Due to space limitations, this article Only the key contents in the analysis report are listed. The complete content can be downloaded from the PDF at the end of the article.

1. Overview

In 2024, the blockchain industry will face the battle between security and innovation Move forward. Against this background, this report reviews the key regulatory compliance and anti-money laundering developments in the blockchain industry in 2024, summarizes blockchain security incidents in 2024 and sorts out typical fraud techniques. In addition, we also invited the Web3 anti-fraud platform ScamSniffer to write about phishing Wallet Drainers. At the same time, we conducted analysis and statistics on the money laundering methods and profit-making conditions of North Korean hackers. We hope that this report will provide readers with useful information, help practitioners and users more comprehensively understand the current status and solutions of blockchain security, and contribute to promoting the safe development of the blockchain ecosystem.

2. Blockchain Security Situation

According to statistics from the SlowMist Hacked incident archive (SlowMist Hacked), a total of 410 security incidents occurred in 2024. The losses amounted to US$2.013 billion. Compared with 2023 (a total of 464 cases, losses of approximately US$2.486 billion), losses decreased by 19.02% year-on-year.

Note: The data in this report are based on the token prices at the time of the event. Due to currency price fluctuations and losses from some undisclosed events that are not included in statistics and other factors, the actual losses should be higher than the statistical results.

(https://hacked.slowmist.io/statistics/?c=all&d =2024)

Overview of blockchain security events

From the perspective of the project track, DeFi continues to be the most attacked area. There will be a total of 339 DeFi security incidents in 2024, accounting for 82.68% of the total security incidents, with losses as high as US$1.029 billion. Compared with 2023 (a total of 282case, with a loss of approximately US$773 million), a year-on-year loss increase of 33.12%.

(Distribution and losses of safety incidents at each track in 2024)

(2023 and 2024 DeFi security incident distribution and loss comparison chart)

From an ecological perspective, Ethereum suffered the highest loss, reaching $465 million. This was followed by BSC at $87.35 million.

(Distribution and losses of various ecological security incidents in 2024)

From the perspective of incident causes, contract vulnerabilities caused the most security incidents, reaching 99 cases, resulting in losses of approximately US$214 million. Secondly, there are security incidents caused by account hacking.

(2024 Security Incident Methods Map)

Typical attack events

This section selects the top 10 security attack events that caused losses in 2024. See the PDF file at the end of the article for details.

(2024 Loss of Top 10 Security Attacks)

Rug Pull

Rug Pull is a scam. Its essence is that malicious project parties create momentum to attract user investment, and wait until the time is right. "Pull the blanket", roll it up and run away. According to statistics from the SlowMist Hacked event archive, there were as many as 58 Rug Pull incidents in 2024, resulting in losses of approximately US$106 million. Among them, the zkSync ecosystem suffered the highest loss, reaching US$36.95 million, and the BSC ecosystem suffered the mostThere were 28 incidents of running away.

(2024 loss of Top 10 escape incident)

(Distribution and losses of various ecological runoff events in 2024)

With the advent of Meme coin craze, many users are speculating and Driven by FOMO, potential risks are ignored. Some currency issuers do not even need to describe their vision or provide a white paper to users. They can create buzz to attract users to buy tokens with just a concept or slogan. The low cost of doing evil has led to endless incidents of running away. After user funds are rug by malicious project parties, they often face a long and difficult recovery process. In this regard, the SlowMist security team recommends that users fully understand the background and team information of the project before participating in the project, and carefully choose investment projects to avoid potential risks.

Phishing

Note: This section focuses on analyzing the Wallet Drainer attack on the EVM compatible chain. Written with love by ScamSniffer, with thanks.

Wallet Drainer is an attack method deployed on phishing websites to steal crypto assets by inducing users to sign malicious transactions. In 2024, such attacks caused approximately $494 million in losses, a 67% increase year-over-year. While the number of victims only grew by 3.7% (to 332,000 addresses), losses per attack increased significantly, with the largest single amount stolen reaching $55.48 million.

(Key data indicators of Wallet Drainer attacks in 2024)

1. Important nodes

Pink exit (End of May): Market share was 28%, and the share was absorbed by Inferno.

Angel takes over Inferno (end of October): Angel's share declines, while Inferno maintains 40-45% market share.

2 . Evolution of market structure

Q1-Q2: Three major leaders (Angel: 42%, Pink: 28%, Inferno: 22%)

Q3: Double-headed competition (Inferno: 43%, Angel: 25%)

Q4: New pattern (Inferno and Angel: 45%, Acedrainer: 20%, other new Drainers: 25%)

As of 2024, phishing signature-based Although the number of such attacks decreased in the second half of the year, this may indicate that attackers are turning to other attack methods, such as malware and more stealth methods. With the development of the ecosystem, the challenge of protecting user assets remains. No matter how the attack methods change, continuous security awareness and protection capability building are always the key to protecting asset security.

Fraud

This section selects some of the fraud tactics we disclosed in 2024:

1. Mining fraud

2. Arbitrage fraud

3. Airdrop fraud

4. Stealing X Cheating

5. Pixiu disk

6. Malicious Trojan horse

3. Anti-Money Laundering Situation

This section is divided into four parts: anti-money laundering and regulatory trends, anti-money laundering data, North Korean hackers, and currency mixing tools.

Anti-money laundering and regulatory trends< /p>

2024 has seen major developments in the regulatory environment for cryptocurrencies, the most prominent of which are the implementation of MiCA regulations in the European Union and the advancement of stablecoin legislation in the United States. In terms of law enforcement, stricter regulations have been introduced around the world this year Measures have been taken to combat illegal activities, and significant progress has been made in stablecoin regulation, cross-border encryption and law enforcement actions against major players in the encryption field. Please see the PDF at the end of the article for details and law enforcement actions.

Anti-money laundering data

1. Fund freezing data

In the InMist Intelligence Network With the strong support of partners, SlowMist helped customers, partners and public hackers freeze funds totaling more than 112 million US dollars in 2024.

2024 Tether has frozen approximately $540 million in USDT; Circle has frozen approximately $13.36 million in USDC in 2024.

< p style="text-align: left;">(https://dune.com/misttrack/2024)

2. Fund return data

410 security incidents occurred in 2024, and there were 24 incidents in which all or part of the lost funds could be recovered after being attacked. According to disclosed data, a total of approximately 166 million US dollars was returned. , accounting for 8.25% of the total security losses (approximately US$2.013 billion)

North Korean hackers

In 2024, North Korean hacker groups were involved in multiple cyber thefts, resulting in the theft of hundreds of millions of dollars in cryptocurrency. The following is a list of important incidents committed by North Korean hacker groups (data source SlowMist Hacked):

< p style="text-align:center">

This section focuses on analyzing the attack methods of North Korean hackers and following up on the BingX incident with SlowMist Let’s take an example to introduce Korean blackCustomer’s money laundering methods.

Coin mixing tool

1. Tornado Cash

(https://dune.com/misttrack/2024)

2. eXch

(https://dune.com/misttrack/2024)

3. Railgun

Railgun has implemented Private Proof of Innocence (PPOI), using zero-knowledge proofs to ensure that users can operate without compromising privacy. case to verify that their funds are not related to illegal activities. This innovation strikes a critical balance between privacy and compliance, making it more difficult for malicious actors to exploit the platform to launder money.

IV. Summary

In 2024, the blockchain industry will face new opportunities and challenges in the wave of continuous innovation and change; various security incidents and anti-money laundering developments will We have provided a profound warning and prompted us to pay more attention to industry regulations and technical guarantees; through the analysis of blockchain security incidents and money laundering cases in 2024, we hope to arouse the attention of all parties to industry security.

In the future, with the gradual improvement of the regulatory framework and the continuous upgrading of technical means, we have reason to believe that the blockchain industry will move towards a more secure, transparent and cooperative move in the prescribed direction. We hope that this report can provide readers with valuable information and help them gain a more comprehensive understanding of the security and anti-money laundering status of the blockchain industry. We also look forward to our joint efforts to build a more secure, stable and trustworthy blockchain. Ecological contribution.

5. Disclaimer

The content of this report is based on our understanding of the blockchain industry, the SlowMist Hacked blockchain archive and the anti-money laundering tracking system MistTrack data support. However, due to the "anonymous" nature of the blockchain, we cannot guarantee the absolute accuracy of all data, nor can we be responsible for any errors, omissions, or losses caused by the use of this report.liability for failure. At the same time, this report does not constitute the basis for any investment advice or other analysis. If there are any omissions or shortcomings in this report, you are welcome to criticize and correct us. The introduction reads here. The link to the full version is as follows. You can also click directly to read the original text to jump. Welcome to read and share:)

Chinese: https://www. slowmist.com/report/2024-Blockchain-Security-and-AML-Annual-Report(CN).pdf

English: https://www.slowmist.com/report/2024-Blockchain-Security-and-AML-Annual-Report(EN).pdf