
Web3 Security Incidents in January: Total Losses of Approximately $160 Million
TechFlow Selected TechFlow Selected

Web3 Security Incidents in January: Total Losses of Approximately $160 Million
In January 2024, a total of 56 security incidents occurred, resulting in overall losses of approximately $160 million.
Author: SlowMist Security Team
Overview
According to the SlowMist Hacked Archive Database, 56 security incidents occurred in January 2024, resulting in total losses of approximately $160 million. The causes included smart contract vulnerabilities, DDoS attacks, flash loan attacks, price manipulation, and account theft.
Major Incidents
Radiant Capital
On January 3, 2024, the cross-chain lending protocol Radiant Capital was attacked, losing 1,900 ETH (approximately $4.5 million). Analysis shows that the attacker exploited a time window during which a new lending market (derived from Compound/Aave) was activated. The vulnerability also relied on a known rounding issue present in the current Compound/Aave codebase.
On January 4, Radiant Capital stated that the attack resulted in bad debt equivalent to about 1.3% of the protocol's TVL in the WETH market. On January 5, Radiant Capital proposed RFP-27, aiming to reach consensus through the Radiant DAO on capital restructuring for the Arbitrum lending market and repayment of excess debt in the WETH market.

(https://twitter.com/RDNTCapital/status/1742638364933714112)
Gamma
On January 4, 2024, the liquidity management protocol Gamma was attacked, suffering losses of approximately $6.18 million. Gamma explained that its treasury had four main deposit protection mechanisms against flash loans, one of which was "setting a price fluctuation threshold, disallowing deposits when price changes exceed a certain amount." The main issue was that this price fluctuation threshold was set too high, allowing price swings of -50% to +100% for certain LST and stablecoin vaults. This enabled attackers to manipulate prices up to the threshold and mint large amounts of LP tokens.

(https://medium.com/gamma-strategies/post-mortem-remediation-plan-9a62f10d90f3)
Narwhal
On January 5, 2024, the yield farming project Narwhal’s protocol was attacked, losing approximately $1.5 million. All stolen NRW tokens were swapped into USDT and bridged to Ethereum via Stargate. Most of the stolen funds were subsequently transferred to Tornado Cash.

(https://twitter.com/Narwhal_fyi/status/1744042646954488145)
Coinspaid
On January 6, 2024, cryptocurrency payment service provider Coinspaid experienced multiple unauthorized transactions, with hackers stealing approximately $7.5 million worth of digital assets, including 4.8 million USDT, 500 ETH, 97 million CPD, 106,000 USDC, 24,000 BSC-USD, and 268.5 BNB.
Socket
On January 16, 2024, interoperability protocol Socket tweeted that it had suffered a security incident. Attackers exploited a vulnerability in a newly added module within Socket's aggregator system responsible for token swaps on behalf of users. The flaw allowed attackers to steal funds from users who had already granted unlimited token approvals to the Socket Gateway contract. The attack was carried out via two malicious transactions on Ethereum, resulting in total losses of approximately $3.3 million. On January 23, with assistance from the SlowMist Security Team and other partners, Socket successfully recovered 1,032 ETH (worth about $2.2 million), and the Socket team publicly thanked SlowMist for their support.

(https://twitter.com/SocketDotTech/status/1749734794320363802)
Manta Pacific
On January 18, 2024, according to a tweet from Manta Network, Manta Pacific chain suffered an RPC attack around 9 AM UTC. Kenny Li @superanonymousk, co-founder of Manta Network, updated on Twitter that Manta Network was hit by a sophisticated DDoS attack at 9:30 AM UTC—right when their TGE event began. The RPC nodes received over 135 million requests, indicating an extremely intense and well-planned attack.

(https://twitter.com/superanonymousk/status/1747968680686993800)
HTX
On January 19, 2024, HTX posted on social media warning users of ongoing application disruptions, with technical teams working to resolve the issue. Tron founder Justin Sun tweeted that htx.com and HTX_DAO had suffered a DDoS attack.

(https://twitter.com/justinsuntron/status/1748319971837710471)
Concentric Finance
On January 22, 2024, Concentric Finance, a DeFi protocol built on Camelot V3, was attacked, losing approximately $1.7 million. The official Concentric Finance team stated on social media that a team member holding the contract deployer wallet fell victim to a targeted social engineering attack. The attacker exploited a vulnerability to upgrade the vault, mint new LP tokens, and then drain platform assets.

(https://mirror.xyz/concentrictreasury.eth/duXXwBErblGw4CjbsA2JPoRAJqVNsDtiUsK4R6_vhD0)
GMEE
On January 23, 2024, gaming platform GMEE tweeted that its GMEE token contract on Polygon had been compromised due to unauthorized access to GitLab several hours earlier, resulting in the theft of 600 million GMEE tokens (approximately $7 million). The attacker subsequently swapped the tokens for ETH and MATIC, and over the following hours, exchanged the stolen tokens across various DEXs, impacting GMEE token prices on exchanges.

(https://twitter.com/GAMEEToken/status/1749652962849464727)
Nebula Revelation
On January 25, 2024, the staking contract of Nebula Revelation, a space-themed open-world Web3 game, suffered a reentrancy attack. On January 28, Nebula Revelation announced its compensation plan, committing to full reimbursement and deciding to compensate users based on pre-hack token prices to ensure fairness.

(https://twitter.com/NBLGAME/status/1751580737768456594)
Somesing
On January 27, 2024, South Korean Web3 social music service Somesing announced it had suffered a vulnerability exploit the previous Saturday, resulting in the loss of 730 million native SSX tokens, worth approximately $11.58 million. Somesing stated: "It has been confirmed that this hacking incident is unrelated to any members of the Somesing team. Given the method of attack, it may have been carried out by hackers specializing in virtual asset theft." The platform has reported the incident to the National Police Agency and said it will notify Interpol.
Goledo Finance
On January 28, 2024, Conflux-based lending protocol Goledo Finance was attacked, losing 7.9 million CFX (approximately $1.7 million). The Goledo team has completed a preliminary investigation into large-scale loans within the lending pool and confirmed the attack involved flash loans.

(https://twitter.com/GoledoFinance/status/1751442740200517984)
Abracadabra Money
On January 31, 2024, DeFi protocol Abracadabra Money (MIM_Spell) was attacked, suffering losses of approximately $6.5 million. Abracadabra.Money later updated on Twitter that its technical team had identified the root cause—a vulnerability affecting specific Cauldrons V3 and V4, allowing unauthorized borrowing of MIM. The team has mitigated the issue by setting borrowing limits for these cauldrons to zero. They stated that the DAO treasury would fully collateralize the affected $6.5 million to ensure secure operations.

(https://twitter.com/MIM_Spell/status/1752723973891059807)
Ripple
On January 31, 2024, on-chain investigator ZachXBT disclosed that Ripple was hacked, with 213 million XRP (approximately $112.5 million) stolen. Ripple co-founder Chris Larsen tweeted: "Yesterday, some of my personal XRP accounts (not @Ripple) were compromised—we detected the issue quickly and notified exchanges to freeze affected addresses. Law enforcement has been engaged."

(https://twitter.com/chrislarsensf/status/1752702297971532258?s=20)
Summary
This month saw five DDoS attacks. Projects should deploy network monitoring tools, regularly analyze traffic patterns, and promptly identify abnormal traffic and potential attacks. There were 17 Rug Pull incidents this month, accounting for about 30% of all security events, causing losses of approximately $5.26 million. Users should thoroughly research a project's background and team before participating and exercise caution when choosing investments. Three flash loan attacks caused losses totaling around $6.35 million. The SlowMist Security Team recommends that projects remain vigilant, conduct regular security audits, track emerging threats, and address vulnerabilities proactively to best protect their projects and assets.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










