
April Security Report: Total on-chain losses across the network decreased by 42.11% month-on-month compared to March
TechFlow Selected TechFlow Selected

April Security Report: Total on-chain losses across the network decreased by 42.11% month-on-month compared to March
OKLink, as your first stop for security, offers 40+ leading blockchain explorers, providing users with a one-stop portal for all inquiries.
Security awareness is your strongest shield in the Web3 world and the first line of defense for protecting your digital assets.
As your first stop for security, OKLink provides access to over 40 leading blockchain explorers, offering users a one-stop portal for all inquiries.
Meanwhile, tools such as address monitoring, token approval checks, and address health analysis comprehensively empower users to navigate Web3 securely.

1. Total losses across the network this month amounted to approximately $110 million, a 42.11% decrease compared to March.
2. Official social media channels suffered 32 scam and phishing incidents, accounting for 7.67% of total losses. These primarily occurred on X (formerly Twitter), Discord, and various phishing websites.
3. REKT and RugPull incidents accounted for 43.90% and 44.07% of losses respectively, while other security incidents made up 4.36%.
Case Analysis:
|
On April 19, Hedgey Finance suffered a major security vulnerability on Ethereum and Arbitrum, resulting in losses of about $44.7 million. The hacker exploited a flaw lacking user input validation, gaining authorization over the vulnerable contract and thereby stealing its assets. This became the largest REKT incident in April.
Attack Process: Attack Transaction: https://www.oklink.com/cn/eth/tx/0xa17fdb804728f226fcd10e78eae5247abd984e0f03301312315b89cae25aa517
1) Took a flash loan of 1.3 million USDC from Balancer;
2) Deposited 1.3 million USDC into the ClaimCampaigns contract via createLockedCampaign();
3) Due to missing input validation, the ClaimCampaigns contract incorrectly granted approval of 1.3 million USDC to a malicious address;
4) Withdrew the deposited 1.3 million USDC via cancelCampaign(). At this point, the attacker obtained approval over 1.3 million USDC from the contract, enabling them to steal the funds in subsequent transactions;
5) Repaid the flash loan; https://www.oklink.com/cn/eth/tx/0x2606d459a50ca4920722a111745c2eeced1d8a01ff25ee762e22d5d4b1595739
6) Used the obtained approval to withdraw 1.3 million USDC from the ClaimCampaigns contract.
Vulnerable Code: https://etherscan.deth.net/address/0xbc452fdc8f851d7c5b72e1fe74dfb63bb793d511
|
Largest RugPull Incident in April
On April 21, the crypto gaming platform ZKasino executed a rug pull, causing losses of approximately $33 million.
OKLink Security Tips
While total losses from security incidents this month decreased compared to last month, there are still many cases involving private key leaks. Never disclose your private keys or recovery phrases to anyone, and avoid storing them as screenshots. Exercise caution when downloading software to prevent malware infections that could lead to leakage of your keys. Approach projects promising unusually high returns with skepticism, and always conduct thorough research on both the project and its team before investing.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News



















