- A recap of the top 5 scams and significant losses to smart contract vulnerabilities in May.
- Smart contract vulnerabilities and Access Control issues remain the primary cause of most of these incidents
QuillMonitor, a Web3 Hacks & Vulnerability Analytics Tool developed by QuillAudits, recently released a report revealing the extent of losses caused by hacks and security issues in May.
With total losses amounting to $54,530,686, it’s evident that May 2024 saw numerous web3 attacks and scams that stunned the crypto community and investors.
Among all the incidents, smart contract vulnerabilities were the most prominent, making up 10 out of the 16 incidents in May. These weaknesses in project code led to significant financial losses for both users and organizations.
However, the crypto community faced more than just smart contract flaws. Scams and compromised private keys also significantly contributed to the losses. Here, we explore the top 5 scams that impacted the crypto landscape in May:
- Gala Games ~ $22 M:-Â Gala Games was hit by an exploit leading to the minting of 5 billion $GALA tokens, likely due to a private key leak. The hacker used an access control vulnerability in the GALA token contract to gain control of an admin address and sold 592 million tokens for $22 million in ETH via decentralized exchanges like Uniswap and 0xProject, causing a 20% price drop.
- Sonne Finance ~ $20 M:- Sonne Finance on Optimism was exploited via a known donation attack on Compound v2 forks, resulting in a $20 million loss. Despite precautions, the introduction of VELO markets led to vulnerability. Exploiter used a two-day timelock on a multisig wallet to add c-factor and exploit the protocol.
- Alex Lab ~ $4.3 M:-Â The XLink bridge at Alex Lab got hacked on the BNB chain, causing about $4.3 million in asset losses. The main problem was that the person managing the wallet used for deployment got tricked, probably through a phishing scam, leading to their private keys being compromised.
- Pump.fun ~ $ 2.05M:- A former employee at pump.fun misused their access rights to steal over 12,300 SOL tokens, worth about $1.9 million. They exploited their position to take a flash loan from Margin Finance, used it to manipulate pumpdotfun’s trading, and then transferred the assets to a random account instead of creating a Raydium pool. The attacker controlled all the transactions involved, suggesting they compromised the admin account’s private key.
- GNUS Token ~ $1.27 M:- A vulnerability in the GNUS token’s smart contract on the Fantom network led to a loss of around $1.27 million. The attacker exploited a flaw in the contract, gaining access to a crucial function. This allowed them to copy the token manager’s salt from Ethereum Mainnet and deploy it on Fantom. They then created fake GNUS tokens on Fantom and linked them to Ethereum Mainnet.
Year-to-date losses total around $418.28 million, highlighting the seriousness of the situation. Although these losses and scams are worrying, it’s worth remembering that the crypto industry has faced challenges before.
QuillMonitor’s Analysis on the hacks and scams that happened in May 2024 provides useful lessons for investors and everyone involved in cryptocurrency. It reminds us how crucial it is to do thorough research, manage risks, and prioritize security when dealing with the dynamic but risky world of Web3.
A meme coin named NormieBase experienced a hack, losing over 99% of its value in just a minute due to an attack. QuillShield, QuillAudits AI agent, quickly spotted the problem in just one second. This shows how important it is for developers of meme coins to focus on keeping their projects secure on the web.
As the world of cryptocurrency keeps changing, it’s crucial to work together and take action to protect assets and projects. This will make Web3 safer and stronger. Recent problems show we need to keep improving, especially in making smart contracts secure, managing private keys well, and checking for weaknesses.