Crypto industry lost $572.7m to hacks and scams in Q2
In the second quarter of 2024, a total of $572.7 million in crypto was lost across 72 incidents due to hacks and scams. Centralized finance platforms were the primary targets of these breaches.
These losses marks a 70.3% increase from the $336.3 million lost in Q1 and a staggering 112% rise compared to Q2 2023 when $265.5 million was stolen, according to a recent report from Immunefi, a Web3 bug bounty and security services platform.
Over $900 million has been lost to these illicit activities year-to-date, a 24% increase from the same period last year.
Immunefi’s data highlights a shift in targets. In Q2, centralized finance (CeFi) platforms bore the brunt of the attacks, accounting for 70% ($401.4 million) of the losses. In contrast, decentralized finance (DeFi) platforms accounted for 30% ($171.3 million) of the quarter’s losses. This marks a change from Q1, where DeFi platforms were the sole targets of identified exploits.
The losses from hacks and scams amounted to $572.7 million.
Large hacks
The two most prominent exploits in Q2 contributed significantly to the total losses, with Japanese cryptocurrency trading platform DMM Bitcoin losing $305 million and Turkish crypto exchange BtcTurk losing $55 million on June 23.
These incidents alone accounted for 62.8% of the total losses. May 2024 saw the highest monthly losses in the quarter, totaling $358.5 million.
Mitchell Amador, founder and CEO of Immunefi, emphasized the severity of infrastructure compromises, stating, “This quarter highlights how infrastructure compromises can be the most devastating hacks in crypto, as a single compromise can lead to millions in damages.”
He stressed the need for robust security measures to protect the entire ecosystem.
Why this happened
Centralized finance platforms, which manage substantial asset pools, have become major targets due to their central repositories and security weaknesses — making them susceptible to hacks.
These platforms are also growing in value, and the value of Web3 protocols, particularly Ethereum (ETH), has attracted hackers seeking easy money.
Hacks were the dominant form of loss, accounting for 98.5% ($564.2 million) of the total across 53 incidents.
The DMM Bitcoin incident and similar infrastructure breaches have led to significant losses. DeFi platforms have improved their security measures in response to regulatory scrutiny, but CeFi entities are still vulnerable to cyberattacks, presenting opportunities for malicious actors.
Fraud, scams, and rug pulls accounted for only 1.5% ($8.5 million) over 19 incidents. Ethereum and BNB Chain were the most targeted networks, with Ethereum accounting for 44.4% of the exploits, followed by BNB Chain and Arbitrum at 5.6%.
The heightened regulatory scrutiny on DeFi platforms has forced them to implement stricter security measures, potentially making them more challenging targets for exploits.
In total, $26.7 million has been recovered from stolen funds in four specific situations, representing only 5% of the total losses in Q2 2024.