Losses from scams and exploits surged in the second quarter as centralized exchanges lost millions, marking a reversal from a previous decline.
According to blockchain security platform Immunefi research, crypto investors lost over $572 million in the second quarter of this year, compared to just $220 million in the second quarter of 2023. Most of these losses were due to hacks on centralized exchanges.
Before the second quarter, losses from hacks and scams were decreasing. Immunefi reported a 23% drop in the first quarter. The downward trend continued through April and most of May, but losses surged dramatically at the end of May and June.
Hacks Linked to Exchanges
So far, the largest single loss in the second quarter occurred on May 31 when a private key hack targeted the crypto exchange DMM, resulting in $305 million worth of bitcoin stolen from the platform.
The hacks and scams affected many exchanges. For instance, the BtcTurk hack on June 22 resulted in an additional $55 million in losses. According to the report, these two major hacks combined accounted for over 62% of the total losses for the quarter.
Centralized protocols and exchanges lost around $401 million during the quarter, making up 70% of the total losses, while decentralized protocols lost approximately $171 million, amounting to a 25% decrease from Q2 2023.
Research revealed that Ethereum and the BNB Smart Chain remained the top two targets for scammers and hackers, accounting for 71% of the total losses. However, there are signs that Ethereum layer 2 networks are becoming more popular with malicious actors. Arbitrum was the third most targeted network, experiencing four incidents and accounting for 5.5% of the total losses. Blast and Optimism each had three incidents. Other networks experienced no more than one incident each, accounting for 15% of the total losses.
According to the report, Immunefi founder Mitchell Amador emphasized that this quarter’s losses underscore the critical importance of securing centralized exchange infrastructure.
“This quarter highlights how infrastructure compromises can be the most devastating hacks in crypto, as a single compromise can lead to millions in damages. This was evident during this quarter, where losses surged primarily due to hacks targeting CeFi infrastructure, surpassing DeFi, despite a smaller number of hacks in that sector. Robust measures to safeguard the entirety of the ecosystem are crucial,” Amador stated.
Recovery of Stolen Funds
During the second quarter, security researchers recovered some of the stolen funds. For instance, the attacker who exploited the Gala Games protocol returned nearly all of the funds.
Some reports claimed that the attacker accessed his wallet without using a virtual private network (VPN), exposing his IP address and potentially making him vulnerable to prosecution, although this was never officially confirmed.
In addition, according to Immunefi, Alex Labs, Bloom, and Yolo Games successfully recovered most of the funds lost from their exploits. The report indicated that these recovered funds accounted for 5% of the total losses in the quarter.
