Web3 encryption security report: bull run risk warning

Bitcoin has recently set a new historical high, approaching the 100,000 USD mark. Historical data shows that during a bull run, fraud and phishing activities in the Web3 space are rampant, resulting in total losses exceeding 350 million USD. Analysis indicates that hackers primarily target the Ethereum network, with stablecoins being the main target. Based on historical transaction and phishing data, we conducted an in-depth study of attack methods, target selection, and success rates.

Encryption Security Ecosystem Overview

The blockchain security ecosystem projects in 2024 can be divided into several main areas. In the field of smart contract auditing, there are some experienced participants providing comprehensive code review and security assessment services. In the DeFi security monitoring area, there are real-time threat detection and prevention tools specifically targeting decentralized finance protocols. It is worth noting that AI-driven security solutions are gradually emerging.

The recent popularity of meme token trading has also led to the emergence of some security inspection tools to help traders identify potential risks in advance.

USDT has become the most stolen asset

Data shows that attacks on the Ethereum network account for about 75% of all incidents. USDT is the most attacked asset, with a stolen amount of 112 million USD, averaging a loss of about 4.7 million USD per attack. Next is ETH, with a loss of about 66.6 million USD, and third is DAI, with a loss of 42.2 million USD.

It is worth noting that some lower market cap tokens have also suffered significant attacks, indicating that hackers target assets with lower security. The largest single incident occurred on August 1, 2023, and was a complex fraud attack that resulted in a loss of 20.1 million dollars.

Polygon has become the second most attacked network

Although Ethereum dominates all phishing incidents, accounting for 80% of the transaction volume, other blockchains have also seen theft activities. Polygon has become the second largest target network, with transaction volume accounting for about 18%. Theft activities are often closely related to the total locked value ( TVL ) and the number of daily active users, with attackers making judgments based on liquidity and user activity.

Attack Time Analysis and Evolution Trends

The frequency and scale of attacks show different patterns. The year 2023 has been the most concentrated year for high-value attacks, with multiple incidents resulting in losses exceeding 5 million dollars. At the same time, attack methods have gradually evolved from simple direct transfers to more complex authorization-based attacks. The average interval between significant attacks (with losses exceeding 1 million dollars) is about 12 days, mainly focused around important market events and the launch of new protocols.

Main Types of Phishing Attacks

direct transfer of tokens

This is the most direct form of attack. Hackers induce users to transfer tokens directly to accounts they control. Data shows that the single loss from such attacks is often very high, leveraging user trust, fake pages, and deceptive language to persuade victims to voluntarily initiate the transfer.

This type of attack typically follows the following pattern: completely replicating well-known websites through similar domain names to establish trust, while creating a sense of urgency during user interactions and providing seemingly reasonable transfer instructions. Analysis shows that the average success rate of such direct transfer attacks is 62%.

authorization phishing

Authorization phishing mainly utilizes the interaction mechanism of smart contracts, which is a technically complex method of attack. Attackers trick users into granting unlimited control over specific tokens. Unlike direct transfers, authorization phishing can cause long-term vulnerabilities, allowing attackers to gradually deplete the victim's funds.

fake token address

Address poisoning is a comprehensive attack strategy where attackers create transactions using tokens that have the same name as legitimate tokens but different addresses. This type of attack exploits users' negligence in checking addresses to profit.

NFT zero-cost purchase

Zero-dollar purchase fishing specifically targets the digital art and collectibles market within the NFT ecosystem. Attackers induce users to sign transactions, resulting in their high-value NFTs being sold at extremely low or even zero prices.

During the research period, 22 major NFT zero-cost phishing incidents were discovered, with an average loss of $378,000 per incident. These attacks exploited vulnerabilities in the transaction signature process inherent to the NFT market.

Analysis of Stolen Wallet Distribution

The data reveals the distribution pattern of stolen wallets across different transaction price ranges. A clear inverse relationship is found between the transaction value and the number of affected wallets— as the price rises, the number of affected wallets gradually decreases.

The number of victim wallets in the transaction range of 500-1000 dollars is the highest, with about 3,750, accounting for more than one-third. Victims in small transactions often pay less attention to details. The number of victim wallets in the 1000-1500 dollar range drops to 2,140. Transactions above 3000 dollars account for only 13.5% of the total attacks. This indicates that the larger the transaction amount, the stricter the security measures may be, or users may be more cautious when involved in large transactions.

Overall, this data reveals the complex and evolving attack patterns within the cryptocurrency ecosystem. As the bull run approaches, the frequency of complex attacks and the average losses may increase, leading to a greater economic impact on projects and investors. Therefore, not only do blockchain networks need to strengthen security measures, but users must also be particularly vigilant during transactions to prevent security incidents such as phishing.