According to the latest report from web3 bug bounty and security services platform Immunefi, the cryptocurrency industry has lost $572.7 million due to 72 hacks and frauds so far in the second quarter of this year.
The losses represent a 70.3% increase from the $336.3 million worth of exploits in the first quarter, and a 112% increase from the second quarter of 2023, when hackers and fraudsters stole $265.5 million. More than $900 million has been stolen through hacks and fraud so far this year, up 24% from the same period last year, according to Immunefi data.
With a total value locked in the web3 protocol of nearly $100 billion, decentralized finance remains a key target for hackers, accounting for 100% of the exploits identified by Immunefi in the first quarter, according to DeFiLlama data. However, central finance became the main target in the second quarter, accounting for 70% ($401.4 million) of losses in the quarter, while DeFi’s losses were only 30% ($171.3 million).
The majority of losses were caused by two exploits, accounting for $360 million or 62.8% of total losses. The largest attack was a $305 million attack on Japanese cryptocurrency trading platform DMM Bitcoin, with an additional $55 million stolen from Turkish cryptocurrency exchange BtcTurk on June 23.
May had the highest monthly loss of the entire second quarter at $358.5 million. A total of $28.7 million (5%) of stolen funds in Q2 was recovered from four exploits: Bloom, ALEX Lab, Gala Games, and YOLO Games.
“This quarter highlights how infrastructure compromises can be the most destructive hacks in the crypto space, as a single compromise can result in millions of dollars in losses,” said Mitchell Amador, Immunefi Founder and CEO. “This quarter, it was clear that CeFi infrastructure hacks outperformed DeFi in terms of losses, despite the lower number of hacks in that sector. It is important to take robust measures to protect the entire ecosystem.”
Hacks dominate fraud on the Ethereum and BNB chains, which are the most targeted networks.
In Q2, hacking was the largest source of losses, accounting for 98.5% of total losses ($564.2 million) across 53 incidents, while fraud, deception and misrepresentation accounted for just 1.5% ($8.5 million) across 19 specific incidents.
Ethereum and BNB Chain were again the most targeted networks, similar to the first quarter. Ethereum suffered the most, accounting for 46.6% of chain losses with 34 individual attacks, while the BNB chain accounted for 24.7% with 18 incidents. Arbitrum, Blast, Optimism, Solana, Polygon, Fantom, Linea, Mantle, and TON made up the rest of the case.
Earlier this month, Immunefi surpassed $100 million in payments to ethical hackers and researchers, paid out for over 3,000 bug bounty reports over three years.
Immunefi operates the largest blockchain security community with over 45,000 researchers, claiming to save over $25 billion in user funds from theft across protocols such as Polygon, Optimism, Chainlink, The Graph, Synthetix, and MakerDAO.
Immunefi’s highest white hat hacker bounty was $10 million for a vulnerability discovered in Wormhole’s cross-chain protocol.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.