π Web3 Security Threats Surge In 2024 With Significant Financial Losses
#Web3 #Security #Threats #FinancialLosses #Cybersecurity #Blockchain #SmartContracts #AccessControl #IncidentReport #LossRecovery
According to Odaily, a report by Cyvers highlights a sharp increase in Web3 network threats in 2024, resulting in losses exceeding $2.3 billion across 165 security incidents. This marks a 40% rise compared to the $1.69 billion lost in 2023, though it remains $1.42 billion lower than the $3.78 billion lost in 2022. Notably, $1.3 billion of stolen funds were recovered this year.
Cyvers reports that incidents related to access control accounted for 81% of the $2.3 billion losses, with 67 such events recorded. Additionally, approximately 98 incidents involving smart contract vulnerabilities resulted in losses totaling $456.3 million. A single address poisoning incident led to losses exceeding $68 million.
Analyzing the past three years, losses related to access control breaches have steadily increased from $769 million in 2022 to $1.9 billion by the end of 2024. In contrast, losses due to code exploitation in 2023 and 2024 were significantly lower than the approximately $3 billion lost in 2022.#Web3 #Security #Threats #FinancialLosses #Cybersecurity #Blockchain #SmartContracts #AccessControl #IncidentReport #LossRecovery
π Blockchain Security Reports Over $6 Billion Losses Due To Hacks And Frauds
#Blockchain #Security #Cryptocurrency #Hacks #Frauds #Losses #Exploits #AccessControl
According to Foresight News, Cyvers Alerts, a blockchain security monitoring service, has reported that the total losses from hacks and frauds in the cryptocurrency sector have exceeded $6 billion. This marks a 40% increase in overall exploitations compared to the previous year. Access control vulnerabilities were the most significant issue, accounting for 81% of the total losses.#Blockchain #Security #Cryptocurrency #Hacks #Frauds #Losses #Exploits #AccessControl
π Blockchain Bandit Consolidates Stolen 51,000 Ether Into Single Wallet
#Blockchain #Bandit #Ether #ETH #Bitcoin #BTC #Crypto #Hacking #Cybersecurity #Theft #AccessControl #Cointelegraph #ZachXBT #Security #DigitalAssets #Ethercombing
According to Cointelegraph, the infamous hacker known as Blockchain Bandit has consolidated 51,000 Ether (ETH) into a single wallet after nearly two years of inactivity. This move involved transferring the entire amount from 10 separate wallet addresses to a multi-signature address labeled β0xC45β¦1D542.β The transfer occurred in batches of 5,000 Ether between 8:54 pm and 9:18 pm UTC on December 30, as reported by blockchain investigator ZachXBT.
The stolen funds had been dormant in these 10 wallet addresses since January 21, 2023, when the hacker last moved the 51,000 Ether. At that time, the hacker also transferred 470 Bitcoin (BTC). Blockchain Bandit initially amassed nearly 45,000 Ether by exploiting weak private keys, a feat reported by Cointelegraph in April 2019, based on findings from Independent Security Evaluators. Despite the statistical improbability of guessing private keys, the hacker managed to uncover 732 private keys linked to 49,060 transactions.
The method employed by the hacker involved a brute force search for random private keys, utilizing faulty code and random number generators in a process termed βEthercombing,β as explained by crypto security analyst Adrian Bednarek. This programmatic theft has been ongoing since 2016, with significant activity noted in 2018, according to ZachXBTβs analysis.
In a broader context, crypto hackers stole over $2.3 billion worth of assets across 165 major incidents in 2024, marking a 40% increase compared to 2023, as reported by onchain security firm Cyvers. This surge in thefts is largely attributed to access control breaches, particularly affecting centralized exchanges and custodian platforms. Access control vulnerabilities accounted for 81% or $1.9 billion of the total value stolen in 2024 from 67 cybersecurity incidents.#Blockchain #Bandit #Ether #ETH #Bitcoin #BTC #Crypto #Hacking #Cybersecurity #Theft #AccessControl #Cointelegraph #ZachXBT #Security #DigitalAssets #Ethercombing
π Uniswap Wallet Vulnerability Raises Security Concerns
#Uniswap #WalletVulnerability #Cybersecurity #CryptoSecurity #SeedPhrase #AccessControl #Blockchain #Cryptocurrency #SecurityBreach #CryptoLosses #Scams #Hacks #BitsLab #ScaleBit #PeckShield #CertiK
According to Cointelegraph, ScaleBit, a subsidiary of security auditor BitsLab, has identified a potential vulnerability in Uniswap's Web3 wallets that could jeopardize all stored assets. The issue reportedly allows attackers with physical access to bypass authentication mechanisms and directly access the mnemonic phrase stored on the device. This phrase, also known as a seed phrase, is a critical component that provides full control over a wallet's assets from any device.
ScaleBit highlighted that anyone with access to an unlocked device could retrieve the wallet's mnemonic phrase in under three minutes. Alarmingly, this vulnerability persists even in the latest version of the app. As a precaution, ScaleBit advised Uniswap Wallet users to avoid lending their devices to others until the issue is resolved. Uniswap representatives have not yet responded to requests for comment, and Cointelegraph has not independently verified the vulnerability.
In related news, the cryptocurrency sector saw a significant increase in losses due to cybersecurity exploits in 2024, with a 40% rise compared to the previous year, totaling approximately $2.3 billion. This increase was largely attributed to access control breaches, particularly in centralized exchanges and crypto custodians, as noted by Deddy Lavid, co-founder and CEO of security firm Cyvers. Mnemonic phrase compromises are a common type of access control breach.
Despite the overall rise in losses, the final months of 2024 saw a decline in crypto scams, exploits, and hacks. December recorded the smallest amount stolen, with blockchain security firm CertiK reporting $28.6 million in known losses, compared to $63.8 million in November and $115.8 million in October. Similarly, blockchain security firm PeckShield noted a 71% decrease in hack losses in December, amounting to $24.7 million. These figures suggest a potential improvement in security measures towards the end of the year.#Uniswap #WalletVulnerability #Cybersecurity #CryptoSecurity #SeedPhrase #AccessControl #Blockchain #Cryptocurrency #SecurityBreach #CryptoLosses #Scams #Hacks #BitsLab #ScaleBit #PeckShield #CertiK
π Suspicious Transactions Across Multiple Chains Result In $170,000 Loss
#SuspiciousTransactions #Blockchain #CyberSecurity #BlockSec #Fraud #UniV3 #CryptoLoss #CryptoFraud #AccessControl
According to Foresight News, BlockSec Phalcon has detected suspicious transactions across multiple blockchain networks, resulting in a loss of approximately $170,000. These transactions were initiated by the same address. Analysis indicates that due to inadequate access control, the attacker was able to forcibly inject funds into fraudulent Uni-V3 pools and profit from them.#SuspiciousTransactions #Blockchain #CyberSecurity #BlockSec #Fraud #UniV3 #CryptoLoss #CryptoFraud #AccessControl
π Certik Reports on Sola Security Incident and Related Attacks
#Certik #SolaSecurityIncident #CyberSecurity #Blockchain #CodeVulnerabilities #CryptoLosses #TornadoCash #AccessControl #PhishingIncidents #CryptoAttacks #BNB
According to Foresight News, Certik has released an analysis of the Sola security incident that occurred on April 12, 2025. An unverified contract, identified as 0x623c, was exploited due to inadequate access control, resulting in a loss of approximately $28,000. This incident marks the fourth attack linked to the same perpetrator, who previously targeted Gemcy, OPC, and AIRWA, amassing around $181,000 in profits. On April 23, the attacker executed a fifth attack on ACB. Overall, the attacker transferred 498 BNB to Tornado Cash across these five incidents.
As of 2025, Certik has documented 93 incidents related to code vulnerabilities, with total losses amounting to approximately $52.5 million. Code vulnerabilities rank as the second most common cause of losses, following phishing incidents.#Certik #SolaSecurityIncident #CyberSecurity #Blockchain #CodeVulnerabilities #CryptoLosses #TornadoCash #AccessControl #PhishingIncidents #CryptoAttacks #BNB
π NOYA.ai Reports Security Breach Resulting in Loss of 14.5 ETH
#NOYAai #SecurityBreach #Hack #ETH #UnauthorizedAccess #CryptoSecurity #HackingIncident #BugBounty #ExternalAuditors #AccessControl #ConnectorRemoval #ContractOwnership
According to Odaily, NOYA.ai has released a report detailing a recent hacking incident. The breach occurred due to unauthorized access by a developer to a wallet with permissions to add connectors to the protocol, resulting in a total loss of approximately 14.5 ETH. In response, the malicious connector has been removed, and contract ownership has been updated to safeguard funds. The attacker's address has also been reported to centralized exchanges. Moving forward, NOYA.ai plans to hire external security auditors for a comprehensive review, introduce delay/time-lock connectors, launch a bug bounty program, and conduct a thorough audit of all access control features.#NOYAai #SecurityBreach #Hack #ETH #UnauthorizedAccess #CryptoSecurity #HackingIncident #BugBounty #ExternalAuditors #AccessControl #ConnectorRemoval #ContractOwnership
π Mysten Labs Launches Decentralized Management Service Seal for Sui
#MystenLabs #Seal #Sui #Move #decentralized #privacy #encryption #accesscontrol #identity #thresholdencryption
According to Foresight News, Mysten Labs has announced the launch of Seal, a decentralized private management service for Sui. Seal utilizes Move to enable programmable, application-specific access control logic. It employs identity and threshold-based encryption technology to ensure seamless and secure client encryption and decryption processes.#MystenLabs #Seal #Sui #Move #decentralized #privacy #encryption #accesscontrol #identity #thresholdencryption
π Smart Contract Vulnerability Leads to Flash Loan Attack on BSC
#SmartContract #Vulnerability #FlashLoanAttack #BinanceSmartChain #BSC #PancakeSwap #GPCtokens #AccessControl #MSCST #CryptoSecurity #Blockchain #BNB
According to PANews, a flash loan attack on the Binance Smart Chain (BSC) has resulted in an estimated loss of $130,000. The incident involved an unknown smart contract named MSCST, which was exploited due to a missing access control in the releaseReward() function. This vulnerability allowed the attacker to manipulate the price of GPC tokens within the PancakeSwap liquidity pool (0x12da).#SmartContract #Vulnerability #FlashLoanAttack #BinanceSmartChain #BSC #PancakeSwap #GPCtokens #AccessControl #MSCST #CryptoSecurity #Blockchain #BNB
π Tencent Cloud Introduces Credential Sandbox for Enhanced Security
#TencentCloud #CredentialSandbox #CyberSecurity #AI #CloudSecurity #API #AccessControl #Innovation #Auditing
Tencent Cloud's AI Agent Security Center has launched a new feature called 'Credential Sandbox' to address key security issues. According to ChainCatcher, this innovation allows the Agent to perform all cloud API calls without holding any keys. Each operation is fully auditable, and administrators can adjust the Agent's capability boundaries at any time, granting permissions without providing keys.#TencentCloud #CredentialSandbox #CyberSecurity #AI #CloudSecurity #API #AccessControl #Innovation #Auditing
π CertiK Urges Enhanced Security Measures Following OpenClaw Report
#CyberSecurity #OpenSource #Vulnerability #CVE #GitHub #AccessControl #Sandboxing #LeastPrivilege #SoftwareSecurity #Infosec
CertiK has released a comprehensive security report on March 31, analyzing over 280 GitHub security advisories and more than 100 CVE vulnerabilities collected between November 2025 and March 2026. According to NS3.AI, the report highlights the need for developers and users to implement stricter access control, validate plugins, ensure sandbox isolation, and adopt least-privilege deployment strategies to enhance security measures.#CyberSecurity #OpenSource #Vulnerability #CVE #GitHub #AccessControl #Sandboxing #LeastPrivilege #SoftwareSecurity #Infosec