Crypto losses from hacks and scams more than doubled in the second quarter of 2024 compared to the same period in the previous year, according to research from blockchain security platform Immunefi. Over $572 million was lost in Q2, compared to only $220 million in Q2 2023. Centralized exchange hacks made up the bulk of the losses in the quarter.
Increase in Losses After Initial Decline
Before the second quarter, losses from hacks and scams had been declining. Immunefi reported a 23% reduction in Q1, with the decline continuing through April and most of May. However, losses dramatically increased at the end of May and June.
The biggest single loss in the second quarter was from the May 31 private key hack of crypto exchange DMM, which drained $305 million worth of Bitcoin from the exchange. An additional $55 million of losses came from the BtcTurk hack on June 22. Together, these top two hacks accounted for more than 62% of total losses for the quarter.
Impact on Centralized and Decentralized Protocols
Centralized protocols and exchanges suffered approximately $401 million in losses during the quarter, representing 70% of the total. However, the number of successful attacks against these targets was a very small percentage of the total, with only five attacks against centralized protocols succeeding. In contrast, there were a total of 62 incidents of successful exploits or scams involving decentralized protocols.
Decentralized finance protocols suffered $171 million of losses during the quarter, a 25% decrease from Q2 2023. Ethereum and the BNB Smart Chain continued to be the top two networks targeted by scammers and hackers, accounting for 71% of total losses. However, evidence suggests that Ethereum layer 2s may be gaining popularity with malicious actors. Arbitrum was the third most targeted network, suffering four incidents and having losses making up 5.5% of the total. Blast and Optimism had three incidents each. All other networks had no more than one incident, collectively comprising 15% of total losses.
Importance of Centralized Exchange Security
In the report, Immunefi founder Mitchell Amador highlighted the importance of the security of centralized exchange infrastructure, stating:
“This quarter highlights how infrastructure compromises can be the most devastating hacks in crypto, as a single compromise can lead to millions in damages. This was evident during this quarter, where losses surged primarily due to hacks targeting CeFi infrastructure, surpassing DeFi, despite a smaller number of hacks in that sector. Robust measures to safeguard the entirety of the ecosystem are crucial.”
Recovery of Some Stolen Funds
Some of the funds stolen in the second quarter were later recovered by security researchers. For example, the attacker who exploited the Gala Games protocol returned nearly all of the funds. Reports suggested that the attacker had connected to his wallet without a virtual private network, exposing his IP address and leaving him open to potential prosecution, although this was never confirmed.
Additionally, Alex Labs, Bloom, and Yolo Games recovered most of the funds lost from their exploits, according to Immunefi. The report stated that these recovered funds represented 5% of the amount lost in the quarter.
Summary
- Crypto losses from hacks and scams soared to $572 million in Q2 2024, a 113% increase from Q2 2023.
- Centralized exchange hacks accounted for the majority of losses, with significant incidents involving DMM and BtcTurk.
- Decentralized finance protocols saw a decrease in losses, but centralized exchanges experienced substantial hits.
- Ethereum and BNB Smart Chain were the most targeted networks, though Ethereum layer 2s are becoming more popular with hackers.
- Some stolen funds were recovered by security researchers, emphasizing the ongoing efforts to mitigate such losses in the crypto ecosystem.