Web3 Security Incidents in October 2024 Led to $147 Million in Losses

In October of 2024, Web3 security incidents led to total losses of approximately $147 million. According to the comprehensive SlowMist Blockchain

Web3 Security Incidents in October: Analysis and Key Events

In October of 2024, Web3 security incidents led to total losses of approximately $147 million. According to the comprehensive SlowMist Blockchain Hack Archive, 28 separate attacks resulted in about $129 million in losses, with $19.3 million later recovered. These incidents are said to have involved various abusive tactics, including so-called exit scams, account takeovers, as well as price manipulation.

In addition, Web3 anti-fraud platform Scam Sniffer has reportedly recorded 12,058 phishing victims, with losses totaling a substantial $18.04 million during just this last month.

Here are some of the most notable Web3 security incidents that occurred in October, as reported by MistTrack:

EIGEN Token Theft

On October 5, EigenLayer announced on X that an isolated attack occurred in which a “communication thread between an investor and a custodian was compromised, leading to the unauthorized transfer of 1,673,645 EIGEN tokens to the attacker.” The attacker then exchanged the tokens “through decentralized platforms, transferring the proceeds to centralized exchanges.” Collaborative efforts with these platforms and law enforcement have “led to partial funds being frozen.”

SlowMist was invited as an independent investigator, concluding that the incident was initiated by a phishing attack “on the investor's employee email account, allowing the attacker to impersonate both the investor and custodian to redirect the token transfer.” EigenLayer expressed gratitude to SlowMist for their “thorough and timely investigation.”

Radiant Capital Attack

On October 17, Radiant Capital reported a security issue on BNB Chain and Arbitrum, “leading to the suspension of its Base and mainnet markets.” SlowMist analysis also notably revealed that after “taking control of three multisig permissions, the attacker upgraded a malicious contract to steal funds.”

By October 18, Radiant Capital released an incident report, “confirming around $50 million in losses due to a complex malware injection, which compromised devices of three core contributors, enabling malicious transaction signing.”

Tapioca DAO Exploit

On October 18, Tapioca DAO suffered a security breach, “losing around $4.7 million through a social engineering attack.” Attackers gained access to a key developer's private keys through an infectious “interview” tactic. The hacker group, identified as a North Korean entity, infiltrated the developer's device “with malware to acquire the private key.”

This “infectious interview” approach involved disguising as job candidates or recruiters, “luring targets into downloading malicious files.”

SHARPEI Token Price Crash

Launched on October 23, the meme token SHARPEI (SHAR) saw its market cap surge “to $54 million, only to drop 96% after a sudden $3.4 million sell-off by project insiders.” Leaked promotional documents “exposed several false claims, including fake endorsements from KOLs who later denied involvement, as well as fictitious partnerships.” The token's value continued to fluctuate “as these deceptions were revealed.”

U.S. Government-Controlled Wallet Suspicious Activity

On October 25, MistTrack reported “unusual” or suspicious outflows from a U.S. government-controlled wallet at address 0x88d5f, amounting to roughly $20 million in tokens, which included 5.4 million USDC, 1.12 million USDT, 13.7 million aUSDC, and 178 ETH. Most of these tokens were swapped for ETH. Following the transaction, “approximately $19.3 million was returned to the government address.”

Event Analysis and Security Recommendations

In October, attack methods became increasingly “sophisticated, including contract vulnerabilities, account takeovers, and new tactics like supply chain attacks, multisig theft, and price manipulation.” Two major exit scams resulted in multimillion-dollar losses, highlighting the need for “due diligence on project backgrounds and teams before investing.”

There was also an “uptick” in account compromise incidents, especially on platform X. Users and project teams can follow SlowMist's X Account Security Guidelines to review “permissions and bolster security settings.”

SlowMist advises increased vigilance against social engineering attacks, which, while technically “unsophisticated, can discreetly compromise assets.” Even though there was a decline in phishing-related losses compared to last month, “the number of victims has risen.” Users are urged to exercise caution, “routinely verify permissions, and avoid clicking unknown links or entering private keys/seed phrases.” Installing antivirus software (such as Kaspersky, AVG) and anti-phishing plugins (like Scam Sniffer) can “enhance device security.”