
March Web3 Security Incident Report: Total Losses Approximately $139 Million
TechFlow Selected TechFlow Selected

March Web3 Security Incident Report: Total Losses Approximately $139 Million
In March 2024, a total of 33 security incidents occurred, resulting in overall losses of approximately $139 million, caused by smart contract vulnerabilities, insider malice, flash loan attacks, private key leaks, and account theft.
Author: SlowMist Security Team
Overview
According to the SlowMist Hacked Database, in March 2024, there were 33 security incidents with total losses of approximately $139 million. The causes involved smart contract vulnerabilities, insider misconduct, flash loan attacks, private key leaks, and account thefts.
Major Incidents
WOOFi
On March 5, 2024, the sPMM algorithm controlling WOOFi trading pricing on Arbitrum was exploited by a DEX named WOOFi. This exploit consisted of a series of flash loans, where the attacker manipulated the price of WOO using low liquidity and then repaid the flash loans at a lower cost. Within a very short time, the attacker repeated the attack three times, profiting approximately $8.75 million after repaying the flash loans.

(https://twitter.com/_WOOFi/status/1765150687166415129)
Unizen
On March 9, 2024, the DeFi trading platform Unizen lost approximately $2.1 million in USDT due to an external call vulnerability in its smart contract. On March 12, Unizen's CTO Martin Granström tweeted that $185,000 worth of stolen funds had been recovered from four hackers.

(https://twitter.com/SlowMist_Team/status/1766311510362734824)

(https://twitter.com/MartinGranstrom/status/1767279080380973084)
Mozaic
On March 15, 2024, the DeFi project Mozaic was attacked, and approximately $2 million was stolen. According to Mozaic, the theft was carried out by a developer who successfully obtained the private keys held by core team members. Mozaic also stated that about 90% of the stolen funds had been frozen on MEXC.

(https://twitter.com/Mozaic_Fi/status/1768754080271196178)
Remilia
On March 17, 2024, Remilia, the parent company of Milady, had its hot wallet and multi-sig treasury compromised, resulting in the transfer and sale of assets from multiple official Remilia wallets. Milady founder Charlotte Fang tweeted that she had been hacked. Despite the finance department using a multi-signature setup, the private keys were stored in a password manager, which Fang claimed had been breached. The attacker stole approximately 490 ETH (about $1.8 million), $58,000 in USDC, over 130 Milady NFTs, 320 Remilio NFTs, and hundreds of derivative tokens issued on the NFTX platform. Based on minimum prices, the value of these assets exceeded $6 million.

(https://twitter.com/CharlotteFang77/status/1769128702561198519)
Dolomite
On March 20, 2024, an old contract of the decentralized exchange protocol Dolomite on the Ethereum mainnet within the Arbitrum ecosystem was exploited due to a vulnerability, affecting approximately 187 victims who collectively lost about 1,245,271 USDC, 94,423 DAI, and 165.9 WETH (totaling around $1.8 million). By March 24, with assistance from the SlowMist security team and other partners, Dolomite had recovered 90% of the stolen funds. Dolomite also expressed gratitude to the SlowMist security team.

(https://twitter.com/Dolomite_io/status/1773845966707454026)
Super Sushi Samurai
On March 22, 2024, the new blockchain game Super Sushi Samurai based on the Blast Layer 2 was attacked due to a vulnerability in its token contract, resulting in losses of approximately $4.6 million. Shortly after the theft, the attacker contacted the project, claiming to be a white hat. Subsequently, Super Sushi Samurai confirmed that all funds had been returned, with 5% given as a bounty.

(https://twitter.com/SSS_HQ/status/1771054306520867242)
Curio Ecosystem
On March 24, 2024, the RWA infrastructure Curio Ecosystem was attacked, suffering losses of approximately $16 million involving its MakerDAO-based smart contracts. The suspected cause was a privilege access logic flaw, which allowed the attacker to mint an additional 1 billion CGT tokens.

(https://twitter.com/curio_invest/status/1771635979192774674)
Munchables
On March 27, 2024, the Blast ecosystem project Munchables was attacked, losing approximately $62.5 million. On the same day, Pacman, founder of Blast, tweeted: "Blast core contributors have secured $97 million via multi-sig. Thanks to the former Munchables developer for choosing to return all funds without any ransom."

(https://twitter.com/PacmanBlur/status/1772871466935013701)
Prisma Finance
On March 28, 2024, the decentralized lending protocol Prisma Finance was attacked, resulting in total losses of approximately 3,257.7 ETH (around $11.6 million). The root cause was the lack of input validation in the onFlashloan function of the MigrateTroveZap contract, allowing attackers to forge migration data and perform unauthorized collateral transfers, harming legitimate Prisma Finance users.

(https://twitter.com/PrismaFi/status/1773316945430852058)
On the same day, an address starting with 0x2d4, identified as one of the attackers of Prisma Finance, messaged the project stating: "This action was a white hat rescue; who can I contact to return the funds?" However, subsequent communication between both parties appeared to go poorly.

(https://etherscan.io/idm?addresses=0x2d413803a6ec3cb1ed1a93bf90608f63b157507a,0xd8531a94100f15af7521a7b6e724ac4959e0a025&type=1)
Solana
Recently, the Solana ecosystem has been dealing with a series of wallet thefts. Although the exact cause remains undetermined, some thefts are linked to trading bots similar to Solareum. According to security researcher Plum, a vulnerability in the Solareum Telegram trading bot led to losses of approximately $1 million in SOL.

(https://twitter.com/Plumferno/status/1774549022813872164)
Summary
Among the 33 security incidents this month, four projects (Munchables, Super Sushi Samurai, Dolomite, and Unizen) recovered approximately $68.46 million in stolen funds;
Three insider misconduct incidents this month resulted in losses totaling $65.4 million, accounting for 46.9% of the total stolen amount this month. The SlowMist security team recommends that project teams carefully review internal security measures and strengthen access controls over sensitive information and assets;
Eight smart contract exploitation incidents caused losses of approximately $36.89 million this month. The SlowMist security team advises project teams to remain vigilant, conduct regular security audits, track and address emerging security threats and vulnerabilities to best protect their projects and assets;
Finally, the incidents included in this article represent the major security events of the month; individual user theft cases were not included in the statistics. More blockchain security incidents can be viewed on the SlowMist Hacked Database (https://hacked.slowmist.io/); clicking the original link will redirect directly.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










