Losses from crypto hacks and scams more than doubled in the second quarter of 2024 in comparison to the same period in the previous year, as per findings from Immunefi, a blockchain security platform. A staggering sum of over $572 million was lost in Q2, as opposed to merely $220 million in Q2 of 2023, with the majority of losses attributed to hacks on centralized exchanges.
Before this quarter, losses from hacks and scams had been on a decreasing trend, with a 23% drop reported by Immunefi in Q1. This downward trend persisted until April and most of May, but took a sharp turn as losses spiked towards the end of May and June.
The most significant loss in the second quarter stemmed from the private key hack of crypto exchange DMM on May 31, which resulted in the theft of $305 million worth of Bitcoin (BTC). Another $55 million in losses was incurred from the BtcTurk hack on June 22. Together, these two major hacks contributed to over 62% of the total losses for the quarter, according to the report.
Centralized protocols and exchanges bore the brunt of approximately $401 million in losses during the quarter, amounting to 70% of the total losses. Despite this, the successful attacks on these targets represented only a minuscule portion of the total incidents. While there were only five successful attacks on centralized protocols, there were a total of 62 instances of successful exploits or scams involving decentralized protocols.
Decentralized finance protocols suffered losses totaling $171 million in the quarter, marking a 25% decrease from Q2 2023. Ethereum and the BNB Smart Chain remained the prime targets for scammers and hackers, accounting for 71% of the total losses.
There are indications that Ethereum layer 2s are gaining traction among malicious actors. Arbitrum ranked as the third most targeted network, reporting four incidents and losses comprising 5.5% of the total, while Blast and Optimism each had three incidents. All other networks experienced no more than one incident, collectively constituting 15% of the total losses.
In the assessment, Immunefi founder Mitchell Amador emphasized the significance of securing centralized exchange infrastructure in the wake of the quarter’s losses, calling attention to the gravity of the situation. Some of the stolen funds from the quarter were eventually recovered by security researchers. For instance, following the exploitation of the Gala Games protocol, most of the funds were returned. Reports indicated that the attacker might have compromised his anonymity by not using a virtual private network, potentially exposing him to legal repercussions, though this was never definitively confirmed.
Moreover, entities like Alex Labs, Bloom, and Yolo Games also managed to retrieve a substantial portion of the funds lost in their exploits, accounting for 5% of the total losses for the quarter as per Immunefi.
Magazine: Polkadot’s Indy 500 driver Conor Daly: ‘My dad holds DOT, how mad is that?’