New Year, FOMO, ATHs, Scammers, Hacks, Phishing & Insights Designed to Keep You Safe — “Crypto Security Truths”: Issue 27

Weekly Review of Top Cybersecurity Incidents, Topics, Tools and Issues in Web3, Crypto, and Blockchain Ecosystems

We have been capturing as much as we run across every week to find you clear examples of what not to do in the Cryptoverse in terms of risk, safety and security. We have captured a long list of topics this week in the following headings: Hacked, Malware, Phishing, Scammers, On-Chain, News, & Research so buckle up and learn how to protect yourself better in Crypto.

Our top thought leaders capture their own perspective for each category as an Analyst Notes.

27 Dec 24–3 Jan 24

Don’t forget you can vote up to 50-times a day for your favorite articles. We accept more than 1-vote.

Introduction

This week’s deep dive into the crypto and cybersecurity landscape uncovers a web of intrigue and vulnerability, spanning from Prometheum’s alleged ties to the Chinese Communist Party to the unraveling corruption within Silk Road’s legacy. We spotlight SlowMist’s relentless efforts to recover stolen funds and combat the ever-evolving phishing threats that drained nearly $500M from unsuspecting wallets in 2024. Meanwhile, explosive revelations about Do Kwon’s role in Terra Luna’s collapse and the controversies surrounding Tether’s $RLUSD launch challenge trust in the crypto ecosystem. With systemic risks emerging in private blockchains like Bankchain and Paxos, this week’s analysis highlights the shifting dynamics, hidden schemes, and critical defense strategies needed to navigate this turbulent terrain.

Hacked

FEG Token Bridge Exploited Due to Relayer Logic Errors

On December 29, 2024, the FEG token bridge system was exploited, resulting in a loss of approximately $1 million across Ethereum, Base, and Binance Smart Chain (BSC). The vulnerability stemmed from logic errors in the FEG relayer contract’s cross-chain message validation process, unrelated to the Wormhole infrastructure used for bridging. Attackers exploited the relayer’s flawed whitelist update mechanism to authorize a malicious contract and set a massive FEG token withdrawal balance. These exploits were executed via bridged messages, bypassing critical security checks. The attacker converted stolen tokens into native cryptocurrencies (ETH and BNB) and obfuscated the trail through TornadoCash. Despite evidence linking the relayer contract to the FEG team, the core issue appears to be inadequate validation in critical contract operations.

MoonHacker Exploit: Flashloan Vulnerabilities Exposed

The MoonHacker project on Moonwell-Optimism suffered a $300,000 hack due to flaws in its FlashLoan Callback API and an unrestricted approve proxy. Dedaub flagged these vulnerabilities through its monitoring tools before the attack occurred, similar to its efforts that helped save $9 million during the DeFi Saver exploit. Fixing such issues requires validating the loan initiator and adding sanity checks to approval logic. This case underscores the importance of combining static analysis, regular code reviews, and proactive threat monitoring to safeguard DeFi projects from costly mistakes.

DeFillama’s Stats for 2024 Hacked Protocols

Total Lost by Month:

Jan: $22.98M

Feb: $43.45M

March: $107.64M

April: $64.91M

May: $354.57M

June: $97.71M

July: $275.19M

Aug: $19.01M

Sept: $120.19M

Oct: $95.58M

Nov: $65.2M

Dec: $4.64M

Total: $1,271.07M or ~$1.27B

Analyst Takeaway: The consistent pattern of vulnerabilities in bridging and DeFi protocols reflects a lack of rigorous pre-launch testing and static analysis in the development lifecycle. The FEG exploit and MoonHacker incidents both underscore the necessity of comprehensive validation processes, proactive monitoring, and layered security strategies to protect user funds. Developers must prioritize secure coding practices, routine audits, and adopt tools for real-time threat detection to stay ahead of increasingly sophisticated attackers. As demonstrated by DeFillama’s 2024 breach statistics, the billion-dollar loss serves as a stark warning that the DeFi sector remains an attractive target due to lax security measures.

Malware

Phishing via Fake Zoom Links: A Dangerous Trend

Phishing attacks disguised as Zoom meeting links are targeting users to steal sensitive data, such as mnemonic phrases and private keys. Hackers use a combination of social engineering and Trojan techniques to trick users into downloading malware. SlowMist’s analysis highlights the dangers of such attacks and emphasizes keeping seed phrases offline to reduce risks. Cybersecurity tools like Warden can block these threats by sandboxing malware and stopping it at the kernel level. Staying vigilant and implementing robust endpoint protection is critical to mitigating these sophisticated phishing schemes.

Analyst Takeaway: The surge in phishing attacks leveraging fake Zoom links and Trojan malware highlights the critical importance of endpoint protection and user education in cybersecurity. Social engineering remains a powerful tool for attackers, and these schemes capitalize on human error and trust in familiar platforms. Solutions like Warden’s sandboxing capabilities and kernel-level malware prevention offer effective defenses, but individuals must remain vigilant, safeguard mnemonic phrases, and adopt best practices for personal security hygiene to mitigate these ever-evolving threats.

Phishing

Phishing Attack Targets $RLB Holder for $1M Loss

A $RLB token holder suffered devastating losses of approximately $1M after falling victim to a phishing scheme exploiting Uniswap’s Permit2 feature. This attack highlights the dangers of signing malicious transactions without verifying their legitimacy, underscoring the importance of vigilance in Web3 spaces.

Phishing Transaction Costs $VIRTUAL Holder $196K

A $VIRTUAL token holder, who had seen gains of 39x ($196,396), lost their entire portfolio through a phishing transaction exploiting the ‘Increase Allowance’ function. This incident serves as a stark reminder of the risks associated with granting token approvals to unverified contracts.

SuperchainEco’s Compromise Leads to Phishing Tweets

The Twitter account of @SuperchainEco was compromised and used to post phishing tweets targeting its followers. This breach demonstrates how attackers exploit trusted platforms to deceive users, emphasizing the need for robust account security measures.

Google Ads Impersonate Usual Protocol to Steal Assets

Scammers have been running malicious Google ads impersonating Usual Protocol to trick users into connecting wallets and signing transactions, potentially leading to asset theft. Users are urged to verify URLs and exercise caution with ads to avoid falling victim to these bait-and-switch tactics.

Analyst Takeaway: The Web3 space continues to face devastating losses from phishing schemes, as demonstrated by attacks on $RLB and $VIRTUAL token holders, and the SuperchainEco breach. These incidents highlight a clear vulnerability: a lack of user awareness about transaction permissions and contract approvals. Stronger community-driven education, improved wallet interfaces that warn users of suspicious approvals, and more robust phishing detection measures are urgently needed. Until such solutions become widespread, the decentralized world remains perilous for unsuspecting users.

Scammers

Legion Scammers Behind $FIREWORKS Rug Pull

$FIREWORKS, the latest scam orchestrated by the notorious Legion scammers, is expected to end in a rug pull, leaving investors in financial ruin. The project follows a pattern of deception by the scammers, who continue to exploit unsuspecting participants. Avoid their projects to safeguard your funds.

$SHIRO’s Ongoing Slow Rug Pull Raises Red Flags

The slow rug pull of $SHIRO continues, with former promoters like @barkmeta, @GodsBurnt, and @DaoKwonDo remaining conspicuously silent about the project. This behavior raises concerns about their involvement in potentially defrauding investors, highlighting the importance of skepticism and due diligence.

Leaked Audio Exposes $POX Scam via X Spaces

Leaked audio recordings reveal how scammers @barkmeta, @GodsBurnt, and @DaoKwonDo use X Spaces to deceive investors. The group boasted about locking investor funds in the $POX scam project, leaving most holders unaware of their precarious situation. This exposes the darker side of crypto promotion and calls for greater transparency.

$DAY1: The First Scam of the Year by Legion Scammers

The infamous Legion scammers, @og99official and @Undisputedcallz, have started the new year with $DAY1, a project expected to end in yet another rug pull. Following their well-documented pattern of fraudulent schemes, avoiding this project is highly recommended to start 2025 on the right foot.

Double Rug Pull: $KEEPER and $RPV by @keeper_null

@keeper_null wasted no time in scamming investors in the new year, orchestrating rug pulls for both $KEEPER and $RPV tokens. Speculation from the community hints at deeper motivations, such as money laundering or covert fundraising, adding a chilling layer to these fraudulent activities.

$SPARTACUS: A Fresh Scam from Legion Scammers

Legion scammers @Undisputedcallz and @og99official are back with $SPARTACUS, another fraudulent project destined to end in a rug pull. Their history of scams leaves little doubt about the outcome, making it prudent for investors to steer clear and protect their funds.

$KEKT: A Bundled Scam with High Rug Pull Risk

The $KEKT project is a textbook bundled scam, with its supply distributed across hundreds of developer-controlled wallets. This setup allows for price manipulation and poses an extremely high risk of a rug pull. Investors are urged to avoid trading this contract to stay safe.

$EGG: A Likely Rug Pull by Yugu Scammers

$EGG, promoted by the notorious Yugu scammers, is highly suspect, with a significant portion of the token supply likely held by the scammers. Given their history, a rug pull is almost inevitable, and investors are strongly advised to avoid this contract.

$BABYSHARK: Centralized Bundling Raises Alarm

$BABYSHARK has been heavily centralized, with over 200 wallets — funded via Gate.io — used to manipulate the project. This high level of bundling and centralization drastically increases the risk of a rug pull. Investors are reminded to conduct thorough research into projects, teams, and communities before committing funds.

$GREEN: Unlocked Liquidity Scam on Repeat

$GREEN is a bundled scam with unlocked liquidity that has already executed one rug pull and is poised for another. The lack of security in liquidity management makes this project highly risky. Investors are advised to avoid trading this contract to protect their assets.

$ZERESIS: Centralized Bundling Raises Red Flags

$ZERESIS shows significant signs of being a bundled scam, with fresh wallets funded by Solana dominating its top 100 wallets. Identified by the Mugetsu bot as high-risk, this centralization greatly increases the likelihood of a rug pull. As always, thorough due diligence is essential before investing.

$KIVA: A Supply-Controlled Scam by Legion Scammers

$KIVA, linked to notorious scammers @Undisputedcallz and @og99official, is confirmed as a supply-controlled scam with around 30% of tokens under team control. Avoiding this project is a no-brainer to stay clear of potential losses.

$XERRA: A Rug Pull with Unlocked Liquidity

$XERRA, a Solana Syndicate project, has rug-pulled investors, proving once again the dangers of unlocked liquidity. This mechanism allowed developers to withdraw funds at will, leaving investors with nothing. It serves as a critical warning to scrutinize liquidity management in any project.

$KIKI: Solana Meme with High Centralization Risks

$KIKI, a Solana-based meme token, shows alarming centralization, with most top wallets freshly created and funded within the project. Labeling by GMGN adds to suspicions of manipulation. Investors should approach with extreme caution and conduct thorough research before considering involvement.

A Ponzi That Didn’t Rug: The $250k Oddity

In an unusual twist, a poorly designed ponzi scheme from last year remains functional, with $250k still available for periodic farming. While the developer’s incompetence and stubbornness prevented the project from growing, they didn’t rug the contract. This rare outcome, though flawed, earns the dev a grudging nod of respect from the crypto community.

The MemeCoin Rug Playbook

The memecoin space has devolved into a chaotic battlefield where self-proclaimed “experimenters” launch coins under the guise of jokes or tests, only to rug-pull their communities for profit. A notable case is a token called “$ZERO,” launched with disclaimers like “don’t buy this,” only for the creator to panic-sell a large portion of the supply for 444 SOL. Similarly, SCAM tokens have emerged, parodying the concept while reaping substantial profits. These incidents highlight a culture of reckless experimentation where creators downplay their actions, and buyers knowingly take on the risks. The community’s mixture of humor, outrage, and cynicism underscores the memecoin industry’s murky ethical landscape.

The NFT Snapshot Debacle

The mismanagement of NFT projects continues to erode trust in the crypto space. A recent example involves XTER, which announced snapshots for their NFTs three days after taking them, leaving recent traders empty-handed. This mishandling, coupled with previous controversies like botched mints and inflated tokenomics, has frustrated investors and raised accusations of extraction schemes. Critics liken such projects to derivative clones, where hype replaces substance. The backlash reveals the growing impatience within the crypto community for projects that prioritize profits over reliability and transparency.

The Decade-Long Rugger

Crypto influencers with questionable histories continue to thrive despite their involvement in pump-and-dump schemes and insider trading allegations. One prominent figure, who allegedly operates from jurisdictions with minimal scrutiny, has spent over a decade dodging repercussions while reportedly amassing an eight-figure fortune. Critics point to his brazen insider trading and repeated exploitation of retail investors as evidence of systemic failures in crypto accountability. While some argue his immunity stems from operating in legal grey zones, others speculate about deeper connections that allow such actors to evade justice in plain sight.

Analyst Takeaway: Scam tokens like $FIREWORKS, $SHIRO, and $SPARTACUS highlight how opportunistic actors prey on investor greed and FOMO. The recurring patterns of slow rug pulls, centralized wallet manipulation, and misleading promotion on X Spaces show that scammers thrive on a lack of transparency and due diligence. The community must demand stricter accountability from influencers and developers while advocating for on-chain tools that can flag high-risk tokens in real time. Trust is a fragile currency in crypto, and rebuilding it starts with exposing these scams and fostering a culture of skepticism.

On-Chain

Prometheum and the CCP Connection

Prometheum, a controversial crypto firm under scrutiny for its alleged ties to the Chinese Communist Party (CCP), may face a reckoning in 2025. Research suggests the company engaged in questionable actions, such as minting inflammatory domains like KillTrump.ETH, raising doubts about its integrity and alignment with U.S. interests. Critics argue that its licensing is at risk and call for severe legal consequences, including treason charges. The case highlights the growing concerns over foreign influence in U.S. crypto markets and the need for stricter regulatory oversight to protect national security and investor trust.

Silk Road’s Hidden Corruption and Crypto Ties

The story of Silk Road’s downfall reveals a tangled web of corruption, collusion, and crypto connections. Key figures like Curtis Green and Blake Benthall avoided prison by collaborating with federal agents, only to later engage in suspicious crypto activities linked to Lazarus, FTX, and other hacking groups. Notably, federal agents who seized Silk Road assets invested in Benthall’s crypto startup, while ex-agent Shaun Bridges’ Ethereum holdings became a dominant force in the blockchain’s ICO. These revelations, uncovered through immutable blockchain evidence, challenge the official narrative and expose systemic corruption, raising questions about justice and accountability.

Do Kwon, Terra Luna, and the Collapse of $UST

Do Kwon, the controversial founder of Terra Luna, faces multiple fraud charges in the U.S. after the $40 billion collapse of UST. Despite warnings, Kwon continued supporting unsustainable yields on Anchor, with liquidity issues surfacing after the $600M Ronin exploit. On-chain messages demanded urgent BTC purchases days before UST’s depeg. Further blockchain analysis uncovered misused funds linked to figures like 3AC, Alameda, and the now-deceased TT. ENS domains sent shortly before the collapse hinted at impending disaster, painting a cautionary tale of negligence, fraud, and the systemic vulnerabilities in the crypto space.

Tether, $RLUSD, and the Crypto Pyramid Conspiracy

The sudden halt in Tether ($USDT) minting coinciding with the launch of $RLUSD has fueled speculation of a coordinated plan orchestrated months in advance. Observers point to cryptic numerical patterns and market behavior suggesting a larger scheme involving Tether’s dominance in the crypto ecosystem. Critics view this as emblematic of broader systemic manipulation, likening it to a pyramid scheme masked by market sophistication. Whether intentional or coincidental, this event has reignited debates over transparency and trust within the crypto market.

Analyst Takeaway: The interconnected web of corruption, questionable alliances, and systemic failures across the crypto space demonstrates how deeply vulnerabilities run in blockchain ecosystems. Whether it’s Prometheum’s suspected ties to foreign adversaries, Silk Road’s hidden corruption exposing weaknesses in regulatory oversight, or Do Kwon’s reckless collapse of Terra Luna, the patterns are consistent: unchecked ambitions, lack of accountability, and exploitation of opaque systems. As Tether’s situation raises further doubts about systemic transparency, these stories reinforce the need for rigorous audits, proactive compliance measures, and better safeguards to protect investors and maintain trust.

News

Exposing Alleged Misconduct on X (formerly Twitter)

TruthLabs, led by the account @BoringSleuth, claims to have tested Elon Musk’s commitment to free speech on X by running an ad exposing controversial Ethereum-related topics. The ad was reportedly rejected, and TruthLabs alleges retaliatory actions, such as account suspension and follower loss, revealing a potential conflict between X’s stated support for citizen journalism and its business practices. Additionally, TruthLabs suggests that Elon Musk’s acquisition of X was linked to a scheme involving dirty money, alleging funds were funneled through X’s creator payout program to launder wealth and control narratives. These claims highlight ongoing debates around transparency, free speech, and platform governance.

Analyst Takeaway: The escalating tension between free speech advocacy and corporate interests is glaringly evident in platforms like X, as allegations of censorship and financial manipulation surface. The TruthLabs revelations challenge Elon Musk’s public ethos, exposing potential compromises that undermine transparency and citizen journalism. This scenario emphasizes the need for independent oversight and accountability in digital platforms, especially when their influence shapes global narratives and economic systems.

Research

SlowMist’s Q4 2024 Report on Stolen Fund Recoveries

In Q4 2024, SlowMist’s MistTrack platform helped 25 victims freeze approximately $53.52 million across 18 platforms. The report highlighted fraud as the top cause of theft, with emerging tactics such as malicious trading bots, phishing through fake Zoom meetings, staking rebate scams, and fraudulent tokens. It also noted scams originating from platforms like Xiaohongshu, where attackers lured victims using sensationalized success stories. SlowMist emphasized vigilance, robust private key management, and reliance on trusted platforms to avoid such scams. Their free community assistance and robust AML tools aim to strengthen security and build resilience in the cryptocurrency ecosystem.

2024 Blockchain and Anti-Money Laundering Insights

SlowMist’s 2024 Blockchain and Anti-Money Laundering Report underscores the resilience of the blockchain industry amidst geopolitical tensions, regulatory tightening, and economic uncertainty. The report detailed major security incidents, scam tactics, and laundering methods, including insights into North Korean hacker operations. SlowMist’s efforts in freezing over $112 million in stolen funds, along with partnerships like those with ScamSniffer for phishing wallet drainers, demonstrate its commitment to combating financial crimes. The report also provides critical regulatory updates and trends, offering actionable guidance for industry stakeholders to navigate the evolving digital asset landscape.

2024 Crypto Phishing Surge: $494M Lost in Wallet Drainer Attacks

In 2024, phishing attacks targeting crypto wallets surged, resulting in $494M in losses — a 67% increase from 2023. Over 332,000 addresses were affected, with the largest single theft reaching $55.48M. Ethereum-based assets dominated the losses, comprising 85.3% of large thefts, with staking assets and stablecoins being the most targeted. Attackers relied heavily on permit signature exploitation (56.7%) and “setOwner” methods (31.9%). To combat these threats, experts emphasize verifying URLs, using hardware wallets, and enabling security tools. March 2024 was the peak month, accounting for $75.2M of the $187.2M lost in Q1.

ScamSniffer 2024 Review: A Milestone Year in Threat Detection

ScamSniffer’s 2024 impact was monumental, with over 40M URLs scanned and 290K malicious domains blocked. Their monitoring extended to 25K phishing addresses and 30 incidents exceeding $1M in losses. The platform conducted over 1B security checks, analyzing 50M signature requests and blocking 2.5M suspicious transactions. Additionally, they flagged 1.4M phishing tweets and detected 580K impersonation attempts. By integrating their API with 10+ Web3 projects, ScamSniffer cemented its role as a critical shield in the evolving threat landscape.

2024 Web3 Security Challenges: $2.36B Stolen Across 760 Incidents

Web3 faced a turbulent 2024, with $2.36B stolen in 760 incidents — a 31.61% increase from 2023. Phishing alone accounted for $1.05B, while Ethereum led as the most targeted chain, with $748M lost in 403 attacks. Multi-chain exploits caused an additional $435M in damages. DeFi’s explosive growth, including a $16.75B rise in Ethereum liquid staking, was tempered by a spike in private key compromises, costing $855M. CertiK’s Hack3d Report sheds light on attack vectors, trends, and security measures crucial for 2025.

December 2024: A Low Point in Monthly Web3 Losses

December 2024 saw the lowest monthly losses of the year, totaling $28.6M from scams, exploits, and hacks. Exit scams accounted for just $0.2M, flash loan attacks for $1.7M, and various exploits for $26.7M. This decline in losses highlights a potentially improving security landscape, though vigilance remains critical as attackers adapt their methods.

The Hidden Risks of Bankchain and Paxos

Bankchain, a private blockchain founded by itBit (now Paxos), has raised significant concerns due to its ties to controversial figures and entities. Paxos, previously the issuer of Binance’s BUSD stablecoin, is under investigation by the NYDFS and has connections to the collapsed Silvergate Exchange Network. Notably, Paxos’ largest VC investor, Peter Thiel, has been linked to the Silicon Valley Bank collapse. Further scrutiny reveals that Paxos directors were involved in past financial scandals, including ties to Bernie Madoff’s schemes and the 2008 banking crisis. With Microsoft also inexplicably involved in Bankchain’s early projects, the opaque nature of this private blockchain underscores broader systemic risks within the banking sector.

Analyst Takeaway: The evolution of phishing and fraud tactics in 2024 highlights a concerning shift in attacker sophistication, leveraging advanced techniques like permit signature exploitation and malicious trading bots. Organizations like SlowMist and ScamSniffer have made commendable strides in combating these threats, but the sheer scale of $2.36B stolen in Web3 incidents underscores the growing challenges ahead. From AML advancements to phishing mitigation strategies, the collective efforts of researchers and security platforms will be crucial in fortifying the ecosystem. However, it’s clear that user education and proactive defenses remain the weakest links, requiring immediate attention to curb losses and rebuild confidence.

Conclusion

This week’s findings reveal an ecosystem at a crossroads, where old wounds like Silk Road’s corruption resurface to challenge today’s narratives, and emergent threats like phishing and private blockchain vulnerabilities demand vigilance. The analysts have made it clear: transparency, proactive defense, and accountability are paramount for stability. Whether it’s SlowMist freezing millions in stolen funds, ScamSniffer’s innovative detection tools, or the hard lessons from Terra Luna’s collapse, one thing is certain — the crypto space must evolve or face greater chaos. Findings reveal an ecosystem at a crossroads, where old wounds like Silk Road’s corruption resurface to challenge today’s narratives, and emergent threats like phishing and private blockchain vulnerabilities demand vigilance. The analysts have made it clear: transparency, proactive defense, and accountability are paramount for stability. In 2024 alone, over $500M was lost to phishing schemes, adding to the staggering $3.2B stolen across crypto-related hacks and scams. The road ahead requires resilience and collaboration, as the risks remain as global as the opportunities.

Thanks for getting this far in our article. Don’t forget that you can vote up to 50-times a day for your favorite articles on Medium. We accept more than 1-vote, as it helps us spread the Cybersecurity insights into Crypto. The more people that see this information, the more people we can help. We should share information about criminals and scammers to help protect each other, just like we pick up stray trash and put it in the trash can.

Further Resources about Cyber Strategy Institute:

If interested in other analysis, checkout our other Crypto Security Medium articles, our Indpeth Analysis Articles and for more of a daily understanding of the Cryptoverse follow our Twitter account. Relying on a dying Cybersecurity model is not a foundation for success; that is what Warden changes for the good!

Warden

It is designed leveraging a Zero Trust model, stopping all known bad and unknown malicious threats. This starts by defending at the kernel level, so that any software does not know it’s been placed into a sandbox. We call this the “Inception Protection” model, which will not allow any program to impact your systems. No other system can do this on the market today. Protect your digital life, your families or your organization today with Warden!

If you want a 50% Discount on your purchase, then sign up for our newsletter, and we will send you the code for your support. Just reply to your first email saying you would like a discount.

Cyber Strategy Institute

Medium: https://cyberstrategy1.medium.com/

Twitter: https://twitter.com/CyberStrategy1

X: https://x.com/Warden_Secure

Website: https://cyberstrategyinstitute.com

Protect Yourself, Family or Business Today with Warden!

https://cyberstrategyinstitute.com/personal-protection-warden