Crypto losses due to hacks and scams fall to $413 million in Q3: Immunefi
Quick Take The crypto industry lost $413 million in Q3 due to hacks and fraud, according to web3 bug bounty platform Immunefi. The losses were dominated by crypto exchanges WazirX and BingX, which were exploited for $235 million and $52 million, respectively.
The crypto industry racked up $413 million in losses due to hacks and scams during the third quarter of this year across 34 incidents so far, according to the latest report from web3 bug bounty and security services platform Immunefi.
The losses represent a 28% decrease on the $573 million worth of exploits in Q2 and a 40% decrease compared to Q3 2023 when hackers and fraudsters stole $686 million. More than $1.3 billion has been stolen via hacks and fraud year-to-date, down by 4% compared with the same period last year, per Immunefi data.
With nearly $90 billion of total value locked in web3 protocols, according to DeFiLlama data, decentralized finance remains a primary target for hackers, accounting for 31 of the 34 incidents identified by Immunefi in Q3. However, centralized finance was hit harder regarding the amounts stolen, accounting for 74.8% ($309 million) of losses during the quarter compared to 25.2% ($104 million) for DeFi.
“We're seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences, with hundreds of millions in stolen funds in a single exploit,” Immunefi founder and CEO Mitchell Amador told The Block.
“In CeFi, the biggest infrastructural issue is private key management, which is essential to maintaining the self-custody of crypto assets but is not typically subject to security audits. It requires rigorous key management policies, practices and emergency plans," he added.
The majority of the losses came from two exploits alone, accounting for a combined $287 million, or 69.5%, of the total. A $235 million exploit of Indian crypto exchange WazirX on July 18 represented the largest attack, with a further $52 million stolen from the Singapore-based crypto exchange BingX on Sept. 20.
July accounted for the highest monthly losses in Q3 overall at $282 million. August losses fell dramatically to just $15 million . However, September then registered an additional $116 million in losses. In total, $14.9 million (3.6%) of the stolen funds in Q3 were recovered from two of the exploits: Ronin Network ($10 million) and ShezmuTech ($4.9 million).
Hacks continue to dominate vs. fraud, with Ethereum and BNB Chain again the most targeted networks
Hacks continued to dominate the losses in Q3, accounting for 99.3% ($409.9 million) of the total across 31 incidents, compared to cases of fraud, scams and rug pulls at just 0.7% ($3.1 million) over three specific incidents.
Ethereum and BNB Chain were again the most targeted networks, as they were in Q2. Ethereum suffered the most individual attacks, representing 15 of the incidents and 44.1% of the losses on targeted chains, followed by BNB Chain's eight incidents, representing 23.5%. Base, Blast, Solana and Arbitrum made up the remainder of the incidents.
Immunefi claims to have paid out more than $100 million in ethical hacker and researcher bounties to date. The payouts span three years and result from over 3,000 bug bounty reports, the largest of which was a $10 million award for a vulnerability discovered in Wormhole’s cross-chain protocol.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Cryptopia Liquidators Begin Distributing $225M to Users Affected by 2019 Hack
Pay Attention to These Losing Cryptos: Are They Set for a Turnaround?
Qubetics with 10,900 Token Holders as Polygon AggLayer Launches and Monero Privacy Demand Soars, Best Coins to Get Now