Micha Brändli (unsplash)
According to a recent report from Immunefi, the past year saw an escalation in the effort of hackers to exploit cryptocurrency projects, with DeFi platforms being their primary target. The bug bounty platform, Immunefi, compiled data indicating a 63% surge in overall blockchain-related hack incidents in the second quarter of 2023 compared to the same timeframe the previous year.
While there was a decrease in total losses by 60% from the previous year, Immunefi’s report showed a concerning increase of 65% in the overall number of hacks. The report further indicated a striking 225% surge in losses due to fraudulent activities.
DeFi platforms were the predominant victims of these attacks, with a recorded loss of $228 million in the second quarter across 79 separate incidents. On the other hand, the losses experienced by centralized platforms were significantly lower at $37 million, distributed across only two incidents.
Immunefi’s report identified two specific incidents as the primary sources of the crypto losses. On June 3, Atomic Wallet, a self-custodial decentralized wallet, experienced a hack resulting in a loss of $100 million in cryptocurrency. The hack, allegedly perpetrated by the Lazarus Group linked to North Korea, impacted fewer than 0.1% of the Atomic Wallet’s users. However, the Atomic Wallet team did not confirm the group’s responsibility for the attack.
Another significant loss occurred on May 23, with the demise of the Fintoch platform, which ran off with nearly $32 million of user funds. The funds had been accumulated from users who had been promised a daily interest of 1% on their investment. This fraudulent activity, commonly referred to as a rugpull, was exposed by ZachXBT, a known blockchain detective on Twitter.
The report by Immunefi additionally identified that some chains were more prone to attacks than others. BNB Chain and Ethereum experienced 77% of all losses in the last quarter, followed by Arbitrum with 12%. This spike in attacks on Arbitrum was particularly noteworthy, given that it had experienced no incidents at all during the same period the previous year.
Neither Arbitrum nor Binance responded to Decrypt’s requests for comment.