Web3 Security Incidents in January 2025: Total Losses of Approximately $98.19 Million
TechFlow Selected TechFlow Selected
Web3 Security Incidents in January 2025: Total Losses of Approximately $98.19 Million
This month, there were 9,220 phishing victims, with losses amounting to $10.25 million.
Navigating Web3 tides with focused insightsAuthor: SlowMist Security Team
Overview
In January 2025, Web3 security incidents resulted in total losses of approximately $98.19 million. According to statistics from the SlowMist Hacked Database (https://hacked.slowmist.io), there were 40 hacking incidents causing around $87.94 million in losses, with $1.47 million recovered. The causes included smart contract vulnerabilities, account breaches, and private key leaks. Additionally, according to Web3 anti-fraud platform Scam Sniffer, there were 9,220 phishing victims this month, resulting in losses amounting to $10.25 million.
(https://dune.com/scam-sniffer/january-scam-sniffer-2025-scam-report)
Major Security Incidents
Phemex
On January 23, 2025, Singapore-based cryptocurrency exchange Phemex suffered an attack on its hot wallet, resulting in losses of approximately $70 million. Phemex CEO Federico Variola stated on X: "Hello everyone, we are investigating reports regarding one of our hot wallets. Please rest assured that the cold wallets remain secure and verifiable by anyone. We will provide further updates soon."
(https://x.com/MistTrack_io/status/1882412516518789500)
NoOnes
On January 1, 2025, P2P trading platform NoOnes was attacked, leading to hundreds of suspicious withdrawal transactions from its hot wallets on Ethereum, Tron, Solana, and BSC, resulting in losses of approximately $7.2 million. CEO Ray Youssef explained that the incident was due to exploitation of its Solana bridge.
(https://x.com/ray_noOnes/status/1882744360812306885)
AdsPower
On January 24, 2025, AdsPower's security team discovered a breach where hackers distributed malicious code that compromised certain third-party browser extensions, resulting in theft exceeding $4.7 million. TechFlow has joined the analysis. Users who have used AdsPower and installed or manually updated extension wallets between January 21, 18:00 and January 24, 18:00 (UTC+8), may be using a backdoored version (posing risks of mnemonic/private key theft). It is recommended to immediately transfer assets from affected wallets.
(https://x.com/AdsPowerBrowser/status/1882983731419570220)
Moby
On January 8, 2025, attackers gained control of the private key used to authorize upgrades of Moby's core contracts, compromising the protocol. This attack exposed 3.77 wBTC, 207.76 wETH, and 1,500,351.5 USDC from the sOLP and mOLP liquidity pools. With assistance from the Seal911 team, Moby has recovered approximately 1.47 million USDC.
(https://medium.com/moby-trade/moby-post-mortem-report-growth-plan-504ad5b0dd35)
Orange Finance
On January 8, 2025, Arbitrum-based liquidity management project Orange Finance suffered a loss of $830,000 worth of assets due to misconfigured multi-signature settings. The attacker obtained ownership of each vault, modified their implementations, and withdrew deposited assets along with over-privileged funds. Approximately 94% ($780,000) of the total loss came from deposited assets, while the remaining 6% ($47,000) resulted from over-privilege exploitation.
(https://mirror.xyz/0x6FA2aF9a4d6fFe654361F713780963C10412e7c3/gN17YMrLhKKg9YT9a391U74pWr9IhqBUDWUqDyDamjE)
Incident Analysis and Security Recommendations
Account breaches have been frequent recently. According to data from the SlowMist Hacked Database, 21 account breaches occurred in January, accounting for about half of all incidents, with particularly prominent cases involving political figures or politically themed accounts. Hackers or malicious actors promote meme coins via social media, leveraging users' FOMO mentality to attract investments before rug-pulling. For example, the X account @TrumpDailyPosts posted four tweets promoting a meme coin and deleted them within minutes, stealing approximately $1.25 million. Users are advised to stay vigilant, verify information sources before purchasing tokens, and avoid sudden announcements on social media—especially those involving political figures, well-known institutions, or celebrities—to prevent falling victim to scams.
In addition, TechFlow has observed that many recent victim reports are related to the "fake Safeguard" scam on Telegram. Details about this malicious technique and countermeasures can be found at New Tactics | Fake Safeguard Scams on Telegram.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@SlowMist_Team
