
May Security and Regulatory Report: Total Losses Amount to $454 Million
TechFlow Selected TechFlow Selected

May Security and Regulatory Report: Total Losses Amount to $454 Million
In May, the total amount lost in various security incidents surged significantly compared to April, with over 28 typical security incidents reported. The combined losses due to hacker attacks, phishing scams, and rug pulls reached $454 million.
Written by: Beosin
It’s time for the monthly security review again! According to monitoring by blockchain security auditing firm Beosin Alert, the financial losses from various security incidents in May 2024 surged significantly compared to April. In May 2024, there were over 28 notable security incidents, with total losses from hacking attacks, phishing scams, and rug pulls reaching $454 million—an increase of approximately 349% compared to April. Losses from hacking attacks amounted to about $355 million (up ~574%), phishing scams reached $97.4 million (up ~754%), while rug pull incidents dropped to around $2.04 million (down ~94.5%).
The largest security incident this month was the DMM Bitcoin exchange in Japan losing approximately $300 million worth of Bitcoin. Additionally, two other hacking attacks each caused losses exceeding $10 million: gaming platform Gala Games lost $22.5 million due to a private key leak, and Sonne Finance suffered a $20 million loss due to a smart contract vulnerability. Phishing scams increased sharply this month, with multiple incidents exceeding $1 million in losses, including one address-poisoning scam that resulted in a $72 million loss. Crypto-related criminal cases continued to rise, with several involving amounts exceeding $100 million.
There were 12 typical hacking incidents this month
No.1 On May 5, GNUS on the Fantom chain was attacked, resulting in a loss of approximately $1.27 million.
No.2 On May 9, the Blast ecosystem project Bloom was attacked, suffering a loss of about $540,000. Around 90% of the stolen funds have been recovered (after deducting a 10% bug bounty).
No.3 On May 10, the Web3 gaming project Galaxy Fox was attacked, losing approximately $300,000.
No.4 On May 10, Tsuru on the Base ecosystem was attacked, losing about $410,000.
No.5 On May 14, the Arbitrum-based DEX project Predy Finance was attacked, losing approximately $460,000.
No.6 On May 15, Alex Lab, a Bitcoin DeFi tool, lost approximately $6.3 million across the Stacks and BSC chains due to a private key theft.
No.7 On May 15, Sonne Finance, a Compound fork project on the Optimism chain, was exploited due to a contract vulnerability, losing $20 million.
No.8 On May 16, the Solana-based pump.fun project was attacked, losing about $1.9 million. A former employee later publicly admitted to the theft on Twitter.
No.9 On May 20, the Web3 gaming platform Gala Games was hacked, allowing the attacker to mint 5 billion GALA tokens. The attacker has returned approximately $22.5 million worth of ETH.
No.10 On May 21, TonUP, a launchpad platform in the TON ecosystem, was attacked due to an engineer's misconfiguration of script parameters, resulting in a loss of about $107,000.
No.11 On May 26, Normie, a meme coin on the Base ecosystem, was attacked, losing approximately $490,000.
No.12 On May 31, Japanese cryptocurrency exchange DMM Bitcoin was attacked, losing up to $300 million. Approximately 4,502 BTC were distributed across 10 addresses.
There were 6 typical phishing / rug pull incidents this month
No.1 On May 3, a whale address fell victim to an address poisoning scam, losing $72 million.
No.2 On May 14, the fake Pii Park project on Polygon conducted a rug pull, with the deployer profiting approximately $490,000.
No.3 On May 14, an address starting with 0xff49 was drained via a Pink Drainer phishing attack, losing about $1.66 million.
No.4 On May 16, an address starting with 0x719e was targeted by a phishing scam, losing about $1.25 million.
No.5 On May 18, an address starting with 0xee6a was scammed, losing Pendle yield tokens valued at approximately $5.6 million.
No.6 On May 26, an address starting with 0x2154 was targeted by a phishing scam, losing about $6.9 million.
There were 10 typical crypto crime incidents this month
No.1 On May 2, U.S. FBI dismantled a Ponzi scheme using crypto investments as bait, involving $43 million.
No.2 On May 10, police in Jilin Province cracked a case involving illegal foreign exchange operations using virtual currencies, amounting to approximately RMB 2.14 billion.
No.3 On May 14, Alexey Pertsev, one of the developers of the Tornado Cash mixing service, was convicted of money laundering and sentenced to 64 months in prison in the Netherlands.
No.4 On May 15, Chengdu police solved a major underground banking case using USDT as the medium, involving a staggering RMB 13.8 billion.
No.5 On May 15, Canada’s so-called “Crypto King” and his accomplices were arrested, accused of defrauding investors of $30 million through cryptocurrency and forex investment schemes.
No.6 On May 17, the U.S. Department of Justice arrested two Chinese nationals suspected of leading a money laundering operation linked to international cryptocurrency investment fraud, involving at least $73 million.
No.7 On May 21, U.S. authorities arrested and charged a man from Taiwan for operating a darknet drug marketplace, allegedly selling over $100 million worth of illegal narcotics—including fentanyl—using cryptocurrency.
No.8 On May 24, Jian Wen, a British-Chinese woman, was sentenced to six years and eight months in prison by a UK court for her role in laundering 61,000 bitcoins (linked to Tianjin Blue Sky Greed’s RMB 43 billion illegal fundraising case).
No.9 On May 26, the former CEO of Heartland Tri-State Bank in the U.S. pleaded guilty to embezzling $47.1 million, which led to the bank's collapse, with stolen funds transferred into cryptocurrency accounts.
No.10 On May 31, Turkey detained 127 suspects allegedly involved in "international fraud through Ponzi schemes," said to have stolen over $1 billion in recent years.
Regulatory, Compliance, and Policy Developments
No.1 On May 7, Emilio B. Aquino, Chairman of the Philippine Securities and Exchange Commission (SEC), stated that the commission plans to introduce a regulatory framework for crypto assets and their trading in the second half of this year. Cryptocurrency exchanges targeting Filipinos must obtain the necessary licenses required under Republic Act No. 8799 before commencing operations.
No.2 On May 22, the U.S. House of Representatives passed the "Financial Innovation and Technology for the 21st Century Act" (FIT21) by a vote of 279 to 136. The bill aims to establish a new legal framework for digital currencies and clarify the regulatory responsibilities between the SEC and CFTC regarding digital assets.
No.3 On May 28, South Africa’s Financial Intelligence Centre (FIC) proposed a directive on crypto asset transfers. This follows licensing approvals for 75 crypto asset service providers (CASP) by South Africa’s Financial Sector Conduct Authority. The FIC aims to tighten oversight by requiring CASPs to implement more detailed and stringent requirements for digital transactions.
No.4 On May 29, Canada is expected to adopt the International Crypto-Asset Reporting Framework (CARF) for taxation by 2026. CARF will impose new reporting obligations on crypto asset service providers (CASP), including cryptocurrency exchanges, brokers, dealers, and automated teller machine operators, whether individuals or corporate entities.
No.5 On May 31, Wong Wai-lun, Acting Financial Secretary of the Hong Kong Special Administrative Region Government, delivered a keynote speech at the 2024 Caixin Summer Summit, stating that Hong Kong will continue to fully promote financial innovation, with key areas including DeFi (decentralized finance), virtual assets, fintech, green finance, and Web3 (the third-generation internet).
Given the current landscape of blockchain security, Beosin concludes:
Overall, financial losses from blockchain security incidents rose in May 2024. The attacks this month affected numerous platforms across various blockchains, including Ethereum, BNB Chain, Blast, Fantom, Stacks, Optimism, Arbitrum, Solana, Ton, and Base, indicating that hackers are actively seeking opportunities across different chains. Project teams and users alike should enhance their security awareness. Phishing scams increased sharply this month; users are advised to safeguard their private keys, carefully verify signature messages, and double-check recipient addresses before making transfers.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News












