PANews reported on March 3 that according to the SlowMist Security Report, Web3 security incidents in February 2025 resulted in a total loss of $1.681 billion. Among them, hacker attacks caused a loss of $1.676 billion, and another $52.45 million was successfully frozen or recovered. The main attack methods include smart contract vulnerabilities, social engineering, account theft, and private key leaks. In addition, according to Scam Sniffer data, a total of 7,442 people lost $5.32 million due to phishing attacks this month. Overview of major security incidents:
• Bybit hacking incident (loss of $1.5 billion): On February 21, Bybit suffered a massive capital outflow. Investigations showed that hackers used the APT attack method of Lazarus Group to trick the signatories of Bybit Safe wallet into executing malicious transactions. Currently, $43.65 million of stolen funds have been frozen.
• LIBRA scam (funding collapse): On February 15, Argentine President Javier Milei promoted a cryptocurrency called LIBRA, which had a market value of nearly $5 billion, but then the team withdrew liquidity, causing the market to plummet.
• Infini attack ($50 million loss): On February 24, the stablecoin bank Infini lost $50 million due to an attacker exploiting its management wallet permissions. Currently, part of the funds have been converted to ETH.
• zkLend vulnerability attack (loss of US$9.6 million): On February 12, the Starknet on-chain lending platform zkLend was attacked due to a rounding vulnerability in the safeMath library. Hackers took advantage of incorrect calculations to profit. It is suspected that the previous EraLend attack (loss of US$3.4 million) was done by the same person.
• Ionic social engineering attack ($12.3 million loss): On February 4, the attacker forged LBTC assets and successfully used them as collateral for lending fraud on the Ionic protocol. Currently, $8.8 million in funds have been frozen.
