The crypto industry has experienced a sharp rise in security breaches recently. Based on incomplete statistics, February 2025 alone saw around 15 hacking incidents, leading to losses totaling $1.676 billion. Beyond the substantial financial damage suffered by victims, these attacks serve as a crucial wake-up call for the entire industry.
How do hackers manage to bypass security defenses? In this edition of the Security Monthly Report, we will recap recent security incidents and offer targeted prevention strategies to help you strengthen your security awareness and protection measures.
Bybit Cold Wallet Hack
On February 21, 2025, Bybit suffered a hack, losing $1.5 billion from its Ethereum cold wallet. The attacker exploited Bybit’s Safe multi-signature wallet by manipulating the front-end interface, tricking signers into approving malicious transactions. This allowed them to alter the smart contract logic and take full control of the cold wallet.
Bybit CEO’s Statement on the Breach
Risk Alert: Exploitation of Technical Vulnerabilities
PSA:
- Check asset reserves, audits, and past incident responses. Bybit quickly recovered from an ETH shortfall using reserves and loans, ensuring normal operations.
- Spread assets across CEXs, DeFi, and hardware/software wallets to reduce risk.
- Even experts can be tricked. Avoid phishing scams by verifying unexpected emails, messages, and links.
Infini Smart Contract Exploit
On February 24, 2025, the Infini contract was attacked, resulting in over $49 million in losses. The attacker exploited poor access management to transfer all funds. Infini plans to use OTC to cover part of the shortfall and is pursuing legal action to recover losses.
Risk Alert: Smart Contract Vulnerabilities
PSA:
- Check contract permissions to avoid unnecessary privileges. Poorly designed or malicious contracts can lead to asset loss.
- Periodically review and revoke unused wallet authorizations to minimize risk. Learn more: Token Authorization Review and Revocation & Common Token Authorization Scams.
Since August 2023, imToken has supported the “You Sign What You See” feature, effectively preventing blind signing and phishing attacks, protecting user asset security. Learn more: Revamped imToken signature for safer and more intuitive transactions.
Mask Network Founder’s Wallet Hacked
On February 27, 2025, Suji Yan, the founder of Mask Network, reported that one of his public wallets stored on his mobile phone was hacked, resulting in losses exceeding $4 million. Initial analysis suggests that the attacker may have stolen the private key while the phone was unattended or used an offline attack to gain access. The hacker obtained the private key, allowing unrestricted asset transfers.
Suji Yan’s Analysis of the Incident
Risk Alert: Poor Private Key Management & Device Security Weaknesses
PSA:
- Keep Wallet-Hosting Devices Secure: Always keep the mobile phone containing your wallet within sight to prevent unauthorized access that could lead to private key theft.
- Use Hardware Wallets for Large Assets: Consider using hardware wallets like imKey to store significant assets. Hardware wallets generate and store mnemonics offline using secure chips, displaying them only once during the initial setup for backup purposes and preventing further export.
- Use Physical Backup Methods: When backing up mnemonics, opt for physical mediums (e.g., handwritten notes or mnemonic storage) to keep them offline, reducing the risk of online attacks.
- React Immediately If a Wallet Is Compromised: If you suspect your wallet has been compromised, transfer remaining assets to a secure address immediately and retain relevant evidence to seek legal assistance.
Other Recent Security Incidents
SMS Phishing Attacks
Recently, SlowMist disclosed a wave of SMS phishing attacks targeting Binance users. Some users received phishing messages within the same message thread as official Binance notifications, making them highly deceptive.
Scam SMS appearing in the same thread as official Binance messages
Image source: https://x.com/im23pds/status/1894584041355317265
Some users received scam messages impersonating wallet providers, falsely claiming, “XX Wallet is shutting down,” and directing them to phishing sites to steal their mnemonics and assets.
Important Notice: imToken never contacts users via SMS or phone calls. Any unsolicited messages claiming to be from imToken are scams.
Risk Alert: Phishing Attacks
PSA:
- When receiving notifications via SMS, always verify the information through multiple official channels, such as the official website, X account, and customer support email, to avoid being misled.
Hacked X Accounts Spreading Fake Tokens
Recently, there has been an increasing number of attacks targeting high-profile individuals, government entities, and project teams on X. For example:
- The X account of Shaw, founder of ai16z, was compromised and used to post links to fake tokens.
- The X accounts of the former Malaysian Prime Minister and the Saudi Legal Conference were exploited to promote fraudulent meme coins.
- Accounts linked to Pump.fun and Jupiter were also hijacked and used to spread fake tokens, misleading users into investing.
Former Malaysian Prime Minister’s X account was hacked, promoting fake tokens under the name of the Malaysian government.
Risk Alert: Misinformation Exploiting Celebrity Influence
PSA:
- Verify the authenticity of token launches, airdrops, or investment opportunities through multiple sources and avoid blindly following trends.
- Use strong passwords, enable two-factor authentication (2FA), and regularly monitor account activity for any suspicious actions.
Hackers are exploiting security vulnerabilities, from Bybit’s cold wallet breach to Infini’s contract exploit and Mask Network’s founder’s wallet hack. Strengthening security awareness, including proper permission settings, private key management, and recognizing misinformation, is crucial for building a strong defense
imToken Is Always Protecting Your Token Security
In January, imToken marked a total of 5680 risky tokens, banned 546 risky DApp websites and marked 1283 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us: support@token.im to help more users avoid token losses.
Closing Thoughts
Scams are constantly evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions, providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.