In the second quarter of 2024, the losses incurred from crypto hacks and scams saw a significant upsurge, more than doubling in comparison to the corresponding period in the previous year. Research conducted by blockchain security platform Immunefi reveals that over $572 million was lost during Q2, compared to a mere $220 million in Q2 of 2023. The primary contributor to these losses was hacks on centralized exchanges.
Before the onset of the second quarter, there had been a decreasing trend in losses from hacks and scams, with Immunefi reporting a 23% reduction in Q1. This downward trajectory persisted through April and most of May; however, the scenario took a drastic turn towards the end of May and June, leading to a sharp increase in losses.
Among all the incidents, the most significant loss in the second quarter stemmed from the private key hack of the crypto exchange DMM on May 31, resulting in the draining of $305 million worth of Bitcoin (BTC) from the exchange. Another substantial loss amounting to $55 million was attributed to the BtcTurk hack on June 22. Together, these two prominent breaches accounted for more than 62% of the total losses incurred during the quarter.
Even though centralized protocols and exchanges bore the brunt by suffering approximately $401 million in losses, constituting 70% of the total, the number of successful attacks on these targets was relatively low. Only five attacks against centralized protocols proved successful, whereas there were a total of 62 incidents involving successful exploits or scams related to decentralized protocols.
Decentralized finance protocols faced losses amounting to $171 million during the quarter, marking a 25% decrease from Q2 2023. Ethereum and the BNB Smart Chain remained the prime targets for malicious activities, representing 71% of the overall losses. However, indications suggest an emerging interest in Ethereum layer 2s by malicious entities. Arbitrum was the third most targeted network, reporting four incidents and contributing to 5.5% of the total losses. Additionally, Blast and Optimism each experienced three incidents, while all other networks encountered no more than one incident, collectively comprising 15% of the total losses.
Immunefi founder Mitchell Amador, in the report, emphasized the crucial importance of securing centralized exchange infrastructure, highlighting the substantial lessons learned from the losses incurred throughout the quarter. Despite the grim scenario, some solace was found as certain funds stolen during the quarter were later recovered by security researchers. For instance, the attacker who exploited the Gala Games protocol returned a major portion of the pilfered funds, showcasing a positive development in combating such breaches. Likewise, it was noted that Alex Labs, Bloom, and Yolo Games managed to reclaim most of the funds lost from their exploits, accounting for 5% of the total losses recovered in the quarter.
In conclusion, the second quarter of 2024 witnessed a significant surge in crypto losses from hacks and scams, predominantly impacting centralized exchanges. The recovery of some stolen funds serves as a beacon of hope amidst the challenges posed by malicious activities in the crypto space.