The blockchain industry faced significant security challenges in February 2024, as reported by OKLink in a recent review. The cumulative losses across the network approximated a staggering $103 million USD, with phishing scams contributing to 11.76% of these losses, according to the OKLink Security Incident Review.
The report highlighted that official social media accounts experienced 37 scams and phishing incidents, mainly concentrated on platforms like Twitter and Discord. These security breaches underscore the persistent threat of cyberattacks within the crypto space.
The most substantial REKT incident in February occurred when the staking protocol senecaUSD was exploited due to a code logic flaw, resulting in a loss of about $6.5 million USD. The attacker has since returned assets worth approximately $5.3 million USD. Additionally, the Shido project suffered a RugPull on February 29, 2024, leading to a loss of around $2.1 million USD.
Other notable incidents included compromised keys and social engineering attacks. The Lightning Network project FixedFloat fell victim to a suspected private key leak, leading to the theft of around $21 million USD in BTC and $4.8 million USD in ETH. These incidents represent a small portion of the multifaceted security challenges faced by the blockchain industry.
OKLink's security experts advise that numerous hot wallets were compromised this month due to private key leaks, and project permissions were overtaken. While the losses from phishing, REKT, and RugPull events have declined compared to the previous month, the magnitude of the damage inflicted continues to be a cause for concern among users and investors.
The experts recommend that project developers conduct extensive testing and smart contract audits before launching, and manage project-related private keys with robust process controls to deter potential exploits. For users participating in Web3 projects, due diligence on the projects' authenticity and reliability is essential, along with an increased ability to identify phishing websites and risky projects to mitigate investment risks.
The report also notes an incident involving PlayDapp, which suffered a book loss of $290 million USD in PLA tokens. The actual liquidity, however, did not support cashing out of such a large amount, and chain analysis revealed that the actual profits were considerably smaller (in the hundreds of thousands of USD) and difficult to accurately estimate. Therefore, only the initial $31 million USD loss was included in the statistics.
The OKLink review serves as a crucial reminder of the vulnerabilities in the crypto ecosystem and the importance of enhanced security measures and investor education to safeguard against such threats.
Image source: Shutterstock