_eth ) The rise of ai16z has boosted the popularity of meme fund startup platform daos.fun. Odaily Note: For detailed information about ai16z , please see Inventory of the Hottest Meme Concepts: AI, Artists, Zoos and Minecraft . Protocol Principle daos.fun is positioned as a Solana-based meme fund launch platform, and the fund launched based on this platform will operate in the form of a DAO and issue corresponding DAO tokens (for example, ai16z is the DAO token of the fund). The operation mode of daos.fun imitates the start-up mode of conventional funds, which can be divided into three stages: fundraising, operation and redemption. Fundraising Stage The first is the fundraising stage, during which the initiator of the fund…

Analisis ## bitcoin# kriptoDefinisi ## ethereumPertukaran #Pasar ## TandaAlat ## web3© 版权声明Array 上一篇 AAVE mencapai level tertinggi baru lagi? Chainlink diharapkan dapat meningkatkan pendapatan hingga puluhan juta dolar per tahun 下一篇 Delphi Digital 2025 Outlook: Bitcoin still has huge potential, and stablecoins will continue to grow 相关文章 Dragonfly Managing Partner Haseeb: The 3 Top Crypto Investors in My Eyes 6086cf14eb90bc67ca4fc62b 11,366 Is MicroStrategy just one step away from being included in the Nasdaq 100? 6086cf14eb90bc67ca4fc62b 39,994 1 24-Hour Hot Cryptocurrencies and News | Trump says some economic policies have not yet taken effect, midterm election results remain uncertain; negotiations on the US crypto market structure bill continue, possibly delayed until January (December 15). 6086cf14eb90bc67ca4fc62b 17,821 The Black Swan Revealed: The Real Reason Behind This Bitcoin Plunge 6086cf14eb90bc67ca4fc62b 7,877 Ledakan RWA Ethereum: perubahan peraturan dan mesin pertumbuhan baru 6086cf14eb90bc67ca4fc62b 29,605 2 Weekly Token Unlocks: RIVER to Unlock Nearly 8% of Circulating Supply 6086cf14eb90bc67ca4fc62b 11,334 1 2 komentar Anda harus login untuk meninggalkan komentar! Segera masuk #BeelieverTYRDVMI Tamu I was scammed on Coinyee in a Bitcoin investment totaling over $500k. However, I was able to recover my funds with the help of  www.BsbForensic.com They are one of the rare and trustworthy services out there.

11 bulan yang lalu #ranaqamar Tamu Super

1 tahun yang lalu (2024) Bee.com Portal Web3 terbesar di dunia Mitra KoinCarp binance KoinMarketCap KoinGecko hidup koin Armor Unduh Aplikasi Bee Network dan mulai perjalanan web3 Kertas putih Peran Pertanyaan Umum © 2021-2026. Semua Hak Cipta Dilindungi Undang-Undang. Kebijakan pribadi | Ketentuan Layanan Unduh Aplikasi Jaringan Lebah dan memulai perjalanan web3 Portal Web3 terbesar di dunia Mitra CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors Kertas putih Peran Pertanyaan Umum © 2021-2026. Semua Hak Cipta Dilindungi Undang-Undang. Kebijakan pribadi | Ketentuan Layanan Mencari MencariDi dalam SitusDi RantaiSosialBerita 热门推荐: Pemburu Airdrop Analisis data Selebriti Kripto Detektor Perangkap Bahasa Indonesia English 繁體中文 简体中文 日本語 Tiếng Việt العربية 한국어 हिन्दी اردو Русский Bahasa Indonesia

智能索引记录