- In Q2 2024, crypto-related losses from hacks and scams topped $572 million, more than doubling from $220 million in the same period last year.
- The majority of the quarter’s losses stemmed from centralized exchange hacks, with two major incidents accounting for over 62% of the total losses.
- Despite a general decline in crypto hacks in early Q2, a spike in incidents in late May and June reversed the trend, according to Immunefi.
The cryptocurrency industry saw losses due to hacks and scams more than double in the second quarter of 2024, soaring to over $572 million from $220 million during the same timeframe in 2023, as reported by blockchain security firm Immunefi. The spike in losses was largely attributed to two major hacks. The first, a devastating $305 million Bitcoin theft at DMM, occurred on May 31 due to a private key compromise, making it the largest single incident of the quarter. Another significant breach was the $55 million loss from the BtcTurk hack on June 22. Together, these events contributed to the majority of the quarter’s financial damage.
Centralized exchanges bore the brunt of the quarter’s financial damages, with approximately $401 million lost, representing 70% of the total losses. Despite this, the actual number of successful attacks on centralized protocols was relatively low, with only five incidents recorded. In contrast, decentralized protocols experienced 62 successful exploits or scams, although their total losses were significantly lower at $171 million, marking a 25% decrease from the previous year.
Ethereum and BNB as the Main Targets
Ethereum and BNB Smart Chain were the primary targets for these cyberattacks, constituting 71% of the total losses. Emerging trends indicate that Ethereum layer 2 solutions like Arbitrum are also increasingly vulnerable, experiencing four significant incidents that contributed to 5.5% of the total losses.
Mitchell Amador, founder of Immunefi, highlighted the critical importance of securing infrastructure within centralized exchanges. He noted that while decentralized finance (DeFi) faced more incidents, the catastrophic financial impact of centralized finance (CeFi) infrastructure breaches was far more substantial.
Interestingly, some recovery of stolen funds was achieved. Notably, the Gala Games attacker returned almost all the stolen funds after potentially exposing his IP address by not using a VPN. Additionally, entities like Alex Labs, Bloom, and Yolo Games successfully reclaimed most of their compromised funds, collectively accounting for 5% of the quarter’s total losses.
