Crypto losses from hacks and scams more than doubled in the second quarter of 2024 compared to the same period the previous year, according to research from blockchain security platform Immunefi.
Over $572 million was lost in Q2, compared to only $220 million in Q2 of 2023. Centralized exchange hacks made up the bulk of the losses in the quarter.
Prior to the second quarter, losses from hacks and scams had been declining, with Immunefi reporting a 23% reduction in Q1. This decline continued through April and most of May, but losses dramatically increased at the end of May and June.
The biggest single loss in the second quarter was from the May 31 private key hack of crypto exchange DMM, which drained $305 million worth of Bitcoin (BTC) from the exchange.
An additional $55 million of losses came from the BtcTurk hack on June 22. Together, these top two hacks accounted for more than 62% of total losses for the quarter, the report stated.
Related: Japanese exchange DMM loses $305M in Bitcoin via private key hack
Centralized protocols and exchanges suffered approximately $401 million in losses during the quarter, representing 70% of the total.
However, the number of successful attacks against these targets was a very small percentage of the total. Only five attacks against centralized protocols succeeded, whereas there were a total of 62 incidents of successful exploits or scams involving decentralized protocols.
Decentralized finance protocols suffered $171 million of losses during the quarter, a 25% decrease fro Q2 2023.
Ethereum and the BNB Smart Chain continued to be the top two networks targeted by scammers and hackers, accounting for 71% of total losses.
However, some evidence suggests that Ethereum layer 2s may be gaining in popularity with malicious persons. Arbitrum was the third most targeted network, suffering four incidents and having losses making up 5.5% of the total. Blast and Optimism had three incidents each. All other networks had no more than one incident, collectively comprising 15% of total losses.
In the report, Immunefi founder Mitchell Amador claimed that this quarter’s losses are a sobering reminder of how important the security of centralized exchange infrastructure is, stating:
“This quarter highlights how infrastructure compromises can be the most devastating hacks in crypto, as a single compromise can lead to millions in damages. This was evident during this quarter, where losses surged primarily due to hacks targeting CeFi infrastructure, surpassing DeFi, despite a smaller number of hacks in that sector. Robust measures to safeguard the entirety of the ecosystem are crucial.”
Some of the funds stolen in the second quarter were later recovered by security researchers. For example, the attacker who exploited the Gala Games protocol returned nearly all of the funds. Some reports suggested that the attacker had connected to his wallet without a virtual private network, exposing his IP address and leaving him open to potential prosecution, although this was never confirmed.
Alex Labs, Bloom, and Yolo Games also recovered most of the funds lost from their exploits, according to Immunefi. The report stated that these recovered funds represented 5% of the amount lost in the quarter.
Magazine: Polkadot’s Indy 500 driver Conor Daly: ‘My dad holds DOT, how mad is that?’