Back to all stories
Reports
Incident Analysis
February 2023 Monthly Report
3/10/2023
February 2023 Monthly Report

Introduction

Overall, in the first two months of the year CertiK identified $79,501,657 lost in a total of 125 attacks, scams, and exploits across the Web3 industry. February saw an aggregate loss of $51,454,125 in 70 attacks. This is an 83.4% increase from January, which saw aggregate losses of $28,047,532 in 55 attacks.

Exit scams accounted for approximately $11,493,813 in losses across 28 incidents and made up 23.2% of the overall funds lost in February. Major exploits (which are defined by exploits with losses over $100,000) represented $50,227,684 with 28 incidents recorded. The total number of major attacks is just slightly higher than January’s 26 recorded incidents; however, the amount lost in these attacks is 78.7% higher. February saw a record number of flash loan attacks with 22 attacks and $15,923,012 lost. This is the highest number of aggregated flashloan attacks seen in one month since 2021. Discord hacks also increased with 49 compromised Discord servers recorded in February, which represents a 36% increase in Discord hacks compared to last month.

Major Exploits

February saw a total of $50.2 million lost from 28 major incidents, representing a 22% increase from January’s total. February is also the first month since November 2022 where the losses in the top ten major incidents were all above $1 million. However, a metric that February shares with January is that no single incident led to losses of $10 million or more. This has meant that overall losses to major exploits are below 2022’s monthly average.

Furthermore, the total number of incidents is slightly below the average seen month-over-month in 2022. So far this year, we saw an average of 26 exploits per month that exceeded $100,000 compared to 32.6 seen per month in 2022. The average loss per attack in February was $1.7 million, which is slightly higher than the approximately $1 million lost in January. Nevertheless, both months this year are significantly below the average loss per incident seen in 2022, which didn’t drop below $2.4 million for any given month.

The incident that caused the largest loss in the month of February was the apparent private key compromise of certain Mnemonic wallets provided by MyAlgo on the Algorand blockchain. Details around this incident are unclear, and it is not known how a malicious actor was able to transfer users' assets to their own wallet. In total $9.2 million was stolen from multiple wallets. The funds were then deposited into ChangeNow. However, since reports surfaced online ChangeNow managed to freeze at least $1.5 million.

Exit Scams

February also saw a total of $11.4 million lost to exit scams from a total of 28 incidents. This represents a 9.6% increase in the dollar value lost and a 19% increase in the number of incidents recorded since January. The largest exit scam recorded was from the NFT project fRiENDSiES Ai, which was classified by on-chain sleuth ZachXBT as an exit scam following a lack of community engagement and failures to deliver on promises to the community. In total, this incident accounts for 48% of the confirmed losses from exit scams in February.

Exit scams have remained relatively consistent with what was observed in January. The start of 2023 has continued the trend seen in 2022. When discounting outlier events, such as single incidents with losses of over $10 million, the average loss per month to exit scams was approximately $10 million. This figure is discounted since the vast majority of losses to exit scams were below $10 million. This trend has continued into 2023 with both January and February averaging roughly $10 million lost to exit scams per month.

Another metric that February shares with January is the overall proportion of funds that have been lost to exit scams compared to other incidents. This month, losses to exit scams made up 23.2% of the total lost in February. January saw a higher number at 38% of the total losses attributed to exit scams. This can primarily be explained by the lack of security incidents that have losses exceeding $10 million in 2023. To compare, in 2022 we saw exit scams making up no more than 5% or 6% per month.

Flashloans

February 2023 saw a total of 22 flash loan attacks. The total number of losses for February were $15,923,012 with an average of $723,773 lost per incident. This is a 1,419% increase from January. February incidents were significantly lower than the 2022 average, which stands at $3.5 million lost per month. Overall, the number of malicious flash loan exploits was higher than any given month in 2022 and 2023. The most significant incident occurred on Platypus Finance. On 16 Feb, 2023, Platypus Defi was exploited for approximately $9 million.The attacker minted 40 million USP token from the MasterPlatypusV4 contract using 44 million Platypus LP-USDC token as collateral. They then called the emergencyWithdraw() function to withdraw all the collateral. However, the attack contract omitted a withdrawal function. The funds were assumed to be permanently stuck within the attack contract. However, the team was able to recover approximately $2 million in user funds.

Discord Hacks and Phishing

February 2023 saw a proliferation of Discord hacks, with a total of 51 incidents targeting Discord servers throughout the month. This is more than a 41% increase in Discord hacks compared to January. In addition to these Discord hacks, we also recorded six Twitter accounts imitating more popular accounts through phishing campaigns. Furthermore, we also recorded nine fake mints on Twitter that were masking a wallet drainer. Wallet drainers are malicious tools designed to steal users’ assets by using a combination of social engineering and/or phishing techniques to get victims to sign approvals to the scammers wallet.

In the largest phishing incident of the month, the Digi Daigaku fake phishing site stole a total of 1,046 NFTs. The incident occurred during Digi Daigaku’s Super Bowl event which generated immense hype in which scammers took advantage of unaware users.

Conclusion

Compared to January, there was an uptick in incidents targeting Web3 investors. In January, we recorded 55 total attacks, while in February we recorded 70 total attacks. Aggregate losses also significantly increased in February as funds lost totaled $51,454,125 compared to $28,047,532 previous month. Similar to January, February saw no single occurrence resulting in losses of $10 million or more. As a result, total losses due to major exploits are lower than the monthly average for 2022 so far.