The crypto sector suffered $572 million in losses in the second quarter due to hacks and fraud, with 70% of the total amount coming from two CeFi exchanges, DMM Bitcoin and BtcTurk.
According to the latest report from the Web3 bug bounty platform and security service Immunefi, the cryptocurrency industry suffered $572.7 million in losses due to hacks and fraud in the second quarter of this year, with 72 attack incidents occurring.
This loss figure increased by 70.3% compared to $336.3 million exploited in the first quarter and increased by 112% compared to the second quarter of 2023, when hackers and fraudsters stole $265.5 million.
Of the total $572.7 million, hacks were the main cause of losses in the second quarter, accounting for 98.5% ($564.2 million) from 53 incidents, compared to cases of fraud, scams, and rug pulls, which accounted for only 1.5% ($8.5 million) through 19 incidents.
Data compiled by Immunefi since the beginning of the year shows that a total of more than $900 million has been stolen through hacks and fraud, an increase of 40% compared to the $656 million recorded at the same time last year.
The total loss from crypto hacks in Q2 2024 was 572 million USD with CeFi becoming the main target of attackers.
Contrary to the “usual” trend seen in previous reports where DeFi was the preferred target of hackers, this time centralized finance (CeFi) became the most targeted sector, accounting for 70% ($401.4 million) of the losses in the second quarter compared to 30% ($171.3 million) for DeFi.
More notably, 62.8% of the total $401.4 million loss in CeFi came from just two attacks:
- The largest attack was on the Japanese cryptocurrency exchange DMM Bitcoin, which lost 48.2 billion yen worth of Bitcoin (equivalent to 4,502.9 BTC valued at $305 million at the time of the announcement). Although the exchange planned to “rotate funds” to compensate for the losses, this is considered the eighth largest crypto theft of all time, with the third-largest loss in Japan.
- Next, $55 million was stolen from the Turkish crypto exchange BtcTurk on June 23 – less than a month after the $305 million hack of DMM Bitcoin and the latest controversy between the Kraken exchange and security assessment unit CertiK.
Explaining why hackers have shifted their “preferences” to CeFi, Immunefi founder and CEO Mitchell Amador said it is largely due to “infrastructure vulnerabilities, as just a small vulnerability can lead to millions of dollars in losses. This sector needs stronger security measures to enhance protection.”
The first half of 2024 also saw May having the highest loss in the second quarter with a total of $358.5 million, far surpassing the $72.6 million recorded in April – a period that security company CertiK noted as having the lowest crypto hack losses since 2021.
Ethereum and BNB Chain continue to be the top targeted blockchains by hackers, similar to the first quarter, accounting for 71% of the total losses, with:
- Ethereum suffering the most with 34 attacks, accounting for 46.6% of the losses across chains.
- Followed by BNB Chain with 18 attacks, accounting for 24.7%.
- Arbitrum was the third most targeted network, suffering 4 incidents and accounting for 5.5% of the total losses.
- Blast and Optimism each had 3 incidents.
- Solana, Polygon, Fantom, Linea, Mantle, and TON did not have more than one security incident, accounting for 15% of the total losses.
Amid the report full of “negative” numbers, there is a positive sign that some of the stolen amounts in the second quarter have been recovered by security researchers.
A total of $26.7 million (5%) of the stolen funds in the second quarter from 4 exploits – Bloom, ALEX Lab, YOLO Games, and Gala Games – were recovered.
Also in the report, Immunefi proudly announced that earlier this month it surpassed the milestone of $100 million in rewards for white hat hackers and security researchers. These rewards will be spread over three years and result from more than 3,000 bug bounty reports.
Immunefi claims to operate the largest blockchain security community with over 45,000 researchers, helping to recover and protect over $25 billion in user funds from being stolen across protocols such as Polygon, Optimism, Chainlink, The Graph, Synthetix, and MakerDAO.
The highest reward Immunefi has ever paid was in 2022, with $10 million for a protocol vulnerability discovered in cross-chain Wormhole. This reward alone was larger than the total of $8.7 million that Google’s bug bounty programs paid out in 2021. Another large reward from Immunefi was $6 million for a critical vulnerability discovered in Aurora Labs.
Source: Coin68
Comments