We do the research, you get the alpha!
Crypto bug bounty platform Immunefi estimates $509 million was lost to hacks and fraud during Q2, a 91% increase from the same time last year.
The report noted that in May 2024, the industry experienced its highest losses to date, amounting to $107 million. In contrast, June saw a decrease in losses to $78 million across 12 different scenarios, marking a 27% decrease the $107 million lost in June 2023.
Japanese centralized exchange DMM Bitcoin suffered the most during this quarter. The exchange lost a whopping $305 million to hackers, but it has since put measures in place to reimburse customers.
Others, like BtcTurk, Hedgey, Lykke, Gala Games, and SonneFinance, had their fair share of exploits. Their losses totaled $164.2 million.
Centralized crypto financial institutions were the most targeted, accounting for two-thirds of successful attacks, according to the Immunefi report.
Grace Dees, a cybersecurity business analyst at Resonance Security, told Decrypt that hackers often target centralized entities because they are more susceptible to hacks due to their extensive asset pools and centralized storage.
“Firstly, CEFi entities often manage larger pools of assets compared to DeFi platforms. This makes them more lucrative targets for hackers looking to maximize their returns from a single attack,” she said.
Dees added that centralized entities are alluring targets for hackers because they use centralized repositories, wallets, private key management, and security measures.
"This centralization can create single points of failure," she added, "making it potentially easier for hackers to access a significant amount of funds through a single breach."
Dees also said that the side effect of regulatory scrutiny on DeFi platforms—not that centralized players have been spared—means they've had to implement much stricter security measures. That might make them more difficult targets for exploits, she added.
Ethereum was the most exploited chain in the quarter, followed by the BNB chain and Arbitrum, which represented 44.4%, 25%, and 5.6%, respectively, according to the Immunefi report.
When asked why Ethereum is being targeted the most, Jonah Michaels, Comms Lead at Immunefi, explained that Ethereum is the main hub for DeFi activity and currently has the highest amount of funds locked within its ecosystem.
Consequently, it is the primary target for hackers, who can exploit numerous protocols at a large scale for significant gains. Additionally, Ethereum is linked to major privacy chains and technologies, which hackers exploit to quickly launder stolen funds.
In essence, criminals tend to focus on platforms with the most capital and potential victims, which in the cryptocurrency space is primarily Ethereum.
In total, $26,736,000 has been recovered from stolen funds in four specific situations. This amount represents 5% of the total losses in Q2 2024.
Edited by Stacy Elliott.