Crypto bug bounty platform Immunefi estimates $509 million was lost to hacks and fraud during Q2, a 91% increase from the same time last year.
The report noted that in May 2024, the industry experienced its highest losses to date, amounting to $107 million. In contrast, June saw a decrease in losses to $78 million across 12 different scenarios, marking a 27% decrease the $107 million lost in June 2023.
Japanese centralized exchange DMM Bitcoin suffered the most during this quarter. The exchange lost a whopping $305 million to hackers, but it has since put measures in place to reimburse customers.
Others, like BtcTurk, Hedgey, Lykke, Gala Games, and SonneFinance, had their fair share of exploits. Their losses totaled $164.2 million.
Japanese Exchange DMM Bitcoin Hacked for $308 Million
Japanese crypto exchange DMM Bitcoin announced on Friday that over $300 million worth of Bitcoin was stolen from its primary wallet, in what appears to be one of the digital asset industry’s largest hacks in years. Around 1:30 pm local time, the company said, it noticed that some 4,503 BTC—worth about $308 million at the time—”illegally leaked” from its wallet. DMM has not yet given further explanation as to how the apparent hack was carried out, but said it was investigating the matter and had...
Centralized crypto financial institutions were the most targeted, accounting for two-thirds of successful attacks, according to the Immunefi report.
Grace Dees, a cybersecurity business analyst at Resonance Security, told Decrypt that hackers often target centralized entities because they are more susceptible to hacks due to their extensive asset pools and centralized storage.
“Firstly, CEFi entities often manage larger pools of assets compared to DeFi platforms. This makes them more lucrative targets for hackers looking to maximize their returns from a single attack,” she said.
Dees added that centralized entities are alluring targets for hackers because they use centralized repositories, wallets, private key management, and security measures.
"This centralization can create single points of failure," she added, "making it potentially easier for hackers to access a significant amount of funds through a single breach."
Ethereum Giant Uniswap Is Getting Hit With an SEC Lawsuit, Company Warns
The United States Securities and Exchange Commission (SEC) has sent a Wells notice to Uniswap Labs, the company said Wednesday, warning the firm behind the Ethereum decentralized exchange (DEX) that it will face a lawsuit over securities charges. "I’m not surprised. Just annoyed, disappointed, and ready to fight," tweeted Uniswap founder Hayden Adams. "I am confident that the products we offer are legal and that our work is on the right side of history." "But it’s been clear for a while that rat...
Dees also said that the side effect of regulatory scrutiny on DeFi platforms—not that centralized players have been spared—means they've had to implement much stricter security measures. That might make them more difficult targets for exploits, she added.
Ethereum was the most exploited chain in the quarter, followed by the BNB chain and Arbitrum, which represented 44.4%, 25%, and 5.6%, respectively, according to the Immunefi report.
Ethereum DeFi Projects Still Favorite Target for Hackers, But Stolen Funds Down 28% in May: Immunefi
Hackers were unsuccessful in exploiting any major centralized entity in May, while DeFi protocols witnessed a downtick in losses occurring from hacks and frauds, according to a report from bug bounty platform Immunefi. $52.4 million was stolen from DeFi investors in May due to hacks and frauds. This represents a 12% decrease in the amount lost from the same period in the prior year. Moreover, it is a sharp decline of 28% from April this year. In total, there were 21 incidents involving investor...
When asked why Ethereum is being targeted the most, Jonah Michaels, Comms Lead at Immunefi, explained that Ethereum is the main hub for DeFi activity and currently has the highest amount of funds locked within its ecosystem.
Consequently, it is the primary target for hackers, who can exploit numerous protocols at a large scale for significant gains. Additionally, Ethereum is linked to major privacy chains and technologies, which hackers exploit to quickly launder stolen funds.
In essence, criminals tend to focus on platforms with the most capital and potential victims, which in the cryptocurrency space is primarily Ethereum.
In total, $26,736,000 has been recovered from stolen funds in four specific situations. This amount represents 5% of the total losses in Q2 2024.
Edited by Stacy Elliott.
