Overview of the 2024 Blockchain Security and Anti-Money Laundering Annual Report

Author: SlowMist AML Team

For the full content, please see here

I. Overview

In 2024, the blockchain industry moves forward amidst the clash of security and innovation. Against this backdrop, this report reviews the key regulatory compliance policies and anti-money laundering dynamics in the blockchain industry for 2024, summarizes the blockchain security incidents of 2024, and outlines typical fraud methods. Additionally, we invited the Web3 anti-fraud platform ScamSniffer to write about phishing Wallet Drainers, and we analyzed and compiled the money laundering methods and profits of North Korean hackers. We hope this report provides useful information to readers, helping practitioners and users gain a more comprehensive understanding of the current state of blockchain security and solutions, contributing to the safe development of the blockchain ecosystem.

II. Blockchain Security Situation

According to the SlowMist Hacked incident database, there were a total of 410 security incidents in 2024, with losses reaching up to $2.013 billion. Compared to 2023 (a total of 464 incidents with losses of approximately $2.486 billion), the losses decreased by 19.02%.

Note: The data in this report is based on the token prices at the time of the incidents. Due to price fluctuations and the exclusion of losses from some undisclosed incidents, the actual losses should be higher than the statistics.

(https://hacked.slowmist.io/statistics/?c=all\&d=2024)

Overview of Blockchain Security Incidents

From the perspective of project sectors, DeFi remains the most frequently attacked area. In 2024, there were 339 DeFi security incidents, accounting for 82.68% of the total security incidents, with losses reaching $1.029 billion. Compared to 2023 (a total of 282 incidents with losses of approximately $773 million), the losses increased by 33.12%.

(Distribution and losses of security incidents across sectors in 2024)

(Comparison of DeFi security incident distribution and losses between 2023 and 2024)

From an ecosystem perspective, Ethereum had the highest losses, totaling $465 million, followed by BSC with $87.35 million.

(Distribution and losses of security incidents across ecosystems in 2024)

In terms of incident causes, contract vulnerabilities led to the most security incidents, totaling 99, resulting in losses of approximately $214 million. The second most common cause was account hacks.

(Methods of security incidents in 2024)

Typical Attack Incidents

This section selects the top 10 security attack incidents by loss in 2024. For details, please refer to the PDF content at the end.

(Top 10 security attack incidents by loss in 2024)

Rug Pull

Rug Pull is a type of scam where malicious project teams create hype to attract user investments, and when the time is right, they "pull the rug" and run away with the funds. According to the SlowMist Hacked incident database, there were 58 Rug Pull incidents in 2024, resulting in losses of approximately $106 million. Among these, the zkSync ecosystem suffered the highest losses, totaling $36.95 million, while BSC had the most Rug Pull incidents, totaling 28.

(Top 10 Rug Pull incidents by loss in 2024)

(Distribution and losses of Rug Pull incidents across ecosystems in 2024)

With the rise of meme coins, many users, driven by speculation and FOMO, overlook potential risks. Some token issuers do not even need to present a vision or provide a white paper; they can generate hype and attract users to buy tokens based solely on a concept or slogan. The low cost of malicious actions has led to a surge in Rug Pull incidents. After users' funds are Rugged by malicious project teams, they often face a long and difficult process to recover their money. In response, the SlowMist security team advises users to thoroughly understand the background and team information of a project before participating, and to choose investment projects cautiously to avoid potential risks.

Phishing

Note: This subsection focuses on analyzing Wallet Drainer attacks on EVM-compatible chains, written by ScamSniffer, for which we express our gratitude.

Wallet Drainer is an attack method deployed on phishing websites that tricks users into signing malicious transactions to steal crypto assets. In 2024, such attacks caused losses of approximately $494 million, a year-on-year increase of 67%. Although the number of victims only increased by 3.7% (reaching 332,000 addresses), the losses per attack significantly increased, with the largest single theft amounting to $55.48 million.

(Key data indicators of Wallet Drainer attacks in 2024)

1. Key Nodes

• Pink Exit (end of May): Market share 28%, absorbed by Inferno.
• Angel takes over Inferno (end of October): Angel's share declines, Inferno maintains 40-45% market share.

1. Market Landscape Evolution

• Q1-Q2: Three Dominants (Angel: 42%, Pink: 28%, Inferno: 22%)
• Q3: Two-headed Competition (Inferno: 43%, Angel: 25%)
• Q4: New Landscape (Inferno and Angel: 45%, Acedrainer: 20%, other new Drainers: 25%)

As of 2024, known losses based on phishing signatures reached $790 million. Although such attacks decreased in the second half of the year, this may indicate that attackers are shifting to other methods, such as malware, which are more covert. As the Web3 ecosystem develops, challenges in protecting user asset security remain. Regardless of how attack methods change, continuous security awareness and protective capability building are always key to safeguarding asset security.

Fraud

This section selects some fraud methods disclosed by us in 2024:

1. Mining Fraud

2. Arbitrage Fraud

3. Airdrop Fraud

4. Theft X Fraud

5. Pixiu Scheme

6. Malicious Trojan

III. Anti-Money Laundering Situation

This section is divided into four parts: anti-money laundering and regulatory dynamics, anti-money laundering data, North Korean hackers, and mixing tools.

Anti-Money Laundering and Regulatory Dynamics

In 2024, significant developments occurred in the regulatory environment for cryptocurrencies, most notably the EU's implementation of the MiCA regulation and the U.S. advancing stablecoin legislation. In terms of law enforcement, stricter measures have been introduced worldwide to combat illegal activities, with significant progress made in stablecoin regulation, cross-border crypto policies, and law enforcement actions targeting major participants in the crypto space. Specific policies and law enforcement actions can be found in the PDF at the end.

Anti-Money Laundering Data

1. Fund Freezing Data

• With the strong support of partners in the InMist intelligence network, SlowMist assisted clients, partners, and publicly hacked incidents in freezing funds totaling over $112 million in 2024.
• In 2024, Tether froze approximately $540 million in USDT; Circle froze approximately $13.36 million in USDC.

(https://dune.com/misttrack/2024)

2. Fund Return Data

In 2024, there were 410 security incidents, and 24 incidents were able to recover all or part of the lost funds after being attacked. According to disclosed data, approximately $166 million was returned, accounting for 8.25% of the total security losses (approximately $2.013 billion).

North Korean Hackers

In 2024, North Korean hacker organizations were implicated in multiple cyber theft cases, resulting in the theft of hundreds of millions of dollars in cryptocurrency. Below is a list of significant incidents committed by North Korean hacker organizations (data source: SlowMist Hacked):

This section focuses on analyzing the attack methods of North Korean hackers, using the BingX incident followed up by SlowMist as an example to introduce the money laundering methods of North Korean hackers.

Mixing Tools

1. Tornado Cash

(https://dune.com/misttrack/2024)

2. eXch

(https://dune.com/misttrack/2024)

3. Railgun

Railgun has implemented Private Proof of Innocence (PPOI), utilizing zero-knowledge proofs to ensure that users can verify their funds are not associated with illegal activities without compromising privacy. This innovation strikes a critical balance between privacy and compliance, making it more difficult for malicious actors to use the platform for money laundering.

IV. Conclusion

In 2024, the blockchain industry faces new opportunities and challenges amidst ongoing innovation and transformation; various security incidents and anti-money laundering dynamics provide profound warnings and prompt us to pay more attention to industry norms and technical safeguards. Through the analysis of blockchain security incidents and money laundering cases in 2024, we hope to raise awareness of industry security among all parties.

In the future, as the regulatory framework gradually improves and technological means continue to upgrade, we have reason to believe that the blockchain industry will move towards a safer, more transparent, and compliant direction. We hope this report provides valuable information to readers, helping them gain a more comprehensive understanding of the current state of blockchain security and anti-money laundering, and we look forward to working together to contribute to building a safer, more stable, and trustworthy blockchain ecosystem.