Comprehensive Security Mining: Core Attack Methods in the $118 Million Incident at the End of the Year

The security incidents at the end of 2024 leave alarming traces: $118 million lost through various crypto attack methods in just December alone. This figure has exceeded many experts’ expectations, reflecting the increasing complexity of attack strategies targeting the global blockchain ecosystem. A report from CertiK shows that phishing remains the primary tool of malicious actors, accounting for $93.4 million – or 79% of total damages – while other technological vulnerabilities continue to create security gaps that users have not yet identified.

What is a vulnerability and why do they become favorite targets of attackers

To better understand the December incidents, it is essential to grasp the concept of “what is a vulnerability” – these are weaknesses in source code, security mechanisms, or verification processes that attackers can exploit. These vulnerabilities exist at multiple levels: from application software (such as wallet apps), blockchain infrastructure, to data protection policies.

In the December incidents, attackers exploited vulnerabilities mainly in three ways. First, they used social engineering loopholes – creating fake websites, unofficial airdrop notifications, and mimicking official support channels to trick users into revealing seed phrases or private keys. Second, they exploited smart contract flaws – programming errors allowing unauthorized withdrawals or price manipulation. Third, they exploited weak data management processes of protocols, such as security leaks of authentication keys during governance voting procedures.

Detailed analysis: The three biggest exploits and attack methods

Trust Wallet: Vulnerability in the upgrade model

Trust Wallet lost $8.5 million when users were tricked into installing a counterfeit browser extension. This attack exploited a vulnerability in the extension’s identity verification process, allowing malicious builds to operate as official ones. Attackers used social media ad campaigns to distribute installation links, then the fake extension collected seed phrases when users entered them.

Flow: Vulnerability in governance process

Blockchain Flow suffered a loss of $3.9 million due to a vulnerability in its governance mechanism. Specifically, some node authentication keys were leaked during voting, enabling attackers to impersonate legitimate nodes and approve unauthorized transactions. This incident shows that even major protocols do not always have comprehensive security procedures for basic management activities.

Unleash Protocol: Flash loan attack combined with price manipulation

Unleash Protocol lost $3.9 million through a complex attack. The attacker used flash loans (borrowed large amounts of tokens without collateral) to manipulate prices on decentralized exchanges, then exploited a flaw in the protocol’s pricing logic to withdraw more money than the initial value. This is a very common vulnerability in new DeFi protocols – relying on market prices without independent verification mechanisms.

Phishing dominates: $93.4 million lost through social engineering

Out of the total $118 million, $93.4 million (79%) came from phishing attacks – reflecting a concerning trend. Attackers do not need to exploit complex technical vulnerabilities but only leverage human psychology.

December phishing campaigns exhibit several sophisticated features:

• Cross-chain attacks: Instead of targeting a single blockchain, attackers deploy simultaneously on Ethereum, BNB Chain, and Polygon. This allows them to trap users who do not actively verify the network they are using.

• Automated wallet withdrawal scripts: After gaining access to wallets, automated programs are triggered to drain all assets – not only tokens but also NFTs, staking rewards, and other assets.

• Targeting specific communities: Instead of broad email campaigns, attackers now use publicly available data from Discord or Telegram channels of protocols to create fake airdrop notifications that appear very official.

Comparison with recent past: alarming upward trend

Looking at data from the last three months of 2024, the picture becomes clearer:

• October: $72 million (phishing, accounting for 68%)
• November: $86 million (phishing, accounting for 74%)
• December: $118 million (phishing, accounting for 79%)

Data shows two concurrent trends: total damages increased by 37% compared to November (86 million) and 64% compared to October (72 million), while the proportion of phishing in total losses continues to rise. This indicates that attackers are not only launching more attacks but also focusing more on effective social engineering methods.

The number of major incidents also increased from 4 in October to 7 in December, but the average loss per incident slightly decreased (from $18 million to approximately $17 million). This clearly indicates an expanding attack scope – not only targeting large protocols but also smaller projects.

Industry response: From technical measures to education

CertiK and other security firms have issued specific recommendations:

Protocol level:

• Implement multisig wallets (multisignature) for all system funds
• Use timelock transactions (timelock) for large transfers
• Conduct mandatory security audits before mainnet launch
• Establish price oracles from multiple independent sources instead of a single source

User level:

• Enable transaction simulation (transaction simulation) to preview outcomes
• Use hardware wallets for large amounts
• Verify all URLs before connecting wallets
• Always confirm airdrops through official channels, never click links from private messages

Decentralized exchanges have upgraded warning interfaces, insurance protocols have expanded protection scope, and security groups have established faster vulnerability disclosure procedures. However, all these efforts are only “remedies” rather than “complete prevention” – because the open and uncontrolled nature of blockchain means vulnerabilities will always exist.

Outlook for 2025: Upcoming challenges

As we step into the new year, the industry faces forecasted challenges:

• AI in phishing: Phishing campaigns using large language models will become more convincing, with personalized emails and messages based on public data.

• Cross-chain interactions: As blockchains become more interconnected, the attack surface expands – a vulnerability on one chain can spread to others.

• Quantum computing threats: Current cryptographic standards may be broken by quantum computers within a few years.

On the other hand, formal verification tools (formal verification) are becoming more mature, and decentralized security networks (such as distributed bug bounty groups) offer hope. The race between security and attacks will continue, but with newer tools from both sides.

Frequently Asked Questions

What percentage of losses in December were due to phishing?

Phishing accounts for 79% of total damages, or $93.4 million out of $118 million, according to CertiK’s report.

Which projects suffered the biggest losses?

Trust Wallet lost $8.5 million, Flow lost $3.9 million, and Unleash Protocol also lost $3.9 million.

Have losses increased compared to previous months?

Yes, they increased by 37% compared to November (86 million) and 64% compared to October 72 million.

How to avoid phishing?

Check URLs carefully, enable transaction simulation, use hardware wallets for large sums, avoid clicking links from private messages, and verify airdrops through official channels.

Will the number of exploits continue to rise?

Major incidents increased from 4 to 7 over three months, but with security improvements, some old attack methods have decreased – although new vulnerabilities continue to emerge.