According to BlockBeats news on December 26, Telcoin, a blockchain payment application, suffered a vulnerability attack and lost approximately $1.3 million. Its token TEL fell by 43.25% in 24 hours. Currently, Telcoin has temporarily frozen the use of the application.

According to data from blockchain security and analysis company Certik, cryptocurrency hacks have resulted in nearly $2.4 billion in stolen funds this year alone. The third quarter was the most active period for hackers, with 184 known attacks resulting in almost $700 million in stolen funds. The report states that the losses caused by hackers in the third quarter alone were greater than the total for the first and second quarters combined. While these numbers are alarming, they are significantly lower than last year's total of over $3.5 billion. According to SlowMist, there have been 450 confirmed hacking incidents as of 2023, with decentralized protocols on the Ethereum and BNB smart chains being the most common targets.

Chain game SERAPH: In the Darkness X platform account is suspected to have been hacked, please do not interact.

Cyvers Alerts posted on X platform, stating that the system detected multiple suspicious transactions related to Pine Protocol. The attacker appears to be a white hat hacker who has requested a bounty of 20 ETH. The attacker has already deposited the 20 ETH into Tornado cash.

On December 22, Curve Finance announced that the voting results for the Vyper security incident fund recovery have been executed, covering all affected users. The specific compensation includes: distribution of the 7.2 million USD worth of ETH recovered by white hat hackers to the DAO; compensation of the unrecovered portion of the 42 million USD worth of CRV; and recovery of funds from other white hat hackers who received them prior to the vote.

2023 has been a pivotal year for the cryptocurrency industry, witnessing various security challenges and cyber threats. This report delves into the intricate details of the hacks and security breaches that have marked the year, offering a comprehensive analysis of trends, patterns, and the evolving nature of cyber threats in the crypto world. We aim to provide valuable insights for industry stakeholders, enhancing their understanding of the security landscape and facilitating informed decision-making.

A poster on Breach Forums is selling access to Binance's law enforcement request panel for $10,000 in cryptocurrency, which seems to be obtained through compromised email accounts belonging to law enforcement officials. The panel provides lawful access to account data and is facilitated by a third-party service called Kodex. The vulnerability of email accounts belonging to law enforcement organizations worldwide is being exploited by hackers, and Binance has encountered fraudulent requests in the past. The Digital Authenticity for Court Orders Act has been introduced in the Senate to prevent the illegal use of forged court orders, but it only covers the U.S. and not other law enforcement agencies globally.

SlowMist released its security report for last week (December 10-16, 2023), with an estimated total loss of $8,428,033. Key events:

The Southern District of New York's prosecutor's office announced on Thursday that Shakeeb Ahmed, a 34-year-old senior security engineer, admitted to attacking the Nirvana Finance protocol and another unnamed decentralized cryptocurrency exchange. Shakeeb Ahmed agreed to surrender the $12.3 million he gained from the two hacks and will compensate the victims a total of $5 million.

Hackers stole $484,000 by inserting malicious code into the Github library for Connect Kit, a widely-used piece of blockchain software maintained by crypto wallet firm Ledger. Several major DeFi protocols that use the library have been impacted, and users have been warned to avoid using dApps until the protocols are updated. Ledger has confirmed that an employee was targeted in a phishing attack, after which the attacker published a malicious version of the Ledger Connect Kit. To completely mitigate the risk, every protocol using Ledger's Connect Kit must manually update their version of the library.