encryption Monthly Report: The security loss of funds in January was approximately $98 million, a significant decrease compared to the same period and month-on-month.

ZeroTech's monthly security event highlights have begun! According to statistics from some blockchain security risk monitoring platforms, in January 2025, losses due to vulnerabilities, hackers, and scams amounted to approximately 98 million US dollars, with 28 cryptocurrency hacker attacks, of which about 8 million US dollars were attributed to phishing. However, compared to the 133 million US dollars in losses in January 2024, it decreased by 44.6%. It also decreased by 56% compared to the 23.58 million US dollars in losses in December 2024.

Hacker attacks

Typical Security Incident7 Occurrences

(1) On January 8th, users of Orange Finance (a DeFi protocol on Arbitrum) were stolen more than 800,000 US dollars. The attacker was able to access the management keys of the protocol and use these keys to maliciously upgrade the protocol's contracts, thereby stealing the wallets of all users who had valid token approvals for the protocol.

(2) On January 8th, Moby experienced a private key leak incident that affected some LP assets in certain protocols. They stated that this was not a security issue related to the protocol's smart contracts, but rather a Hacker attempting to simply upgrade existing smart contracts using the stolen proxy private key to steal funds. Ultimately, tonykebot successfully implemented a white-hat rescue operation using the unprotected situation in the UUPS, returning the 1.47 million USDC obtained by the Moby Hacker from the attack chain to the project owner.

(3) On January 13th, according to the monitoring of the ZeroTech security team, UniLend on the EVM chain was attacked, resulting in a loss of approximately $197,000. The cause of this vulnerability is that Unilend did not subtract the amount to be transferred out when calculating the quantity of collateral during the redeem process, resulting in an incorrect calculation of the quantity of collateral higher than the actual quantity held by the attacker, which should not have successfully completed the exchange. As a result, the attacker emptied the project party's stETH token.

Detailed attack analysis can click this link:

ZeroTech || Unilend Attack Incident Analysis

(4) On January 15, Zero Science project team detected multiple attacks against the Ethereum-based project Sorra, causing a total loss of 41,000 USD. The cause of this vulnerability was that the Sorra project did not check whether the user had already withdrawn the reward when the user withdrew, allowing the user to repeatedly withdraw the reward through a large number of operations. Attackers exploited the vulnerability to initiate multiple transactions and withdraw all SOR Tokens from the Sorra project.

Detailed attack analysis can be found by clicking this link:

Temporary Technology || SorraStaking Attack Analysis

(5) On January 21st, Forta detected a vulnerability worth $324,000 on TheIdolsNFT.

(6) On January 23, the hot wallet of Phemex Cryptocurrency exchange, based in Singapore, was attacked, resulting in a loss of approximately 70 million dollars.

(7) On January 24th, according to the SlowMist security team's monitoring, due to the lack of input validation in ODOS, this vulnerability has been exploited on multiple chains, resulting in a loss of about 100,000 US dollars. ODOS tweeted that this attack exploited a vulnerability in its audited executor contract, stealing the income stored in the contract, but did not affect any user funds.

Rug Pull / Phishing Scam

Typical Security Incident10** Cases**

On January 2nd, a $VIRTUAL holder holding about 39 times ($196,396) of tokens lost all the tokens due to 'increasing quota' Phishing transaction.

(2) On January 3rd, a $RLB holder lost all tokens worth about $1 million due to the "Uniswap Permit2" Phishing signature.

(3) On January 6th, the address starting with 0x5167 lost 155,256 US dollars' worth of EIGEN due to signing a "add allowance" Phishing transaction.

(4) On January 7th, an address starting with 0x8536 lost tokens worth $103,020 after signing a 'Uniswap Permit2' Phishing transaction.

(5) On January 8th, the address starting with 0x3402 lost a value of $474,422 in $OLAS, $SEKOIA, $VIRTUAL, and $FJO after signing multiple Phishing signatures.

(6) On January 14th, the address starting with 0x00c0 lost $VIRTUAL worth 263,255 US dollars after signing a Phishing transaction.

(7) On January 17th, the address starting with 0x80dc lost the value of 426,106 US dollars in USUALUSDC+ after signing the 'license' Phishing signature.

(8) On January 20th, the address starting with 0x1e70 lost a value of 135,068 USD WETH after signing the "allow" Phishing signature.

(9) On January 22, an address starting with 0x3149 lost $XG worth $553,045 after signing a 'transfer' phishing transaction.

On January 29th, the address starting with 0xeb2 lost a value of $384,645 in $LINK after signing the "increaseApproval" Phishing transaction.

( Summary

In January, cryptocurrency phishing scams stole $10.25 million from 9,220 victims, a 56% decrease from the $23.58 million loss in December. However, the criminals are constantly evolving and adopting more sophisticated attack methods.

Zero Security Team advises project parties to always remain vigilant and remind users to guard against phishing attacks. Users are advised to fully understand the background and team of the project before participating and to choose investment projects carefully. In addition, it is also necessary to conduct internal security training and permission management, and to find a professional security company to audit and conduct background checks before the project goes online.