Crypto Exploits Rise in Q2 But Black Hat Hackers Lose Out

The number of crypto exploits in the second quarter of 2023 rose by 65.3% compared to the same period last year. Surging from 49 to 81 incidents, according to a new report from software firm Immunefi. Additionally, there was an 11% increase in incidents compared to the previous quarter.

However, despite the rise in attacks, the total monetary amount lost fell by 60.4% compared to Q2 2022. The losses amounted to $265,481,519. So far this year, the ecosystem has experienced a total loss exceeding $702 million.

More Crypto Exploits, But Smaller Losses

Immunefi, a bug bounty platform, assessed all known exploits and rug pulls to determine the losses incurred this quarter. Its report shows that, as in other periods, the quarter was dominated by a few major exploits.  

In this case, the hacking of Atomic Wallet and Fintoch accounted for 49.6% of all losses in Q2. Representing a colossal $131,600,000 in missing funds.

In the case of Atomic Wallet, a non-custodial decentralized platform, the North Korean organization Lazarus Group stole tokens worth $100 million on June 3.

On May 23, Fintoch performed a rug pull and locked out users from their own funds. In total, $31.6 million was taken and transferred to other blockchains, including Tron (TRX) and Ethereum (ETH).

In Q2 2023, hacks continued to be the predominant cause of losses at 83.1% of all incidents. Compared to frauds, scams, and rug pulls, which amounted to only 16.9% of the total losses.

BNB Chain and Ethereum accounted for over half (76.5%) of the chain losses in Q2 2023. Arbitrum ranked third, with 10 incidents, representing 12.1% of the total losses across chains.

Projects Must Refocus on Security

“Despite the increase in the number of attacks, the individual losses per attack have generally been smaller,” Mitchell Amador, founder and CEO of Immunefi, told BeInCrypto.

“A single successful hack on a major protocol can result in a massive amount of funds being put at risk, leading to a high volume of total losses. However, we haven’t witnessed a high number of reports of such large-scale breaches occurring, as seen in the previous period where the top 3 losses alone totaled $372 million,” Amador added.

Even so, the bear market and tighter budgets may have shifted priorities within Web3 projects, causing security concerns to be less of a top concern.

“This shift can result in a flawed or nonexistent, effective security stack,” stated Amador.

“Aspects such as code auditing, setting up a bug bounty program, and establishing an in-house security team may take a backseat to other pressing concerns. [Meanwhile] the blackhat community continues to grow and act from a position of greater strength.”