The Monthly Web3 Scams Report – January 2024: Blockfence

TL;DR January 2024 began as a relatively quiet month with no significant attacks involving lost funds. However, it concluded with a notable incident: the theft of 213 million XRP (equivalent to USD 112.5 million) from Chris Larsen, Ripple’s Co-Founder, due to compromised private keys.

Attack vectors

As highlighted in our recent investigation (link), there is an emerging trend of rug pulls, particularly on the Binance Smart Chain (BSC). These schemes are becoming increasingly sophisticated and automated, enabling them to expand and defraud more individuals in shorter time frames. Additionally, there has been a surge in compromised X accounts, with nearly all cases attributable to SIM swaps.

Attack vectors behind major funds lost

From the lost funds’ point of view, compromised private keys are the number one attack vector, followed by smart contracts’ vulnerability.
– Compromised private keys: $132M
– Contract vulnerability: $21.8M
– Price manipulation: $6.5M
– Flash Loan Attack: $6M
– Rug pull: $5.5M
– Phishing attack: $3.7M

Funds Lost by Blockchain

Ripple is the network that suffered the most lost funds, all of them corresponding to one attack, followed by Polygon and Ethereum.
– Ripple: $ 112.5M
– Polygon: $16.3M
– Ethereum: $13.9M
– BSC: $13.6M
– Other networks: $13.2M
– Arbitrum: $12.7M
– Solana: $1M
– Optimism: $180K

Attack Incidents per Blockchain

Regarding the most attacked network by the number of incidents, BSC remains at the top of the list due to the large quantity of rug pulls going on in it.
– BSC: 18
– No network: 10
– Ethereum 6
– Arbitrum: 5
– Other: 2
– XRP: 1
– Polygon: 1
– Solana: 1
– Optimism: 1

Attack Vectors Behind Major Funds Lost

– Rug pulls: MangoFarm, XAI Token, MAR3AI, BoxyDude, StarkPepe, Audify, Speero, SolDragon, BorzoiCoin, PulseXIncentiveToken, FoxFunnies, MOE, LongNoseDog, Poldo, CRONUS, JohnLennonC0IN.
– X accounts compromised: CertiK, Olaf, CoinGecko, Staci Warden, Andrei Grachev & Masa

– Compromised private keys: Narwhal token, Concentric Finance, GMEE & Chris Larsen (Ripple Co-founder)
– Contract vulnerability: Wise lending, Socket, Somesing and Abracadabra money
– Discord compromised: Wabalaba Land, ZKFair and Klaytn
– Price manipulation: Gamma strategies
– Flash loan attack: Radiant Capital and Goledo Finance.
– DDoS attack: Manta Pacific and HTX
– Reentrancy attack: Nebula revelation
– Third-party vulnerability: Trezor
– Phishing: mainnet user

Most Prominent Attacks of the Month

– Chris Larsen (XRP CEO) – Compromised private keys: $112.500.000
– GMEE – Compromised private keys: $16.352.814
– Somesing – Contract vulnerability: $11.580.000
– Coinspaid: $7.500.000
– Abracadabra Money: Contract vulnerability: $6.490.000
– Gamma strategies: Price manipulation: $6.412.750

Most Prominent Private Keys Attacks

– Chris Larsen (Ripple Co-Founder) – Ripple: $112.500.000
– GMEE – Polygon: $16.352.814
– Concentric Finance – Arbitrum: $1.800.000
– Narwhal Token – BSC: $1.563.286

Most Prominent Smart Contract Attacks

– Somesing: $11.5M
– Abracadabra Money – Ethereum: $6.4M
– Gamma Strategies – Price manipulation – Arbitrum: $6.4M
– Radiant Capital – Flash Loan Attack – Arbitrum: $4.3M
– Socket – Ethereum: $3.3M

The Bottom Line: $183M Lost

January’s losses total $183M, 40% more than the previous month (December 2023), but a bit less than last twelve months average of $198M.

$2.4 billion lost over the past 12 months

Over the past twelve months (February 2023-January 2024), the total stolen funds amount to USD 2.4 billion, which is significantly lower than the estimated USD 3.5 billion for 2022.

97.6% detected by Blockfence

The Blockfence engine detected $39.85M out of $40.93 total relevant compromised funds. This does not include compromised private keys and centralized exchanges, which can not be detected in advance.

Download the Full Report (PDF)

Download a full copy of our report in PDF here