Yesterday, cybersecurity firm Beosin released its Blockchain Security Recap of July. The report from the leading Web3 analytics team is alarming, showing that losses from cyberattacks nearly doubled last month compared to June, totaling $180. Altogether, nearly $415 million was lost in thirty-one security incidents in July.
There has also been a significant increase in the number of rug pulls. Losses caused by fraudulent Web3 projects have surged fivefold since June to almost $24.5 million.
Beosin statistics show seventeen security incidents involving DeFis. The most devastating incident was the $210 million Multichain bridge exploit on July 7, while the most recent incident was the reentrancy attack on multiple Curve pools on July 30.
The report mentions eight rug pull and crypto fraud cases, with one of the largest exploits carried out by the DefiLabs team on the BNB chain, which allowed the actors to make a profit of $1.4 million. The Encryption AI rug pull, in which $2 million was stolen from investors on July 3, was also notable because of the unusual behavior of the exploiter. The person behind the incident reportedly apologized on Twitter, explaining that their severe gambling addiction drove them to steal the funds.
Beosin also mentions six regulatory cases of crypto crime in which victims were deprived of their money. These incidents include the indictment of Michael and Amanda Griffs from Tenessee, who used a commodity pool with the peculiar name "Blessings of God Thru Crypto" to take $6 million from investors.
Beosin strongly advises blockchain projects to be more careful with their private keys, and in particular to "establish strict private key management processes, implement multi-signature mechanisms, and avoid using private keys in Internet-connected environments."
The Web3 security firm also stresses the importance of fixing a reentrancy vulnerability that can lead to particularly destructive exploits.
Meanwhile, regular crypto users should be vigilant against rug pulls, which have been on the rise for several months. "Users are advised to conduct thorough background investigations on projects and review relevant audit reports to avoid asset losses," the Beosin team says in the report.
In the meantime, prominent on-chain detective ZachXBT announced on Twitter that the stolen funds from Coinspad/Alphapo, Harmony, and Atomic Wallet, totaling nearly $300 million, were linked on-chain by the Lazarus Group, one of the most notorious hacking teams backed by the North Korean government. The June 3 Atomic Wallet hack, which resulted in losses of over $100 million, remains one of the most mysterious incidents, as the project's team has decided not to release details about the exploit. In addition, wallet users report that they have been banned by the Atomic Wallet team on social media for mentioning the exploit.