Web3 security incidents in January 2025: Total losses of approximately US$98.19 million

Author: Slow Fog Safety Team

Overview

In January 2025, the total loss of Web3 security incidents was approximately US$98.19 million. Among them, according to the statistics of the Slow Fog Blockchain Hacked Archive (https://hacked.slowmist.io), there were 40 hacked incidents, resulting in losses of approximately US$87.94 million and 1.47 million US dollars were returned. The cause of the incident involves Contract vulnerabilities, account hacks and private key leaks, etc. In addition, according to Web3 anti-scam platform Scam Sniffer, there were 9,220 phishing victims this month, with a loss of US$10.25 million.

(https://dune.com/scam-sniffer/january-scam-sniffer-2025-scam-report)

Major security incidents

Phemex

On January 23, 2025, a hot wallet of Singapore-based cryptocurrency exchange Phemex was attacked, resulting in a loss of approximately $70 million. Phemex CEO Federico Variola said on X platform: "Hello everyone, we are investigating reports about a hot wallet. Please rest assured that cold wallets are still safe and anyone can check them. We will bring more updates as soon as possible."

(https://x.com/MistTrack_io/status/1882412516518789500)

NoOnes

On January 1, 2025, P2P trading platform NoOnes was attacked, and its hot wallet saw hundreds of suspicious transfer transactions on Ethereum, Tron, Solana and BSC, losing about $7.2 million. CEO Ray Youssef explained that the cause of the incident was the use of its Solana bridge.

(https://x.com/ray_noOnes/status/1882744360812306885)

AdsPower

On January 24, 2025, AdsPower's security team discovered an intrusion incident. Hackers spread malicious code and caused some third-party browser plug-ins to be tampered with, and more than 4.7 million US dollars were stolen. The Slow Fog Security Team has intervened in the analysis. If the user has used AdsPower and has installed an extension wallet from 18:00 January 21 to 18:00 January 24 (UTC+8) or has manually updated an extension wallet, the extension wallet on the user's AdsPower may have a backdoor (Mnemonic / Private Keys are at risk of stolen), please transfer the assets of the relevant wallet as soon as possible.

(https://x.com/AdsPowerBrowser/status/1882983731419570220)

Moby

On January 8, 2025, the attacker controlled the private key used to authorize the upgrade of Moby's core contract, resulting in a compromise of the protocol. This attack resulted in exposure of 3.77 wBTC, 207.76 wETH and 1,500,351.5 USDC in the sOLP and mOLP liquidity pool to risk. Moby has recovered approximately 1.47 million USDC with the assistance of the Seal911 team.

(https://medium.com/moby-trade/moby-post-mortem-report-growth-plan-504ad5b0dd35)

Orange Finance

On January 8, 2025, the Arbitrum-based liquidity management project Orange Finance was stolen due to a multi-signature configuration error. The attacker took ownership of each vault, modified their implementation, and extracted deposited assets and over-authorized funds. About 94% of the total losses (about $780,000) are derived from deposited assets, while the remaining 6% (about $47,000) are caused by excessive authorization.

(https://mirror.xyz/0x6FA2aF9a4d6fFe654361F713780963C10412e7c3/gN17YMrLhKKg9YT9a391U74pWr9IhqBUDWUqDyDamjE)

Characteristic analysis and safety suggestions

Recently, theft of accounts have frequently occurred. According to statistics from the Slow Fog Blockchain hacked archive, 21 accounts have been stolen in January, accounting for about half of the total number of events. Among them, accounts related to politicians or political content have been stolen. The situation is particularly prominent. Hackers or malicious actors use social media to promote Meme coins, use users' FOMO emotions to attract funds, and then run away with the money. For example, X account @TrumpDailyPosts posted 4 tweets promoting Meme coins, quickly deleted within minutes. , about $1.25 million was swept away. Therefore, it is recommended that users be vigilant, verify the source of information before purchasing tokens, and do not trust sudden announcements on social media, especially Meme coins involving politicians, well-known institutions or celebrities, to avoid falling into scams.

In addition, the Slow Fog Security Team noticed that the help information received by many victims recently was related to the "fake Safeguard" scam on Telegram. Related methods and response measures include new methods | Telegram fake Safeguard scam .