In the second quarter (Q2), phishing attacks caused about $490 million in losses, much more than the nearly $70 million lost to smart contract hacks.
Li.Fi Protocol, an API facilitating Ethereum Virtual Machine (EVM) and Solana (SOL) transactions, recently faced a significant attack that resulted in cybercriminals stealing over $8 million in cryptocurrencies. Cyvers Alerts, a cybersecurity firm, detected suspicious transactions associated with the address ‘0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae’ and promptly advised users to revoke permissions for this address to prevent further losses.
π¨ALERTπ¨@lifiprotocol, Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed
We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
More than $8M have been drained so far from users and mostly stablecoins!β¦ pic.twitter.com/zsj9DZWnpU
— π¨ Cyvers Alerts π¨ (@CyversAlerts) July 16, 2024
Following the breach, Li.Fi Protocol issued a warning urging users to refrain from using Li.Fi-powered applications until the investigation is complete. They assured users who did not grant unlimited access that their funds were safe.
In another alarming incident, Dough Finance, a decentralized finance (DeFi) platform, fell victim to a flash loan attack, resulting in the loss of $1.8 million worth of Ether (ETH). The attacker utilized Railgun, a zero-knowledge protocol, to exploit vulnerabilities and abscond with USD Coin (USDC).
Crypto Thefts Exceed $1.4B in 2024
Cyvers’ mid-year Web3 security report for 2024 revealed a staggering $1.4 billion in crypto thefts, primarily targeting centralized exchanges. In the second quarter alone, losses exceeded $600 million, marking a significant 100% increase from the previous year. Centralized exchanges experienced a dramatic 900% surge in losses.
Among the notable breaches highlighted in the report was the DMM Bitcoin attack, where a Japanese exchange suffered a devastating $304 million loss of Bitcoin. The report underscored a shift in attack strategies, with DeFi platforms demonstrating improved defenses while centralized exchanges remained vulnerable due to high asset concentrations and varying security measures.
Cyvers emphasized that phishing attacks were the most lucrative for hackers in Q2, amounting to approximately $490 million in losses. This amount starkly contrasted with losses from smart contract hacks, which totaled nearly $70 million during the same period.
Despite swift action by DeFi platforms to freeze compromised contracts and mitigate losses, Cyvers cautioned about ongoing risks. Hackers continue to exploit weaknesses in complex smart contracts and cross-chain connections, as evidenced by incidents like the $1.44 million loss resulting from the XBridge attack in April.
In summary, the cryptocurrency landscape in 2024 has been marred by significant security breaches, highlighting the urgent need for enhanced cybersecurity measures across decentralized and centralized platforms alike.