SlowMist Security Report: Web3 Incidents Result in Over $90 Million in Losses in April

In April 2024, there were a total of 37 security incidents, resulting in approximately $90.81 million in losses. Based on the data from the SlowMist Blockchain Security Incident Database, these incidents were caused “by contract vulnerabilities, third-party vulnerabilities, exit scams, and hacked accounts.”

As noted in the SlowMist report, some of the Key Incidents are:

On April 1, 2024, the DeFi protocol OpenLeverage “was attacked, resulting in losses of approximately $260,000. OpenLeverage has stated that its protocol’s insurance, OLE buyback fund, and protocol reserve will be used to compensate for all protocol losses.”

On April 2, 2024, the decentralized exchange FixedFloat was “attacked, resulting in losses of approximately $3 million. Attackers exploited vulnerabilities in a third-party service used by FixedFloat.”

FixedFloat has stated that “neither company nor user funds were affected by this attack.”

On April 4, 2024, CondomSOL on Solana exit “scammed, with wallets associated with CondomSOL raising 4965 SOL, approximately $920,000. Currently, its official Twitter account has been deleted.”

On April 12, 2024, the Bitcoin-native lending protocol Zest Protocol tweeted “that it had been attacked. Attackers lent out more than the value of their collateral by increasing the collateral value.”

They removed 324,000 STX (approximately $1 million) from the protocol. Zest Protocol stated that this loss would be “compensated by the protocol treasury, ensuring full reimbursement for users.”

For more details on other major incidents in the past month, check here.

Of the 37 reported security incidents this month, 15 were due “to exit scams by project teams, accounting for 40.54% of the total incidents.”

These exit scam incidents “resulted in losses of approximately $37.57 million, representing 41.4% of the total stolen amount this month.”

The SlowMist security team advises users “to thoroughly research the background and team of projects before investing.”

This month, 10 incidents of “contract vulnerability exploitation resulted in losses of approximately $46.93 million, accounting for 51.7% of the total stolen amount this month. The SlowMist security team advises project teams to remain vigilant and conduct regular security audits to track and address new security threats and vulnerabilities, thereby maximizing project and asset security.”

Finally, the events documented in this update are “the major reported security incidents of the month, and incidents regarding individual users were not included in the statistics.”

For additional updates, please visit the SlowMist Blockchain Security Incident Database.

At SlowMist, they focus on “being a frontrunner in blockchain security, dedicating years to mastering threat intelligence.”

Their expertise is grounded in “providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele.”

They claim to have “established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape.”

They offer tailor-made security solutions “that span from identifying threats to implementing effective defense mechanisms.”

This holistic approach has garnered “the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken,, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.”

They offer a variety of services “that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.”

By delivering a comprehensive security solution customized “to individual projects, we can identify risks and prevent them from occurring.”

Their team was able to “find and publish several high-risk blockchain security flaws.”

By doing so, they aim to “help spread awareness and raise the security standards in the blockchain ecosystem.”

Register Now to Attend
Sponsored Links by DQ Promote



Send this to a friend