As if the pessimism around crypto wasn’t enough, the industry has historically been hounded by hackers and scammers looking to make a quick buck. To make things worse, it appears tracing and recovering lost funds is now getting harder than ever as attackers use increasingly sophisticated methods.
According to a new report, only $4.9 million was recovered of the $204.3 million the industry lost to hacks, scams and rug pulls in Q2 2023, and that was significantly less than the $6.9 million recovered in Q2 2022. However, the good news is that losses in the second quarter were 55% narrower than in Q1 2023, when the industry lost a whopping $462.3 million to hacks and scams, with the Euler Finance flash loan attack accounting for 42.4% of the first quarter’s losses, REKT’s database showed.
The report, by web3 “super app” and antivirus solution De.Fi with supporting data from the REKT database, detailed that so far this year, the industry had recovered about $183 million, or nearly 28% of the $666.5 million lost to scams and hacks.
Image Credits: De.Fi, REKT
Q2 saw over 100 exploits
This quarter had 110 recorded cases of “scams, exploits or unintended losses,” the report stated. The three biggest cases were the Atomic Wallet breach at $35 million, Fintoch at $31.6 million for its alleged Ponzi scheme, and the exploit of a vulnerability in MEV Boost’s software that led it to lose $26.1 million. These three accounted for a combined $92.8 million, almost half of the total losses in the quarter.
The report also found that exploits and rug pulls accounted for $55.3 million and $47.3 million, respectively, in Q2, highlighting that risks and bad actors are “rampant in equal measure.” Rug pulls are scams where creators hype up projects to attract capital, then shut it down or disappear with the funds.
As for where these losses are transpiring, there’s a heavy tilt toward two major blockchains: BNB Smart Chain and Ethereum. Both continue to be a “hotspot for fraudulent activities,” with the “trophy” being held by BNB Smart Chain with 65 cases. Ethereum had just 25 cases in the second quarter. Ethereum, though, is much bigger and reported losses of $82.5 million, whereas BNB Smart Chain (BSC), created by crypto exchange Binance, recorded $57.8 million.
Issues related to access control accounted for more than a quarter of all losses, $75.8 million, highlighting the prevalent vulnerabilities in both centralized and decentralized finance, “as well as the urgency for stronger security measures,” the report said.
While the industry saw more variety in exploits this quarter, rug pulls still accounted for the most number of scams, with 55 cases.
The need for improved security in web3 isn’t a new issue, as it has frequently been overlooked in favor of speed and growth. We have a growing number of sophisticated web3 security firms that can protect individual traders, startups and conglomerates, but protecting funds, platforms and protocols isn’t always easy or given enough importance in the industry.
Looking to the second half of 2023, I expect these crypto losses to continue to rise at a comparable level as more investors, founders and builders enter the space, providing more opportunities for bad actors. Without a major, industrywide push to emphasize protective measures and shake out bad actors, this problem won’t be fixed.