Author: SlowMist AML Team
For the full content, please see here
I. Overview
In 2024, the blockchain industry advanced amid the clash between security and innovation. Against this backdrop, this report reviews the key regulatory compliance policies and anti-money laundering dynamics in the blockchain industry in 2024, summarizes the blockchain security incidents in 2024, and analyzes typical fraud methods. In addition, we have invited the Web3 anti-fraud platform ScamSniffer to write about phishing Wallet Drainers, and we have also analyzed and statistically analyzed the money laundering methods and profits of North Korean hackers. We hope this report will provide readers with useful information, help practitioners and users better understand the current state of blockchain security and solutions, and contribute to the secure development of the blockchain ecosystem.
II. Blockchain Security Landscape
According to the SlowMist Hacked blockchain hacking incident database, there were 410 security incidents in 2024, with a total loss of $2.013 billion. Compared to 2023 (464 incidents, about $2.486 billion in losses), the loss decreased by 19.02% year-on-year.
Note: The data in this report is based on the token prices at the time of the incidents, and the actual losses should be higher than the statistical results due to factors such as price fluctuations and the fact that some unreported losses are not included in the statistics.
(https://hacked.slowmist.io/statistics/?c=all&d=2024)
Overview of Blockchain Security Incidents
From the project track perspective, DeFi is still the most frequently attacked area. In 2024, there were 339 DeFi security incidents, accounting for 82.68% of the total security incidents, with a loss of $1.029 billion. Compared to 2023 (282 incidents, about $773 million in losses), the loss increased by 33.12% year-on-year.
(Distribution and losses of security incidents in various tracks in 2024)
(Comparison of the distribution and losses of DeFi security incidents in 2023 and 2024)
From the ecosystem perspective, Ethereum suffered the highest loss, reaching $465 million. The second highest was BSC, reaching $87.35 million.
(Distribution and losses of security incidents in various ecosystems in 2024)
From the perspective of incident causes, security incidents caused by contract vulnerabilities were the most, reaching 99 incidents, resulting in a loss of about $214 million. The second most were security incidents caused by account hacking.
(Attack methods of security incidents in 2024)
Typical Attack Incidents
This section selects the Top 10 security attack incidents with the highest losses in 2024. For details, please refer to the PDF file at the end of the report.
(Top 10 security attack incidents with the highest losses in 2024)
Rug Pull
Rug Pull is a scam in which the malicious project party hypes up and attracts users to invest, and then "pulls the rug" and runs away with the funds when the timing is right. According to the SlowMist Hacked blockchain hacking incident database, there were 58 Rug Pull incidents in 2024, resulting in a loss of about $106 million. Among them, the zkSync ecosystem suffered the highest loss of $36.95 million, and the BSC ecosystem had the most runaway incidents, reaching 28.
(Top 10 runaway incidents with the highest losses in 2024)
(Distribution and losses of runaway incidents in various ecosystems in 2024)
With the advent of the Meme coin craze, many users, driven by speculation and FOMO, have ignored the potential risks. Some issuers do not even need to describe their vision or provide a whitepaper to users, but can hype up and attract users to buy tokens just with a concept or slogan. The low cost of malicious behavior has led to a proliferation of runaway incidents. After users' funds are "rugged" by malicious project parties, they often face a long and difficult process of recovery. In this regard, the SlowMist security team suggests that users should fully understand the background and team information of the project before participating, and carefully choose investment projects to avoid potential risks.
Phishing
Note: This section focuses on the analysis of Wallet Drainer attacks on EVM-compatible chains, written by ScamSniffer, and we express our gratitude.
Wallet Drainer is an attack deployed on phishing websites that induces users to sign malicious transactions to steal crypto assets. In 2024, such attacks caused a loss of about $494 million, an increase of 67% year-on-year. Although the number of victims only increased by 3.7% (reaching 332,000 addresses), the loss per attack has increased significantly, with the largest single theft reaching $55.48 million.
(Key data indicators of Wallet Drainer attacks in 2024)
1. Key nodes
- Pink exits (late May): 28% market share, absorbed by Inferno.
- Angel takes over Inferno (late October): Angel's share decreases, Inferno maintains a 40-45% market share.
2. Market pattern evolution
- Q1-Q2: Three major players (Angel: 42%, Pink: 28%, Inferno: 22%)
- Q3: Dual competition (Inferno: 43%, Angel: 25%)
- Q4: New pattern (Inferno and Angel: 45%, Acedrainer: 20%, other new Drainers: 25%)
As of 2024, the known losses based on phishing signatures have reached $790 million. Although such attacks have decreased in the second half of the year, this may indicate that the attackers are turning to other attack methods, such as malware, which are more stealthy. With the development of the Web3 ecosystem, the challenge of protecting user asset security still exists. Regardless of how the attack methods change, continuous security awareness and capability building remain the key to protecting asset security.
Fraud
This section selects some of the fraud methods we disclosed in 2024:
1. Mining Fraud
4. Stealing X Fraud
6. Malware
III. Anti-Money Laundering Landscape
This section is divided into four parts: anti-money laundering and regulatory dynamics, anti-money laundering data, North Korean hackers, and mixing tools.
Anti-Money Laundering and Regulatory Dynamics
In 2024, the regulatory environment for cryptocurrencies underwent significant developments, the most prominent of which were the EU's implementation of the MiCA regulation and the US's advancement of stablecoin legislation. In terms of law enforcement, stricter measures were introduced worldwide this year to combat illegal activities, with notable progress in stablecoin regulation, cross-border crypto policies, and enforcement actions targeting key participants in the crypto sector. Specific policies and enforcement actions are detailed in the PDF at the end of the article.
Anti-Money Laundering Data
1. Fund Freezing Data
- With the strong support of InMist's intelligence network partners, in 2024, SlowMist assisted clients, partners, and publicly disclosed hacked events to freeze funds totaling over $112 million.
- In 2024, Tether froze approximately $540 million in USDT, and Circle froze approximately $13.36 million in USDC.
(https://dune.com/misttrack/2024)
2. Fund Retrieval Data
In 2024, there were 410 security incidents, and 24 of them were able to fully or partially recover the lost funds after being attacked. According to the disclosed data, approximately $166 million was returned, accounting for 8.25% of the total security losses (approximately $2.013 billion).
North Korean Hackers
In 2024, North Korean hacker groups were suspected of multiple cryptocurrency theft cases, resulting in the theft of hundreds of millions of dollars in cryptocurrencies. The following is a list of major incidents committed by North Korean hacker groups (data source: SlowMist Hacked):
This section focuses on analyzing the attack methods of North Korean hackers and uses the BingX incident tracked by SlowMist as an example to introduce the money laundering methods of North Korean hackers.
Mixing Tools
1. Tornado Cash
(https://dune.com/misttrack/2024)
2. eXch
(https://dune.com/misttrack/2024)
3. Railgun
Railgun has implemented private no-loss proof (PPOI), using zero-knowledge proofs to ensure that users can verify that their funds are not related to illegal activities without compromising privacy. This innovation has achieved a critical balance between privacy and compliance, making it more difficult for malicious actors to use the platform for money laundering.
IV. Conclusion
In 2024, the blockchain industry faced new opportunities and challenges amid the continuous waves of innovation and transformation. The various security incidents and anti-money laundering dynamics have provided us with profound warnings and have also prompted us to pay more attention to industry norms and technical safeguards. Through the analysis of blockchain security incidents and money laundering cases in 2024, we hope to raise awareness of industry security among all parties.
In the future, as the regulatory framework is gradually improved and technical means are continuously upgraded, we have reason to believe that the blockchain industry will move towards a more secure, transparent, and compliant direction. We hope this report can provide valuable information for readers, helping them to have a more comprehensive understanding of the current state of security and anti-money laundering in the blockchain industry, and we also look forward to working together to contribute to the construction of a more secure, stable, and trustworthy blockchain ecosystem.
