According to the latest Web3 industry security report from Gate Research, a total of 40 security incidents occurred in January, resulting in approximately $87.94 million in losses. The incidents were diverse in nature, with account breaches being the primary threat, accounting for 52% of total losses. The report analyzes key security incidents in-depth, including a hacker attack on the Phemex exchange, a major security vulnerability affecting NoOnes, and a private key leak impacting Moby. Account hacks and smart contract vulnerabilities were identified as the most significant security risks of the month, underscoring the industry’s ongoing need for enhanced security measures.

Executive Summary

• In January 2025, the Web3 industry experienced 40 security incidents, resulting in approximately $87.94 million in losses, marking a significant increase from the previous month.
• The main attack methods this month involved smart contract vulnerabilities and account breaches.
• Account hacks remain the primary threat, accounting for 52% of total losses in the crypto industry.
• Most losses occurred on major public blockchains, including BSC, Ethereum, and Solana.
• Key incidents this month included a hacker attack on the Phemex exchange, resulting in a loss of $70 million, a major security vulnerability affecting NoOnes, leading to a loss of $7.2 million, and a private key leak at Moby, causing a loss of $2.5 million.

Overview of Security Incidents

According to Slowmist data, 40 security incidents were recorded in January 2025, with total losses amounting to $87.94 million. The attacks primarily involved smart contract vulnerabilities, account breaches, and other methods. Compared to December 2024, the total losses increased 20-fold month-over-month. Account breaches were the leading cause of attacks, with 21 reported incidents accounting for 52% of the total. Official X accounts and websites remain prime targets for hackers.[1]

This month’s distribution of security incidents across public chain ecosystems shows that six affected projects—AST, BUIDL, FortuneWheel, HORS, IPC, and Mosca—were all part of the BSC (Binance Smart Chain) ecosystem, with a total loss exceeding $600,000. Meanwhile, five affected projects—Moonray, UniLend, SuperVerse, Sorra, and LAURA—belonged to the Ethereum (ETH) ecosystem, incurring a combined loss of over $280,000. Holoworld AI and DAWN were projects within the Solana ecosystem that suffered security incidents. These incidents highlight the urgent need to enhance security across public chain ecosystem projects. Given the frequent attacks and vulnerabilities, BSC must emphasize smart contract auditing, risk control mechanisms, and on-chain monitoring tools to improve overall security standards.

Several blockchain projects suffered major security incidents this month, resulting in significant financial losses. Notable cases include Phemex exchange hack, causing a $70 million loss; NoOnes security vulnerability, leading to $7.2 million in losses; Moby private key leak, resulting in a $2.5 million loss.

Major Security Incidents in January

According to official disclosures, the following projects suffered losses exceeding $79.7 million in January. These incidents highlight that account breaches and smart contract vulnerabilities are the primary threats.

• In the Phemex hack incident, the attacker simultaneously extracted large amounts of assets from multiple chains, prioritizing the conversion of freezable stablecoins (such as USDC and USDT). Afterward, other tokens were liquidated in order of value. These actions were not scripted but performed manually, with assets being manually sent to new addresses for conversion. Once completed, the funds were transferred to another new address.
• NoOnes hot wallet experienced hundreds of suspicious transactions, each involving less than $7,000. NoOnes CEO Ray Youssef confirmed on a Telegram channel that the hack occurred on January 1st due to a vulnerability in their Solana cross-chain bridge.
• Moby suffered a suspected private key leak. The hacker modified and executed contracts, using the emergencyWithdrawERC20 function to withdraw 207 ETH, 3.7 BTC, and 1,470,191 USDC, with a total value of approximately $2.5 million.

Phemex

Project Overview: Phemex is a cryptocurrency derivatives exchange based in Singapore. It was founded in 2019 by former Morgan Stanley executives. The exchange is known for its low fees, high liquidity, and fast growth, offering user-friendly charts and wallet interfaces.

Incident Overview: Phemex was attacked on January 23, losing over $70 million worth of cryptocurrency. This attack appears to follow a pattern similar to vulnerability exploitation in other prominent crypto exchanges. MetaMask’s Chief Security Researcher, Taylor Monahan, stated, “The attacker extracted large amounts of assets from multiple chains simultaneously, prioritizing the conversion of freezable stablecoins (such as USDC and USDT). Afterward, other tokens were liquidated in order of value. These actions were not scripted but performed manually. The assets were manually sent to new addresses for conversion. Once completed, they were transferred to another new address. The assets were then stored until a proper money-laundering team would withdraw them in the coming weeks or months.”[2]

Post-Incident Recommendations:

• Cross-chain Monitoring and Anomaly Pattern Recognition: Deploy real-time monitoring systems that support multi-chain asset flows, integrating AI-based behavioral analysis to identify anomalous features of non-scripted manual operations (such as large asset transfers across multiple chains in a short time, frequent address changes, etc.). Dynamic threshold alerts should be set up to detect these irregularities.
• Establishing an Industry-level Risk Warning Network: Set up instant communication channels with major stablecoin issuers such as USDT and USDC. Sign pre-authorization agreements that allow exchanges to trigger asset freeze requests via API interfaces once an attack is confirmed, thus shortening response times.
• Distributed Hot and Cold Wallet Hybrid Management: Use multi-signature cold wallets to store over 90% of assets while dynamically allocating hot wallet limits as needed. Employ key sharding technology to distribute key storage, preventing single points of failure that could lead to global losses.

NoOnes

Project Overview: NoOnes is a financial communication super app that empowers people by connecting them to global conversations (chat) and the world’s financial system (payments). People in developing countries will now be able to send messages to anyone freely, trade approximately 250 payment methods on their local markets, and make peer-to-peer payments—all of which can be done using Bitcoin wallets that serve as a store of value.

Incident Overview: On January 1, 2025, NoOnes was attacked on Ethereum, Tron, Solana, and BSC, resulting in a loss of approximately $7.2 million. The NoOnes hot wallet experienced hundreds of suspicious transactions, each involving amounts under $7,000. NoOnes CEO Ray Youssef confirmed on their Telegram channel that the hack occurred on January 1 due to a vulnerability in their Solana cross-chain bridge. The platform has since shut down the affected Solana bridge and stated that it will not restore Solana support until a comprehensive penetration test is completed.[3]

Post-Incident Recommendations:

• Strengthen Cross-Chain Bridge Security Audits: It is recommended that comprehensive security audits be conducted on all cross-chain bridges, especially focusing on vulnerabilities in smart contracts and cross-chain protocols. Hire third-party security companies for penetration testing and code reviews to ensure the security of the bridges.
• Implement Multi-Signature and Cold Wallet Storage Mechanisms: To reduce the risk of hot wallet attacks, adopting a multi-signature (Multi-Sig) mechanism requires multiple approvals before completing large transfers. Additionally, most funds are stored in cold wallets, keeping only a small portion in hot wallets for daily transactions.
• Introduce Real-Time Monitoring and Anomaly Transaction Alert Systems: Deploy real-time transaction monitoring systems to track and analyze hot wallet activity. Set up alerts for anomalous transactions, such as transfers exceeding a certain threshold or a large number of small transactions occurring quickly. These alerts should automatically trigger and pause the transaction function.

Moby

Project Overview: Moby is an on-chain options protocol powered by the SLE (Synchronized Liquidity Engine) model, offering the narrowest spreads, the highest liquidity, and Robinhood-level UI/UX.

Incident Overview: The on-chain options protocol Moby suffered a suspected private key leak, allowing the attacker to modify and execute contracts, using the emergencyWithdrawERC20 function to withdraw 207 ETH, 3.7 BTC, and 1,470,191 USDC, with a total value of approximately $2.5 million. Moby posted on the X platform stating that, to protect user assets in the current situation further, it recommends revoking valid approval transactions related to the following addresses: PositionManager, SettleManager, sRewardRouterV2, and mRewardRouterV2. Moby mentioned that these measures are precautionary steps to ensure wallet security and that efforts are ongoing to restore and maintain a stable and secure environment[4].

Post-Incident Recommendations:

• Establish Layered Multi-Signature Permission Management: Upgrade private key storage to a hardware-level cold wallet + multi-signature solution, separating development permissions from fund control. Add a time lock and DAO governance dual validation to critical functions of core contracts (such as emergencyWithdrawERC20), setting a 72-hour execution delay for significant operations, with multi-signature community confirmation required.
• Build a Dynamic Authorization Monitoring System: Develop an on-chain authorization real-time tracking dashboard integrated into the user interface, displaying all contract interaction permissions and risk levels. Deploy an automatic authorization revocation bot that will trigger smart contract-level automatic revocation when abnormal large transfers or contract anomalies are detected.
• Establish a Security Incident Circuit Breaker Response System: Deploy an anomaly transaction detection module based on machine learning and set multi-dimensional risk control rules (time/frequency/amount thresholds) for sensitive functions such as emergencyWithdraw. Develop an emergency pause switch, which automatically freezes the contract and starts a full node validation process when triggered by an anomaly.

Conclusion

In January 2025, several DeFi projects suffered security vulnerability attacks, resulting in the loss of millions of dollars in assets. These incidents included a hacker attack on the Phemex exchange, a major security vulnerability affecting NoOnes, and a private key leak at Moby. These events exposed critical risks related to smart contract security, cross-chain protocol composability, and liquidity pool management. The industry urgently needs to strengthen smart contract audits, introduce real-time monitoring, and implement multi-layered defense mechanisms to enhance platform security and boost user trust. Gate.io reminds users to stay updated on security developments, choose reliable platforms, and strengthen personal asset protection.


Reference:

1. Slowmist,https://hacked.slowmist.io/zh/statistics
2. X,https://x.com/wublockchain12/status/1882605904761340362
3. X,https://x.com/wublockchain12/status/1883310710132035999
4. X,https://x.com/BeosinAlert/status/1877180521710596452

Gate Research
Gate Research is a comprehensive blockchain and crypto research platform, providing readers with in-depth content, including technical analysis, hot insights, market reviews, industry research, trend forecasts, and macroeconomic policy analysis.

Click the Link to learn more

Disclaimer
Investing in the cryptocurrency market involves high risk, and it is recommended that users conduct independent research and fully understand the nature of the assets and products they purchase before making any investment decisions. Gate.io is not responsible for any losses or damages caused by such investment decisions.