Cryptomonthly report: The security losses of funds in January were about US$98 million, a significant decrease in both year-on-year and month-on-month

The highlight of the monthly security incidents of Zero-Time Technology has begun! According to statistics from some blockchain security risk monitoring platforms, the losses caused by vulnerabilities, hackers and scams in January 2025 were about US$ 98 million , and 28 cryptocurrency hacking attacks occurred, of which about US$ 8 million was attributed to phishing. But compared with the loss of US$133 million in January 2024, a decrease of 44.6% . This is a 56% decrease from the loss of $23.58 million in December 24.

Hacker attacks

7 typical security incidents

(1) On January 8, users of Orange Finance (DeFi protocol on Arbitrum) were stolen by more than $800,000. The attacker can access the protocol's management keys and use them to perform malicious escalation on the protocol's contracts, thereby stealing the wallets of all users with valid token approvals for the protocol.

(2) On January 8, a private key leak occurred in Moby, affecting some LP assets in some protocols. They said this is not a security issue related to protocol smart contracts, but rather a hacker trying to steal funds by simply upgrading existing smart contracts using the stolen proxy private key. Finally, tonykebot took advantage of the lack of protection in UUPS implementation and implemented a successful white hat rescue operation, returning the 1.47 million USDC obtained by the previous attack on-chain option protocol Moby hacker to the project owner.

(3) On January 13, according to the monitoring of the Zero-Time Technology Security Team, UniLend on the EVM chain was attacked, and the loss was about $197,000. The cause of this vulnerability was that Unilend did not reduce the amount of collateral when calculating the amount of collateral when conducting redeems. Go to the redeem to transfer the amount, resulting in the wrong calculation that the amount of collateral is higher than the amount of collateral that the attacker actually owns, and the exchange should not have been successfully completed. This eventually led to the attacker emptied the project's stETH token.

For detailed attack analysis, please click this link:

Zero-Time Technology|| Unilend attack event analysis

(4) On January 15, the Zero-Time Technology Project Team monitored multiple attacks against the Ethereum on-chain project Sorra, which caused a total loss of 41,000 USD. The cause of this vulnerability is that when the Sorra project party withdraws the user, it did not determine whether the user has extracted the reward, which leads to the user being able to extract the reward repeatedly through a large number of operations. The attacker used the above vulnerability to initiate multiple transactions and extracted all SOR Tokens in the Sorra project.

For detailed attack analysis, please click this link:

Zero-Time Technology|| SorraStaking Attack Event Analysis

(5) On January 21, Forta detected a $324,000 vulnerability on TheIdolsNFT.

(6) On January 23, a hot wallet on the Singapore-based Phemex cryptocurrency exchange was attacked, resulting in a loss of approximately $70 million.

(7) On January 24, according to the Slow Fog Security Team Monitor, the vulnerability has been exploited on multiple chains due to the lack of input verification by ODOS, with a loss of approximately $100,000. ODOS tweeted that the attack exploited a vulnerability in its audited executor contract, stealing revenue stored in the contract without affecting any user funds.

Rug Pull / Phishing Scam

10 typical security incidents

(1) On January 2, a $VIRTUAL holder held approximately 39 times ($196,396) of tokens, losing all tokens due to “increasing limits” phishing transactions.

(2) On January 3, a $RLB holder lost all tokens worth approximately $1 million due to the “Uniswap Permit2” phishing signature.

(3) On January 6, 0x5167 started the address lost $155,256 worth of EIGEN after signing the "Add allowance" phishing transaction.

(4) On January 7, the opening address of 0x8536 lost $103,020 tokens after signing the “Uniswap Permit2” phishing transaction.

(5) On January 8, the 0x3402 opening address lost $474,422 worth of $OLAS, $SEKOIA, $VIRTUAL, and $FJO after signing multiple phishing signatures.

(6) On January 14, the 0x00c0 starter address lost $263,255 worth of $VIRTUAL after signing the phishing transaction.

(7) On January 17, the 0x80dc starter address lost USUALUSDC+ worth $426,106 after signing a “license” phishing signature.

(8) On January 20, the 0x1e70 starter address lost $135,068 worth of WETH after signing the "Allow" phishing signature.

(9) On January 22, the opening address of 0x3149 lost $553,045 worth of $PAXG after signing the "transfer" phishing transaction.

(10) On January 29, the 0xeb2 opening address lost $384,645 worth of $LINK after signing the "increaseApproval" phishing transaction.

Summarize

The cryptocurrency phishing scam stole $10.25 million from 9,220 victims in January, down 56% from the $23.58 million loss in December. However, criminals are constantly evolving and adopting more complex attack methods.

The Zero-Time Technology Security Team recommends that project parties always remain vigilant and remind users to beware of phishing attacks. It is recommended that users fully understand the project’s background and team before participating in the project and carefully choose investment projects. In addition, internal security training and authority management are required, and professional security companies are found to conduct audits and conduct project background inspections before the project is launched.