TechFlow news, blockchain security firm SlowMist released its latest security report on September 9. Data shows that in August 2024, the Web3 ecosystem suffered a total of $316 million in losses due to security incidents. Among these, SlowMist Hacked Archives recorded 28 hacking incidents resulting in approximately $253 million in losses, with $13.58 million successfully recovered. These attacks primarily involved various forms such as smart contract vulnerability exploitation, account credential leaks, and frontend attacks.
During the same period, Web3 anti-fraud platform Scam Sniffer reported 9,145 phishing scam victims, with cumulative losses amounting to $62.93 million. Notable major security incidents include:
-
Convergence Finance incident (August 1): The attacker exploited an input validation flaw in the claimMultipleStaking function of the reward distribution contract to illegally mint and sell 58 million CVG tokens, worth about $210,000, and additionally stole $2,000 in unclaimed Convex rewards.
-
Ronin network attack (August 6): The attacker manipulated weight settings to bypass multi-signature threshold checks, illegally withdrawing approximately 4,000 ETH and 2 million USDC from the Ronin Bridge project, totaling around $12 million. The following day, a white-hat hacker returned all stolen assets and received a $500,000 bug bounty.
-
Nexera platform breach (August 7): The attacker obtained management credentials for the Nexera Fundrs platform's smart contract and transferred 47.24 million NXRA tokens from the Fundrs staking contract on Ethereum, causing losses of approximately $1.83 million. The Nexera security team responded swiftly, successfully removing 32.5 million NXRA tokens from the attacker’s wallet, effectively reducing potential losses.




