Crypto exploits, exit scams and flash loan attacks saw little signs of letting up in April, with more than $103 million of funds stolen from crypto projects and investors in the month. On April 30, crypto security and auditing firm CertiK posted an April roundup of crypto exploits, scams and hacks, revealing total funds lost in April was $103.7 million, bringing the total year-to-date loss to $429.7 million. The month was particularly marred with major crypto exploits, such as $25.4 million lost due to an exploit of several MEV trading bots on April 3, $22 million stolen in a hot wallet exploit at the Bitrue exchange and the hack of South Korean GDAC exchange leading to a loss of $13 million. The total lost to crypto and DeFi exploits in the month amounted to $74.5 million, making up around half of the total $145 million exploited in the first four months of the year, according to CertiK. The month also saw around $20 million lost to flash loan attacks, led mainly by Yearn Finance after a hacker exploited an old smart contract on April 13. The blockchain security firm noted that total funds lost to exit scams reached $9.4 million in the month, with the top exit scam for the month being Merlin DEX, which lost $2.7 million. On April 26, CertiK reported that it was investigating a “potential private key management issue” at the exchange. Furthermore, the exit scam occurred after the protocol was audited by CertiK, which warned about centralization issues. CertiK launched a compensation plan following the attack in which it urged the rogue developer to return 80% of the stolen funds with a 20% white hat bounty offered.
Full report : April’s crypto scams, exploits and hacks lead to $103M lost.
While these are the largest cryptocurrency hacks that have happened in April 2023, OODA has been compiling a comprehensive Web3 incident database based on our research to categorize what compromises are taking place as well as document the root causes that plague Cryptos, DeFi, NFTs, and Web3 in general. Tracking root causes provides comprehensive insights into how innovators can create robust cyber risk management approaches and reduce the potential for consequential attacks. You can access the OODA comprehensive Crypto Incident tracker here.