
July Security Report | Private Key Leaks Account for Approximately 88% of Total Losses, Exceeding $260 Million
TechFlow Selected TechFlow Selected

July Security Report | Private Key Leaks Account for Approximately 88% of Total Losses, Exceeding $260 Million
In July, the total losses across the internet amounted to approximately $290 million, with 88.31% of the losses caused by private key leaks. Among these, WazirX suffered a loss of about $235 million due to a multi-signature wallet private key leak, making it the largest security incident in July.
In July, the total losses across the entire network amounted to approximately $290 million, with 88.31% of these losses caused by private key leaks. Among them, WazirX suffered a loss of about $235 million due to a multi-signature wallet private key leak, making it the largest security incident in July.

Largest Security Incident – Private Key Leak
On July 18, WazirX experienced a private key leak from its multi-signature wallet, resulting in a loss of approximately $235 million.
Largest Security Incident – Phishing Scam
On July 24, an Ethereum chain address 0x07...fDC9 lost Pendle restaking tokens worth $4.69 million.
Largest Security Incident – REKT
On July 16, LiFi Protocol, a cross-chain bridge aggregation protocol, was attacked, leading to a loss of about $10 million. The attacker exploited an arbitrary call vulnerability, allowing them to steal assets authorized by users to this contract.
Largest Security Incident – Rug Pull
On July 21, ETH TrustFund conducted a rug pull and stole approximately $2 million worth of cryptocurrency on Base.
Case Analysis
On July 15, Minterest suffered a major security incident on Mantle, resulting in a loss of approximately $1.4 million. Currently, the project team has suspended the protocol.
Process Analysis:
1) Flash loaned 4.265 million USDY from the USDY/USDT liquidity pool on Mantle DEX;

Within its callback function: performed a total of 25 loops involving FlashLoan & Redeem Underlying actions;

2) Flash loaned 392,700 USDY from the mUSDY market;

Within its callback function: called two methods—wrap & lendRUSDY;

3) Deposited 4.265 million USDY and received 4.473 million mUSD based on share price;

4) Used the 4.473 million mUSD share tokens obtained in the previous step to borrow 2,747,677 mUSDY;

Step one: transferred in 4.473 million mUSD share tokens;
Step two: unwrapped the 4.473 million mUSD back into 4.265 million USDY placed within the mUSDY market contract;
Step three: transferred 2,747,677 mUSDY to the user;

5) Withdrew underlying USDY assets; the hacker calculated how many Redeem Tokens (mUSDY) were needed to withdraw 4.265 million USDY, discovering that during Redeem Underlying, they only had to repay 2,566,963 mUSDY, thus leaving 180,714 mUSDY as profit;

6) After repeating the above steps approximately 25 times, the hacker profited around $1.4 million.
OKLink Tips
Total losses across the network in July amounted to approximately $290 million, representing a 38.01% increase compared to June’s total losses, with 88.31% of the losses attributed to private key leaks. OKLink reminds users never to disclose your private keys or seed phrases to anyone, avoid saving or memorizing them via screenshots or other forms, and refrain from clicking unverified links. Security awareness is a crucial defense for protecting yourself in the Web3 world.
Web3 on-chain tools have become essential for mitigating risks. OKLink offers tools such as address lookup and monitoring, on-chain data alerts, and private label creation, providing multidimensional data comparisons to safeguard every operation.

Additionally, OKLink has launched EaaS (Explorer-as-a-Service), a scalable solution designed to address challenges faced by projects, offering zero-cost setup, rapid deployment, multi-chain support, advanced block analysis, and open APIs.

Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










