The month of May witnessed an unsettling development in the digital currency landscape as losses associated with ‘rug pull’ scams surpassed those stemming from DeFi exploits.
This finding, underscored by Beosin EagleEye, the security risk monitoring platform of Beosin, signals an urgent need for increased vigilance among crypto investors.
A dark cloud of rug pull scams
In May 2023, as per Beosin’s data, an array of security incidents led to a total loss of $19.69 million, marking a significant 79% decrease compared to the preceding month.
However, in a somewhat paradoxical trend, the total amount involved in fraudulent schemes, predominantly rug pulls, soared to a staggering $45.02 million, more than double the losses resulting from security breaches.
The most significant attack, amounting to a loss of $7.5 million, was observed on Jimbos, a project operating on the Arbitrum chain. With frauds appearing more frequently in May, several abandoned projects caused losses exceeding $1 million, further intensifying the menace of rug pull scams.
Among the most notable rug pull incidents, the case of XIRTAM stands out, where the project owner reportedly moved around 1,909 ETH, equating to $3.58 million, to Coin Security, subsequently freezing the project. Another incident involved Swaprum, an application on Arbitrum, where the deployer made a profit of $3 million.
The rise of rug pull scams has also highlighted the vulnerabilities in hardware wallet security. The unofficial sale of “activated” imKey hardware wallets by unauthorized stores points to the potential risk of social engineering attacks.
Moreover, security firms have flagged potential vulnerabilities in the Trezor T hardware wallet that could allow an attacker to crack the mnemonic by physically accessing the wallet.
Notably, a new type of coin theft emerged in May, which involves fraudsters modifying shared charging devices in KTVs to steal private keys from mobile phones. This method of scamming further emphasizes the evolving sophistication of the threat landscape.
The bigger picture
In the face of this rising tide of rug pull scams, the need for stringent security measures, comprehensive project audits, and increased user awareness becomes paramount.
With over half of the attacked projects in May remaining unaudited, it is recommended that investors demand rigorous security audits by professional firms before committing their funds.
More worryingly, hackers and fraudsters appear to be shifting their focus toward everyday users, exploiting their limited understanding of the complexities involved in the crypto domain.
To counter this, investors are urged to elevate their anti-fraud awareness, diligently research project backgrounds, and acquire multiple methods to safeguard their assets.
May’s security landscape paints a clear picture: the allure of quick profits in the crypto market continues to draw both investors and fraudsters.
And while the month saw a decrease in the losses resulting from attacks, the staggering rise in the ‘rug pull’ scams indicates a concerning shift in the risk landscape.
Moving forward, the crypto industry must reconcile with these evolving threats to ensure the security of its users, and to bolster the legitimacy and longevity of this revolutionary technology.
**You can read the report here.