There has been many ups and downs in the market so far. The industry saw nearly $2 billion lost to scams, rug pulls, and hacks in 2023. 

Let’s talk numbers. 

The biggest blockchain regarding active users and value-locked – Ethereum lost the most money. There has been 170 incidents and around $1.35 billion was lost. The biggest hit of all of them was a $230 million attack on Multichain in July. 

BNB Chain wasn’t far behind, there has been $110.12 million lost with 213 incidents! 

Centralized platforms weren’t safe either, losing about $256 million across seven cases. The biggest incident was a $122 million attack on Poloniex in November. It’s clear that both decentralized and centralized platforms have their vulnerabilities. None of them were completely safe.

So, how are these incidents happening? 

The top method has been access control exploits.

Attackers look for weaknesses in permissions and access rights.Then unauthorized access to funds come into place. This method caused over $852 million loss overall.

Next, we have flash-loan attacks, leading to $275 million lost over 36 cases.

These attacks exploit the un-collateralized loan feature in DeFi. Attackers borrow large amounts of crypto without upfront capital. They then manipulate market prices and exploit DeFi vulnerabilities.

Lastly, exit scams accounted for $136 million over 263 cases. And what are those? Rogue developers drain all liquidity from a token they issued or vanish after raising money from people. 

I am sure you have seen many of them if you have been involved in the space. They are everywhere.

And the good news here – is that the recovery rate of lost funds improved significantly. It has became around 10%, up from just 2% in 2022.

Hackers are still finding ways to exploit vulnerabilities. Let’s break down what happened in the first quarter this year. The most common attack vector has been private key compromises.

Although they made up only 11.7% of all incidents, they caused almost half of the financial losses, totaling $239 million. This highlights the critical need for better private key security. We need to think and learn more, and then build more accordingly!

DeFi platforms remain the prime targets. There has been nearly $100 billion of total value locked in Web3 protocols. I know lots of people investing in crypto, DeFi investors are probably just 5 percent of them. Not talking about DeFi builders though. Many DeFi builders, they do not invest in DeFi themselves! The space has lots of potential, but needs a bit time to tackle its shortcomings, like security for starters!

DeFi accounted for all the exploits identified by Immunefi in Q1, while centralized finance platforms saw none. 

Two major projects were hit the hardest, making up $144.5 million or 43% of the total losses. The largest attack, worth $81.7 million, targeted the Orbit Bridge protocol on New Year’s Eve. January was the worst month, with losses totaling $133 million.

The second-largest attack involved a $62 million exploit on the Blast-based NFT game Munchables. Luckily, the funds were recovered within 24 hours when the hacker surrendered the private keys.

Overall, $73.9 million (22%) of the stolen funds from seven exploits in Q1 were retrieved. The number of attacks decreased by 17.6%, from 74 in Q1 2023 to 61 in 2024.

Hacks made up 95.6% ($321.6 million) of losses across 46 incidents, while fraud, scams, and rug pulls accounted for 4.4% ($14.7 million) in 15 incidents. 

Ethereum was the most targeted chain, followed by BNB Chain, with both networks accounting for 73% of total losses combined. Ethereum experienced the highest number of attacks, with 33 incidents accounting for 51% of the losses. 

BNB Chain had 12 attacks, representing 22% of the exploited funds. Other incidents occurred on Arbitrum, Solana, Optimism, Bitcoin, Blast, Polygon, Conflux Network, and Base.

In summary, Q1 of this year saw significant losses. From private key compromises to DeFi exploits there has been many incidents in a very short amount of time. The number of attacks decreased but the financial impact remained substantial! We have clear reminders working for us in the background, with each news outlet posting about what has been happening. Those give us a clear message. We have to prioritize security and stay informed about potential risks.

But spotting scams can be very hard! In our tech-world, companies continuously schedule safety programs where they can learn how to stay away from scams, but those are all focused on web2, and web2 scams are easy to catch. You just have to read, stay calm and then you’ll be able to understand what is real and what’s not.

You already know when you open up your inbox everyday, most of what you receive is either ADs or scam telling that your mother in law is kidnapped! Or somehow a CEO from another company is asking for your valuable guidance on how to use their internet banking and in return, they will give away one of their account to you with the assets.

You are well aware of the chances of those events happening. But of course, tell your elders to stay safe and remind them always to not believe everything they read or hear. But web3 is a whole different experience which we are also learning each day.

Not believing everything rule also applies to news, and perspectives, and we are here for a reason.

A very real, and a crucial reason. In our next episode, we’ll be telling you how to stay away from scams, keep in touch! And share your style, share your ideas on how to stay away from those scammers.