January saw $98.19 million in Web3 security losses, down from $160 million last year.
40 hacking incidents caused $87.94 million in damages, with $1.47 million recovered.
Phishing scams impacted over 9,200 victims, resulting in $10.25 million in losses.
Blockchain security firm SlowMist has its monthly security report, revealing that total losses from Web3 security incidents in January were approximately $98.19 million, down from $160 million during the same month last year.
The report revealed that 40 hacking attacks resulted in around $87.94 million in damages, with $1.47 million successfully recovered. The incidents were largely caused by contract vulnerabilities, compromised accounts, and private key leaks. SlowMist stated:
“According to the SlowMist Hacked Database, there were 40 hacking incidents, resulting in a loss of about $87.94 million, with $1.47 million recovered.”
“According to the SlowMist Hacked Database, there were 40 hacking incidents, resulting in a loss of about $87.94 million, with $1.47 million recovered.”
Several major platforms were affected by security breaches during the month. On January 23, Singapore-based cryptocurrency exchange Phemex suffered a hot wallet attack, resulting in a loss of approximately $70 million. On January 1, the P2P trading platform NoOnes was targeted in an exploit involving its Solana bridge, causing a loss of around $7.2 million. The attack involved suspicious outbound transactions from the platform’s hot wallets across Ethereum, Tron, Solana, and BSC networks.
AdsPower fell victim to a malicious attack on January 24, when hackers infiltrated their system and spread harmful software, compromising third-party browser extensions and stealing over $4.7 million. On January 8, the Arbitrum-based liquidity management platform Orange Finance was exploited due to a multisig configuration error, resulting in a loss of approximately $830,000.
Phishing Scams and Account Compromises on the Rise
Recently, Scam Sniffer its phishing report, revealing that more than 9,220 victims lost $10.25 million to crypto phishing scams in January, marking a 56% drop from December 2024’s $23.58 million.
According to the SlowMist report, there was also an increase in account compromises, with 21 breaches recorded in January, many involving high-profile personnel. Meme coin scams are another tactic deployed by malicious actors, who use social media to promote fake tokens, luring users with promises of quick gains before disappearing with the funds. The report reads:
“There has been a recent surge in account compromise incidents. According to the SlowMist Hacked Database, 21 account breaches occurred in January, accounting for about half of all recorded incidents. Notably, accounts related to political figures or political content were particularly targeted. Hackers and malicious actors have been using social media to promote meme coins, exploiting users’ FOMO to attract funds before making a swift exit.“
“There has been a recent surge in account compromise incidents. According to the SlowMist Hacked Database, 21 account breaches occurred in January, accounting for about half of all recorded incidents. Notably, accounts related to political figures or political content were particularly targeted. Hackers and malicious actors have been using social media to promote meme coins, exploiting users’ FOMO to attract funds before making a swift exit.“
Scam Sniffer in December that there has been a significant increase in crypto fake accounts, with daily figures surpassing 300, compared to the November average of 160. Users are urged to remain cautious, especially when purchasing tokens promoted on social media by political figures or celebrities.