Original Author: Beosin Research Team Mario, Tian Daxia Donny

Original Source: Beosin

Preface

This research report was initiated by the Blockchain Security Alliance and co-authored by alliance members Beosin, Web3 Xiao Lu, and Elven, aiming to comprehensively explore the key regulatory policies for the global blockchain security situation and cryptocurrency industry in 2023. Through the analysis and evaluation of the current global blockchain security situation, the report will reveal the current security challenges and threats, and provide solutions and best practices. At the same time, the report will also examine the positions and policy orientations of governments and regulatory agencies in the regulation of the cryptocurrency industry to help readers understand the dynamic changes in the regulatory environment and their potential impact.

Through this report, readers will be able to gain a more comprehensive understanding of the dynamic evolution of the Web3 blockchain security situation and the core points of regulatory policies. This will help readers assess and address the security challenges faced in the blockchain field and promote the sustainable development of the industry while complying with regulatory requirements. In addition, readers can also obtain valuable advice on security measures, compliance requirements, and industry development directions from the report to help them make informed decisions and actions in this emerging field. Blockchain security and regulation are key issues for the development of the Web3 era. Through in-depth research and discussion, we can better understand and address these challenges, and promote the security and sustainable development of blockchain technology.

I. Overview of the 2023 Web3 Blockchain Security Situation

According to the monitoring of the EagleEye platform under the blockchain security audit company Beosin, the total losses caused by hacker attacks, phishing scams, and project rug pulls in the Web3 field in 2023 reached 2.02 billion US dollars. There were 191 attack incidents with a total loss of approximately 1.397 billion US dollars; there were 267 rug pull incidents with a total loss of approximately 388 million US dollars; and the total loss from phishing scams was approximately 238 million US dollars.

In 2023, the incidents of hacker attacks, phishing scams, and project rug pulls all decreased significantly compared to 2022, with a total decrease of 53.9%. The decrease in hacker attack incidents was the most significant, dropping from 3.6 billion US dollars in 2022 to 1.397 billion US dollars in 2023, a decrease of approximately 61.2%. The losses from phishing scams decreased by 33.2% compared to 2022, and rug pull losses decreased by 8.8%.

In 2023, there were 4 attack incidents with losses exceeding 100 million US dollars, and 17 attack incidents with losses in the range of 10 million US dollars to 100 million US dollars. The top 10 security incidents in the year accounted for approximately 1 billion US dollars, which is 71.5% of the total annual attack incident amount.

The types of projects attacked in 2023 were more diverse compared to 2022, including DeFi, CEX, DEX, public chains, cross-chain bridges, wallets, payment platforms, gambling platforms, crypto brokers, infrastructure, password managers, development tools, MEV robots, and TG robots, among others. DeFi was the most frequently attacked and highest loss-making project type, with 130 DeFi attacks causing a total loss of approximately 408 million US dollars.

In 2023, there were more frequent attacks on public chains, with multiple security incidents of theft across multiple chains. Ethereum remained the public chain with the highest amount of losses, with 71 Ethereum-based attack incidents causing a loss of 766 million US dollars, accounting for 54.9% of the total annual losses.

In terms of attack methods, 30 incidents of private key leaks caused a total loss of approximately 627 million US dollars, accounting for 44.9% of the total losses, making it the most damaging attack method. Contract vulnerability exploitation was the most frequently occurring attack method, with 99 out of 191 attack incidents coming from contract vulnerability exploitation, accounting for 51.8%.

Approximately 295 million US dollars of stolen funds were recovered throughout the year, accounting for approximately 21.1%, a significant increase compared to 2022. Approximately 330 million US dollars of stolen funds were transferred to mixers, accounting for 23.6% of the total stolen funds.

Unlike the significant decrease in on-chain hacker attacks, phishing scams, and project rug pull amounts, there was a significant increase in off-chain cryptocurrency crime data in 2023. The global cryptocurrency industry crime amount reached a staggering 65.688 billion US dollars in 2023, an increase of approximately 377% from 13.76 billion US dollars in 2022. The top three types of crimes in terms of amount involved were online gambling, money laundering, and fraud.

II. Top 10 Security Incidents in the 2023 Web3 Ecosystem

In 2023, there were 4 attack incidents with losses exceeding 100 million US dollars: Mixin Network (200 million US dollars), Euler Finance (197 million US dollars), Poloniex (126 million US dollars), and HTX & Heco Bridge (110 million US dollars). The top 10 security incidents accounted for approximately 1 billion US dollars, which is 71.5% of the total annual attack incident amount.

No.1 Mixin Network

Loss Amount: 200 million US dollars

Attack Method: Cloud service provider database attack

In the early hours of September 23, Mixin Network's cloud service provider database was hacked, resulting in the loss of some assets on the mainnet, involving approximately 200 million US dollars. On September 25, the founder of Mixin publicly explained the incident in a live broadcast, stating that the damaged assets were mainly core Bitcoin assets, and assets such as BOX and XIN did not experience serious theft. The specific details of the attack cannot be disclosed at this time.

No.2 Euler Finance

Loss Amount: 197 million US dollars

Attack Method: Contract vulnerability - business logic issue

On March 13, the DeFi lending protocol Euler Finance was attacked, resulting in a loss of approximately 197 million US dollars. The fundamental reason for the attack was the failure of the contract to correctly check the health status of the actual token holdings of users and the ledger after the donation. All stolen funds from this incident have been fully returned by the attackers.

No.3 Poloniex

Loss Amount: 1.26 billion US dollars

Attack Method: Private Key Leakage/APT Attack

On November 10, addresses related to the exchange Poloniex, owned by Sun Yuchen, continued to transfer large amounts of assets, suspected to be stolen. Subsequently, Sun Yuchen and Poloniex confirmed the theft in announcements on social media platforms. According to the Beosin security team's tracking and statistics using Beosin Trace, the total stolen assets from Poloniex amounted to approximately 1.26 billion US dollars.

No.4 HTX & Heco Bridge

Loss Amount: 1.1 billion US dollars

Attack Method: Private Key Leakage

On November 22, the exchange HTX and the cross-chain bridge Heco Bridge, owned by Sun Yuchen, were hacked, resulting in a total loss of 1.1 billion US dollars, with Heco Bridge losing 86.6 million US dollars and HTX losing approximately 23.4 million US dollars.

No.5 Curve/Vyper

Loss Amount: 73 million US dollars

Attack Method: Contract Vulnerability - Reentrancy

In the early hours of July 31, the Ethereum programming language Vyper tweeted that versions 0.2.15, 0.2.16, and 0.3.0 of Vyper had a reentrancy lock vulnerability, and with the native ETH being able to call back during transfers, several stablecoin pools using Vyper 0.2.15 were attacked due to the malfunction of the reentrancy lock. The loss from this incident was approximately 73 million US dollars.

No.6 CoinEx

Loss Amount: 70 million US dollars

Attack Method: Private Key Leakage/APT Attack

On September 12, the cryptocurrency exchange CoinEx issued a statement stating that the risk control system detected suspicious large withdrawal activity from the hot wallet used to temporarily store platform trading assets. The incident mainly involved assets such as ETH, TRON, Polygon, and the stolen amount was approximately 70 million US dollars.

No.7 AtomicWallet

Loss Amount: 67 million US dollars

Attack Method: Private Key Leakage/APT Attack

Beosin's EagleEye security risk monitoring, alerting, and blocking platform detected an attack on Atomic Wallet in early June. According to Beosin's team statistics based on known victim reports on the chain, the attack resulted in a loss of at least approximately 67 million US dollars.

No.8 Alphapo

Loss Amount: 60 million US dollars

Attack Method: Private Key Leakage/APT Attack

On July 23, the cryptocurrency payment service provider Alphapo's hot wallet was hacked, resulting in a total loss of 60 million US dollars. This incident was attributed to the North Korean hacker group Lazarus.

No.9 KyberSwap

Loss Amount: 54.7 million US dollars

Attack Method: Contract Vulnerability - Business Logic Issue

On November 22, the DEX project KyberSwap was attacked, resulting in a total loss of approximately 54.7 million US dollars. Kyber Network stated that this hacker attack was one of the most complex attacks in DeFi history, as the attackers needed to execute a series of precise on-chain operations to exploit the vulnerability.

No.10 Stake.com

Loss Amount: 41.3 million US dollars

Attack Method: Private Key Leakage/APT Attack

On September 4, the cryptocurrency gambling platform Stake.com experienced a hacker attack. After the attack, Stake.com stated that unauthorized transactions occurred in its hot wallets on ETH and BSC, and an investigation is underway. Withdrawals and deposits will be resumed as soon as the wallets are fully secured. This incident was attributed to the North Korean hacker group Lazarus.

### Types of Attacked Projects

Compared to 2022, the types of projects attacked in 2023 are more diverse, and the losses are no longer concentrated in a few project types. In addition to the common types such as DeFi, CEX, DEX, public chains, cross-chain bridges, wallets, in 2023, hacker attacks also occurred in various project types such as payment platforms, gambling platforms, cryptocurrency brokers, infrastructure, password managers, development tools, MEV robots, TG robots, and more.

In 2023, out of 191 attack incidents, DeFi projects accounted for 130 (about 68%), making it the most frequently attacked project type. The total loss from DeFi attacks was approximately 408 million US dollars, accounting for 29.2% of all losses and making it the project type with the highest losses.

The second-highest loss was from CEX (centralized exchanges), with 9 attacks resulting in a total loss of 275 million US dollars. Additionally, there were 16 attack incidents in the DEX (decentralized exchanges) category, with a total loss of approximately 85.68 million US dollars. Overall, exchange security incidents were frequent in 2023, making it the second-largest challenge after DeFi security.

### Loss Amounts by Blockchain

Compared to 2022, the types of public chains involved in attack incidents in 2023 were more diverse, mainly due to multiple instances of CEX private key leaks resulting in losses across multiple chains. The top five in terms of loss amounts were Ethereum, Mixin, HECO, BNB Chain, and TRON. In terms of the number of attack incidents, the top five were BNB Chain, Ethereum, Arbitrum, Polygon, Optimism, and Avalanche (tied for 5th).

Similar to 2022, Ethereum remained the public chain with the highest loss amount. 71 attack incidents on Ethereum resulted in a loss of 766 million US dollars, accounting for 54.9% of the total losses for the year.

Mixin Chain ranked second in terms of losses, with a single security incident resulting in a loss of 200 million US dollars. HECO ranked third, with a loss of approximately 92.6 million US dollars.

### Analysis of Attack Methods

Compared to 2022, the attack methods in 2023 were more diverse, with an increase in various Web2 attack methods, including database attacks, supply chain attacks, third-party service provider attacks, man-in-the-middle attacks, DNS attacks, and frontend attacks.

In 2023, 30 instances of private key leaks resulted in a total loss of 627 million US dollars, accounting for 44.9% of the total losses, making it the most damaging attack method. Major incidents of significant losses due to private key leaks include: Poloniex (126 million US dollars), HTX & Heco Bridge (110 million US dollars), CoinEx (70 million US dollars), Atomic Wallet (67 million US dollars), and Alphapo (60 million US dollars). Most of these incidents are related to the North Korean APT group Lazarus.

Exploiting contract vulnerabilities was the most frequent attack method, with 99 out of 191 attack incidents attributed to this method, accounting for 51.8%. The total loss from contract vulnerabilities was 430 million US dollars, ranking second in terms of loss amounts.

By vulnerability type, the most frequent and most damaging is the business logic vulnerability. Approximately 72.7% of the losses from contract vulnerabilities were due to business logic vulnerabilities, resulting in a total loss of about 313 million US dollars. The second-highest loss from contract vulnerabilities was due to reentrancy, with 13 instances resulting in a loss of approximately 93.47 million US dollars.

VI. Analysis of Typical Case Attack Methods ------------

6.1 EulerFinance Security Incident

Event Summary

On March 13, the lending project Euler Finance on the Ethereum chain was attacked through a flash loan, resulting in a loss of 197 million US dollars.

On March 16, the Euler Foundation offered a reward of 1 million US dollars to gather information leading to the arrest of the hacker and the return of the stolen funds.

On March 17, Euler Labs CEO Michael Bentley tweeted that Euler has always been a project with a strong security awareness. From May 2021 to September 2022, Euler Finance underwent 10 audits by 6 blockchain security companies including Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica.

From March 18 to April 4, the attacker began returning the funds. During this time, the attacker apologized through on-chain messages, acknowledging the disruption caused to others' money, work, and lives, and asked for forgiveness.

On April 4, Euler Labs announced on Twitter that, through successful negotiations, the attacker had returned all stolen funds.

Vulnerability Analysis

In this attack, the donateToReserves function of the Etoken contract did not properly check the actual token holdings and the health status of the user's ledger after the donation. Exploiting this vulnerability, the attacker donated 100 million eDAI, while in reality, the attacker only pledged 30 million DAI.

After the donation, the health status of the user's ledger met the liquidation conditions, triggering the liquidation of the lending contract. During the liquidation process, eDAI and dDAI were transferred to the liquidation contract. However, due to a very large bad debt amount, the liquidation contract applied the maximum discount for liquidation. After the liquidation, the liquidation contract held 310.93 million eDAI and 259.31 million dDAI.

At this point, the health status of the user's ledger had been restored, and users could withdraw funds. The withdrawable amount was the difference between eDAI and dDAI. However, there was actually only 39 million DAI in the pool, so users could only withdraw this amount.

6.2 Vyper/Curve Security Incident

Event Summary

On July 31, the Ethereum programming language Vyper tweeted that versions 0.2.15, 0.2.16, and 0.3.0 of Vyper had a reentrancy lock vulnerability. Curve stated that multiple stablecoin pools (CRV/alETH/msETH/pETH) using Vyper 0.2.15 were attacked, resulting in a total loss of 73 million US dollars, of which approximately 52.3 million US dollars had been returned by the hacker afterwards.

Vulnerability Analysis

This attack was primarily due to the failure of the reentrancy lock in Vyper 0.2.15. The attacker used the removeliquidity function of the relevant liquidity pool to remove liquidity and then added liquidity through the addliquidity function via reentrancy, causing a price calculation error due to the balance update occurring before reentering the add_liquidity function.

VII. Review of Anti-Money Laundering Typical Events ------------

7.1 AtomicWallet Wallet Theft Case

According to Beosin's EagleEye security risk monitoring, alerting, and blocking platform, Atomic Wallet was attacked in early June this year. According to the Beosin team's analysis, based on the known victim reports on-chain, this attack resulted in a loss of at least approximately 67 million US dollars.

According to the Beosin team's analysis, the chains involved in this theft include a total of 21 chains, including BTC, ETH, and TRX. The stolen funds were mainly concentrated on the Ethereum chain. Specifically:

• Ethereum: Stolen funds were identified as 16,262 ETH, valued at approximately 30 million US dollars.
• TRON: Stolen funds were identified as 251,335,387.3208 TRX, valued at approximately 17 million US dollars.
• Bitcoin: Stolen funds were identified as 420.882 BTC, valued at approximately 12.6 million US dollars.
• Binance Smart Chain (BSC): Stolen funds were identified as 40.206266 BNB.

Other chains included XRP, LTC, and DOGE, with specific amounts and values mentioned.

Example of Money Laundering on the Ethereum Chain

In the hacker's operation with the stolen funds on the Ethereum chain, there were two main methods:

1. Divergence through contracts and cross-chain laundering using Avalanche

According to the Beosin team's analysis, the hacker first consolidated valuable coins in the wallet into the main coin of the public chain, and then used two contracts to aggregate the funds.

The contract address would aggregate ETH into WETH through two layers of transfers, and then transfer the WETH to the contract responsible for diverging ETH. The diverged ETH was then transferred through up to 5 layers of transfers to a wallet address for cross-chain operations using Avalanche's Cross Bridge. This cross-chain operation did not involve contracts and was an internal accounting-type transaction within Avalanche.

The Ethereum chain route is depicted in the following diagram:

Convergence Contract 2: 0x7417b428f597648d1472945ff434c395cca73245 involved a total of 3009.8874 ETH, which the hacker converted to WETH and then transferred to contract 0x20deb1f8e842fb42e7af4c1e8e6ebfa9d6fde5a0. The detailed route of the laundering process is shown below:

Through the agreement of transaction fee sources, it was confirmed that some addresses with no transaction behavior were hidden. The transaction fee path is as follows:

In addition, on the Ethereum chain, the hacker also engaged in money laundering through various cross-chain bridge protocols and exchanges, with the amount involved in this part currently estimated at 9896 ETH. This part will be aggregated through multiple collection addresses.

Throughout the entire event, the hacker used multiple money laundering channels, primarily through various exchange accounts, and there were also cases of direct flow into cross-chain bridge contracts. For analysis of the flow of funds on other chains, please refer to: A Wallet Theft Case Involving at Least 60 Million US Dollars: Beosin KYT Reveals Hacker's Money Laundering Techniques

Other Anti-Money Laundering Case Analyses:

1 Stake.com Suffers a $40 Million Attack: Beosin KYT/AML Tracks the Flow of Stolen Funds

2 Beosin KYT Analyzes the Flow of Funds Behind the JPEX Incident: How Users Can Analyze On-Chain Data to Enhance Asset Security?

3 Follow-up to the Poly Network Attack: Beosin KYT/AML Tracks the Flow of Stolen Funds, Uncovering More Hacker Techniques

4 A $31.6 Million Rug Pull? Beosin KYT Tracks the Movement of Funds, Teaching You to Recognize the Pitfalls of High-Yield Scams!

### Analysis of the Flow of Stolen Assets

In 2023, approximately 723 million US dollars of the stolen funds are still retained in hacker addresses (including cases of cross-chain transfers and dispersion to multiple addresses), accounting for 51.8% of the total stolen funds. Compared to last year, this year hackers are more inclined to launder money through multiple cross-chain transfers and disperse the stolen funds to many addresses. The increase in addresses and complexity of the laundering paths undoubtedly adds to the difficulty of investigation for project teams and regulatory authorities.

Approximately 295 million US dollars of the stolen funds have been recovered, accounting for approximately 21.1%. This is a significant improvement compared to the 8% of recovered funds in 2022. The recovery of stolen funds in 2023 is notably better than in 2022, with most of the recovery coming from on-chain negotiations.

Throughout the year, approximately 330 million US dollars of the stolen funds were transferred to mixer services (approximately 71.16 million US dollars to Tornado Cash, and another 259 million US dollars to other mixing platforms), accounting for 23.6% of the total stolen funds. This proportion has significantly decreased from last year's 38.7%. Since the US OFAC sanctioned Tornado Cash in August 2022, the amount of stolen funds transferred to Tornado Cash has significantly decreased, replaced by an increase in the use of other mixing platforms such as Sinbad and FixedFloat. In November 2023, the US OFAC sanctioned Sinbad, labeling it as the "primary money laundering tool for the North Korean Lazarus Group."

In addition, a small portion of the stolen funds (12.79 million US dollars) was transferred to exchanges, and another small portion (10.9 million US dollars) was frozen.

Analysis of Project Audits

Out of 191 attack incidents, 79 incidents involved projects that had not undergone audits, while 101 incidents involved projects that had been audited. The proportion of projects audited this year is slightly higher than last year (the ratio of audited to unaudited projects was roughly equal last year).

79 of the unaudited projects had 47 contract vulnerability incidents (59.5%), indicating that unaudited projects are more likely to have potential security risks. In contrast, out of 101 audited projects, there were 51 contract vulnerability incidents (50.5%), showing that audits can to some extent improve project security.

However, due to the lack of comprehensive regulatory standards in the Web3 market, the quality of audits varies, and the results fall far short of expectations. To effectively safeguard asset security, it is recommended that projects seek professional security companies for audits before going live. Beosin, as a leading global blockchain security company dedicated to the secure development of the Web3 ecosystem, has audited over 3000 smart contracts and public chain mainnets, including PancakeSwap, Ronin Network, and Pionex. As a trusted blockchain security company, Beosin can provide excellent security audit services to project teams.

Ten, RugPull Analysis

In 2023, Beosin's EagleEye platform monitored a total of 267 Rug Pull incidents in the Web3 ecosystem, involving a total amount of approximately 3.88 billion US dollars, a decrease of about 8.7% from 2022.

In terms of the amount, out of the 267 Rug Pull incidents, 233 incidents (87%) involved amounts below 1 million US dollars, a proportion roughly similar to that of 2022. There were 4 projects involving amounts over tens of millions of US dollars, including Multichain (210 million US dollars), Fintoch (31.6 million US dollars), BALD (23 million US dollars), and PEPE (15.5 million US dollars).

Rug Pull projects on the BNB Chain and Ethereum accounted for 92.3% of the total, with 159 incidents and 81 incidents, respectively. There were also a small number of Rug Pull incidents on other public chains, including Arbitrum, BASE, Sui, and zkSync.

Eleven, Global Cryptocurrency Industry Crime Data for 2023

In 2023, the global cryptocurrency industry crime amount reached a staggering 656.88 billion US dollars, an increase of about 377% from 137.6 billion US dollars in 2022. While the amount of on-chain hacker attacks has significantly decreased, cryptocurrency-related crime in other areas has increased significantly. The top increases were in online gambling, involving an amount of 549 billion US dollars. This was followed by money laundering (about 4 billion US dollars), fraud (about 20.5 billion US dollars), pyramid schemes (about 14.3 billion US dollars), and hacker attacks (about 13.9 billion US dollars).

With the improvement of global cryptocurrency regulatory systems and the deepening crackdown on cryptocurrency-related crimes, law enforcement agencies worldwide have successfully cracked down on several major cases involving amounts in the billions of US dollars. Here are some notable cases:

No.1 In July 2023, the Hubei police in China cracked the country's "first virtual currency case," involving a transaction volume of 400 billion RMB (approximately 549 billion US dollars). The online gambling case involved over 50,000 individuals, with servers located overseas. The main suspect, Qiu, and others have been prosecuted.

No.2 In August 2023, Singapore authorities uncovered the largest money laundering case in history, involving an amount of 2.8 billion Singapore dollars, primarily laundered through virtual currencies.

No.3 In March 2023, the Jiangsu police in China prosecuted the Ubank "coin speculation" scam, involving a pyramid scheme transaction volume exceeding 10 billion RMB (approximately 1.4 billion US dollars).

No.4 In December 2023, according to a statement from the US Eastern District Attorney's Office, the co-founder of the virtual currency exchange Bitzlato admitted to a 700 million US dollar money laundering charge.

No.5 In July 2023, the Brazilian Federal Police dismantled two drug trafficking criminal organizations, transferring over 417 million US dollars and providing money laundering services through cryptocurrency assets.

No.6 In February 2023, according to a lawsuit in the US state of Oregon, the founder of Forsage was sued for an alleged 340 million US dollar DeFi Ponzi scheme.

No.7 In November 2023, the police in the Indian state of Himachal Pradesh arrested 18 individuals in a cryptocurrency fraud case involving 300 million US dollars.

No.8 In August 2023, Israeli police charged businessman Moshe Hogeg and his partners with defrauding investors of 290 million US dollars in cryptocurrency.

No.9 In June 2023, Thai police cracked a suspected cryptocurrency fraud case, involving an amount potentially exceeding 10 billion Thai baht (approximately 288 million US dollars).

No.10 In October 2023, the Hong Kong virtual asset trading platform JPEX was suspected of fraud, and the police arrested a total of 66 individuals, involving an amount of approximately 1.6 billion Hong Kong dollars (approximately 205 million US dollars).

2023 was a year of significant increase in cryptocurrency-related crime. The frequent occurrence of fraud and pyramid scheme cases also means a significantly increased probability of asset loss for ordinary users. Therefore, strengthening regulation of the cryptocurrency industry is urgent. We can see that global regulatory agencies have made considerable efforts in cryptocurrency regulation this year, but there is still a long way to go to achieve a complete, secure, and positive development ecosystem.

Twelve, Summary of the 2023 Web3 Blockchain Security Situation

In 2023, on-chain hacker attack activities, phishing scams, and project Rug Pull incidents all showed a significant decrease compared to 2022. The decrease in the amount of losses from hacker attacks reached 61.3%, and the most damaging attack method shifted from contract vulnerability exploitation last year to private key leaks this year. The main reasons for this shift include:

1. After the rampant hacker activities last year, the entire Web3 ecosystem has placed greater emphasis on security this year, with efforts from project teams to security companies in various aspects, such as real-time on-chain monitoring, increased focus on security audits, and actively learning from past contract vulnerability exploitation incidents. This has made it more difficult for hackers to steal funds through contract vulnerabilities compared to last year.

2. Strengthened global regulation and improved anti-money laundering technology. It can be seen that 21.1% of stolen funds were recovered in 2023, a significant improvement over 2022. With Tornado Cash, Sinbad, and other mixing platforms being sanctioned by the United States, the money laundering paths of hackers have become more complex. At the same time, we have also seen news of hackers being arrested by local law enforcement, which has had a certain deterrent effect on hackers.

3. The impact of the early-year crypto bear market. The expected returns for hackers to steal assets from Web3 projects decreased, weakening hacker activities. This has also led hackers to no longer limit themselves to attacking DeFi, cross-chain bridges, and exchanges, but to diversify into various types such as payment platforms, gambling platforms, cryptocurrency brokers, infrastructure, password managers, development tools, MEV bots, and TG bots.

Unlike the significant decrease in on-chain hacker activities, more covert off-chain criminal activities have increased significantly, such as online gambling, money laundering, and pyramid scheme fraud. Due to the anonymity of cryptocurrencies, various criminal activities are more inclined to use cryptocurrencies for transactions. However, attributing the increase in virtual currency crime solely to the anonymity of cryptocurrencies and inadequate regulation is one-sided. The fundamental reason lies in the global increase in criminal activities, and virtual currencies provide a more concealed and difficult-to-trace channel for these criminal activities. In 2023, the global economic growth rate slowed significantly, and the political environment faced many unstable factors, all of which to some extent contributed to the sharp increase in global criminal activities. Given this economic outlook, it is expected that global criminal activities will continue to remain at a high level in 2024, posing a severe challenge to global law enforcement agencies and regulatory authorities.

As a leading global blockchain security company, Beosin has established branches in more than 10 countries and regions worldwide, providing a "one-stop" blockchain security product and service covering code security audits before project launch, real-time security risk monitoring during project operation, early warning and interception, stolen asset recovery, and security compliance KYT/AML. The company is committed to the secure development of the Web3 ecosystem and has provided blockchain security services to over 3000 enterprises globally, including HashKey Group, Amber Group, and BNB Chain. Beosin has audited over 3000 smart contracts and public chain mainnets, including PancakeSwap, Ronin Network, and Pionex.

Original Article Link

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。