Crypto Hackers Siphon Over $300 Million in Q1 2024, Immunefi

Immunefi reveals that the DeFi industry, boasting over $100 billion in TVL, remains a hunting ground for crypto hackers.

  • Hackers are still running rampant in the crypto industry.
  • The crypto industry has so far incurred over $300 million in losses due to hacks and scams.
  • Immunefi’s latest report reveals that while losses remain significant, there has been a notable decrease in events compared to last year.

The crypto industry, while brimming with immense potential, is also teeming with hackers and scammers looking for their next victim. This is particularly true now, as many tokens, including Bitcoin, have reached new all-time highs after enduring a two-year bear market.

As more investors enter the fray to ride the crypto hype, scammers are also ramping up their methods, siphoning off millions in just the first quarter of this year.

Crypto Hacks Run Rampant in the DeFi Industry
The crypto industry has so far incurred a total of $336 million in losses due to hacks and scams during the first quarter, with nearly half of that capital stolen in January of this year, according to the latest report from Immunefi, a web3 bug bounty and security solution platform.

The report reveals that the DeFi industry, boasting over $100 billion in total value locked (TVL), remains a lucrative hunting ground for scammers and hackers, given the wide array of decentralized exchanges. Immunefi notes that the DeFi industry accounted for 100% of the exploits identified by the web3 bug bounty platform in Q1, compared to zero for CeFi platforms.

The Main Culprit? Crypto Hackers
Immunefi also detailed that hacks continued to be the predominant cause of losses at 95.6%, in contrast to fraud, which only accounted for 4.4% of the total losses. The two most targeted chains in Q1 2024 were Ethereum and BNB Chain. Ethereum suffered the most individual attacks with 33 incidents, followed by BNB Chain with 14 incidents, and Arbitrum with 6 incidents.

image 71 image 71

A majority of the losses were incurred by two projects alone, accounting for a combined $144.5 million, or 43%, of the total. An $81.7 million exploit of the cross-chain bridge protocol Orbit Bridge, occurring during New Year’s celebrations, represented the largest attack. January witnessed the highest monthly losses in Q1 overall at $133 million.

The recent $62 million exploit of the Blast-based NFT game Munchables added to the total losses, marking the second-largest attack.

Nevertheless, while scammers have been actively filling their pockets with users’ funds, the industry has since implemented measures to recover these funds.

A Recovery From Crypto Hacks and Scams
Immunefi reports that over $73.9 million, or 22% of the total funds in Q1, were recovered from seven exploits. A significant portion came from the Munchables hack, with the NFT game recovering over $62 million from the exploit.

The web3 bug bounty platform also noted that the number of attacks, in contrast to last year, has also dropped a significant amount from 74 in Q1 2023 to 61 in Q1 this year, a 17.6% drop. Additionally, the $336.3 million in losses this year represents a 23% decrease compared to last year’s $437 million in the same quarter.

Not Users But Platforms to Blame
Another interesting finding Immunefi reported is that most of the losses weren’t due to user error, such as clicking on shady links or participating in unnecessary rug pulls. Instead, the ecosystem suffered due to protocol infrastructure lacking the necessary strength to counteract hacks.

Immunefi founder and CEO Mitchell Amador emphasized. “The ecosystem witnessed a considerable volume of losses due to private key compromises, emphasizing the critical need to secure both code and protocol infrastructure.”


Leave a Reply

Your email address will not be published. Required fields are marked *

Chatbot AI D2