A report by web3 security firm CertiK has revealed that crypto users lost a combined $28 million to an assortment of exploits, hacks, and scams in January.
According to the report, the industry lost approximately $10.2 million to exit scams and another $762,000 to flash loan attacks.
$26.9 million was lost in major incidents
The report shows attackers targeted decentralized finance (DeFi) protocols and individual wallets, stealing a total of $26.9 million in major reported incidents since the beginning of the year.
The biggest victim was the DeFi lender LendHub, which lost $5.4 million in a Jan. 12 hack.
According to the company, hackers exploited a vulnerability caused by a discrepancy between the prices of two IBSV ctokens, one of which had replaced the other on the platform.
Major incidents in January 2023. Source: CertiK
The CertiK report also indicated that hackers stole $3.53 million from a GMX whale address. In the incident, the attackers took control of more than 80K GMX tokens and later exchanged them for about 2,600 ETH before transferring the funds to the Ethereum network using the Hop and Across protocols.
Another individual targeted in the January attacks was Bitcoin Core developer Luke Dashjir.
The renowned programmer lost over 216 bitcoins (BTC) on New Year’s Eve to a hacker who reportedly compromised Dashjir’s PGP (pretty good privacy) key. According to media reports, the hacker moved Dashjir’s BTC, valued at about $3.5 million, into a single address in four separate transactions.
More than $700k lost to flash loan attacks
The CertiK report also listed the top five flash loan attacks, which led to the loss of nearly $600,000 worth of digital assets.
Top 5 flash loan attacks. Source: CertiK
The biggest victim of flash loan attacks in the year to date (YTD) is the BRA token, which, according to the CertiK report, lost $237,000. The attack happened on Jan. 10, when an attacker exploited a vulnerability caused by a logic flaw in the BRA smart contract.
Other platforms that suffered such attacks include the GDS Chain, Roe Finance, and Nereus Finance. In total, the crypto sector lost about $762,000 to flash loan attacks in January.
Exit scams are on the rise
Crypto users also lost a lot of money through exit scams. CertiK said the total loss attributable to exit scams in the year so far amounted to $10.22 million.
Some scammers included FUT, Yield Robot, First Free Finance, and PICC. Together, the four fake projects stole more than $6 million of investor funds.
The FUT incident was the first significant exit scam of 2023. It happened on Jan. 4 and led to a loss of about $2.58 million attributable to the FUT deployer.
On its part, Yield Robot was a DeFi platform that purportedly traded several cryptocurrencies and non-fungible tokens (NFTs), generating a daily ROI of 2%.
A review of the project by the crypto-scam-detecting website TBBOB showed it had all the hallmarks of a scam. Indeed, the just-released CertiK report indicates the platform made off with $2.1 million of user funds.