The monthly security event highlights of Zero Hour Technology have begun! According to statistics from some blockchain security risk monitoring platforms, the losses caused by vulnerabilities, hackers and fraud in January 2025 were about 98 million US dollars, and 28 cryptocurrency hacking attacks occurred, of which about 8 million US dollars were attributed to phishing. However, compared with the loss of 133 million US dollars in January 2024, it has dropped by 44.6% . Compared with the loss of 23.58 million US dollars in December 2024, it has dropped by 56% .
Hacker attacks
7 typical safety incidents
(1) On January 8, users of Orange Finance (a DeFi protocol on Arbitrum) had over $800,000 stolen from them. The attacker was able to access the protocol’s administrative keys and used those keys to perform a malicious upgrade to the protocol’s contracts, thereby stealing the wallets of all users with valid token approvals for the protocol.
(2) On January 8, Moby had a private key leak that affected some LP assets in certain protocols. They stated that this was not a security issue related to the protocol smart contract, but rather an attempt by hackers to steal funds by simply upgrading existing smart contracts using stolen proxy private keys. Finally, tonykebot took advantage of the lack of protection in the UUPS implementation and carried out a successful white hat rescue operation, returning 1.47 million USDC that had been obtained by hackers who attacked the on-chain options protocol Moby to the project owners.
(3) On January 13, according to the monitoring of the Zero Hour Technology Security Team, UniLend on the EVM chain was attacked and lost about 197,000 US dollars. The cause of this vulnerability was that when UniLend was performing redeem, it did not subtract the amount of collateral that should be transferred out when calculating the amount of collateral, resulting in the amount of collateral after the wrong calculation being higher than the amount of collateral actually owned by the attacker, and the exchange that should not have been successful was successfully completed. Ultimately, the attacker emptied the project's stETH tokens.
For a detailed attack analysis, please click this link:
Zero Hour Technology || Analysis of the Unilend attack
(4) On January 15, the Zero Hour Technology project team detected multiple attacks on the Ethereum chain project Sorra, which caused a total loss of 41,000 USD. The cause of this vulnerability was that the Sorra project did not determine whether the user had already withdrawn the reward when the user withdrew, resulting in the user being able to repeatedly withdraw the reward through a large number of operations. The attacker used the above vulnerability to initiate multiple transactions and withdraw all the SOR Tokens in the Sorra project.
For a detailed attack analysis, please click this link:
Zero Hour Technology || Analysis of the SorraStaking Attack
(5) On January 21, Forta detected a $324,000 vulnerability on TheIdolsNFT.
(6) On January 23, the hot wallet of the Singapore-based Phemex cryptocurrency exchange was attacked, resulting in a loss of approximately US$70 million.
(7) On January 24, according to the monitoring of the SlowMist security team, due to the lack of input validation in ODOS, the vulnerability has been exploited on multiple chains, resulting in a loss of approximately US$100,000. ODOS tweeted that the attack exploited a vulnerability in its audited executor contract and stole the revenue stored in the contract, but did not affect any user funds.
Rug Pull / Phishing Scam
10 typical security incidents
(1) On January 2, a $VIRTUAL holder holding approximately 39 times ($196,396) of tokens lost all of his tokens due to an “increase limit” phishing transaction.
(2) On January 3, a $RLB holder lost all of his tokens worth approximately $1 million due to a “Uniswap Permit2” phishing signature.
(3) On January 6, the address starting with 0x5167 lost $155,256 worth of EIGEN after signing a phishing transaction for “increase allowance”.
(4) On January 7, the address starting with 0x8536 lost tokens worth $103,020 after signing the “Uniswap Permit2” phishing transaction.
(5) On January 8, the address starting with 0x3402 lost $OLAS, $SEKOIA, $VIRTUAL, and $FJO worth $474,422 after signing multiple phishing signatures.
(6) On January 14, the address starting with 0x00c0 lost $VIRTUAL worth $263,255 after signing a phishing transaction.
(7) On January 17, the address starting with 0x80dc lost USUALUSDC+ worth $426,106 after signing a “License” phishing signature.
(8) On January 20, the address starting with 0x1e70 lost WETH worth $135,068 after signing the "allow" phishing signature.
(9) On January 22, the address starting with 0x3149 lost $553,045 worth of $PAXG after signing a “transfer” phishing transaction.
(10) On January 29, the address starting with 0xeb2 lost $384,645 worth of $LINK after signing the “increaseApproval” phishing transaction.
Summarize
Cryptocurrency phishing scams stole $10.25 million from 9,220 victims in January, a 56% drop from the $23.58 million in losses in December. However, criminals are evolving and using more sophisticated attack methods.
The Zero Time Technology security team recommends that project owners always remain vigilant and reminds users to beware of phishing attacks. Users are advised to fully understand the background and team of the project before participating in the project and carefully choose investment projects. In addition, internal security training and authority management should be carried out, and professional security companies should be found to conduct audits and conduct project background investigations before the project goes online.
