The number of attacks in crypto and DeFi increased during Q2, compared to the same period last year, yet the total amount of funds stolen was smaller.
That’s according to a new report compiled by web3-focused bug bounty platform Immunefi, which assessed the volume of crypto funds lost by the community due to hacks and scams in the quarter.
While Immunefi said the total number of attacks spiked 65.3% year-over-year from 49 to 81 incidents in Q2, and 11% quarter-over-quarter, total losses decreased by 60.4% compared to the same period in 2022.
Total losses for the quarter amounted to around $265.5 million, contributing to over $702 million in losses year-to-date. Some 49.7% of the losses can be attributed to the hack on the non-custodial Atomic Wallet in June — linked to the North Korean state-backed Lazarus Group — and an exit scam at now-defunct blockchain financial platform Fintoch in May, losing $100 million and $31.6 million, respectively.
Hacks accounted for the majority of losses in Q2, making up 83.1%, while frauds, scams and rug pulls represented 16.9% of the losses. However, of the overall funds lost, losses from hacks were down 66.4% and frauds, scams and rug pulls were up 225.4% compared to Q2 2022.
“We have witnessed a considerable increase in rug pulls, both in terms of stolen funds and the number of incidents,” Immunefi CEO Mitchell Amador said in the report. “As bad actors continue to expand their malicious activities and employ increasingly sophisticated scams, users must thoroughly assess projects.”
Most targeted chains
BNB Chain and Ethereum were the most targeted chains in Q2. BNB Chain experienced 36 incidents, representing 44.4% of losses, while Ethereum witnessed 26, representing 32.1%.
Notably, Arbitrum, which had no incidents in Q2 2022, experienced a significant rise in targeted attacks, with 10 major incidents in Q2 this year. Arbitrum is now the third most targeted blockchain for two consecutive quarters, with 18 incidents year-to-date. Polygon and zkSync had two incidents each.
DeFi platforms remained the primary target for exploits in Q2, accounting for 86.1% of the total losses ($228.5 million). Centralized crypto platforms, represented 13.9% of the losses ($37 million).
In total, $10.5 million has been recovered in stolen funds from eight incidents. However, this represents only 3.9% of the total losses in Q2, highlighting the challenges in reclaiming stolen crypto assets.
Not as bad as 2022
Immunefi claims to have paid out more than $80 million in bounties and saved over $25 billion in user funds across protocols like Chainlink, The Graph, Synthetix and MakerDAO. The highest bounty facilitated by Immunefi was a $10 million award for a vulnerability discovered in Wormhole’s cross-chain messaging protocol.
In March, Immunefi identified Ethereum as white hat hackers’ blockchain of choice, followed by Solana, Avalanche, Cosmos and Tezos.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.