Study: Criminals Target Defi Platforms, Steal More Than $67 Million in February Alone

March 9, 2024 Bitcoin.com

Hacker Siphons Close to $300K in OHM Tokens From the Olympus DAO

October 21, 2022 Bitcoin.com

Crypto Hackers Gross Over $3 Billion From 125 Hacks so Far This Year

October 15, 2022 Bitcoin.com

Barely halfway and October’s the ‘biggest month’ in crypto hacks: Chainalysis

October 13, 2022 Coin Telegraph

blockchain hacks

While 2021 was the biggest year on record for crypto hacks, 2022 could “likely” beat the record “at this rate” according to Chainalysis.

Blockchain analytics firm Chainalysis has labeled October 2022 as “the biggest month in the biggest year ever for hacking activity” with the total hacked value for the month nearly reaching $718 million.

Despite not being more than halfway through the month, Chainalysis said 11 different hacks on decentralized finance (DeFi) protocols had seen hundreds of millions exploited.

Four exploits alone took place on Oct. 11 worth around $122 million. Hackers siphoned $200,000 in crypto using a smart contract from crypto wallet Rabby Wallet, $1.89 million from blockchain QANplatform’s Ethereum (ETH) bridge, $2 million from TempleDAO, and a $118 million exploit on the Solana (SOL)-native Mango Markets.

Chainalysis says 2021 was the biggest year for blockchain-based hacks on record both in terms of total value hacked and the total number of hacks, but at the current rate, 2022 could “likely surpass” last year's figures as over $3 billion has been exploited across 125 hacks so far.

2/ At this rate, 2022 will likely surpass 2021 as the biggest year for hacking on record. So far, hackers have grossed over $3 billion dollars across 125 hacks. pic.twitter.com/vgT3pz2iOu
— Chainalysis (@chainalysis) October 12, 2022

The firm says it’s seeing a shift in where exploits are taking place too.

In 2019 most hacks took place on centralized cryptocurrency exchanges but as those companies increased security, the huge majority of hacks, around 90% in 2022, have taken place on DeFi protocols.

The biggest target for hackers is cross-chain bridges with three bridges targeted this month accounting for 82% of October’s losses according to Chainalysis, the largest of these bridge hacks was a roughly $100 million exploit in the bridge between crypto exchange Binance’s BNB Smart Chain and Beacon Chain.

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

June 26, 2022 Bitcoin.com

Illicit crypto usage as a percent of total usage has fallen: Report

June 14, 2022 Coin Telegraph

AML

A rapidly growing crypto market means that hacks and scams are accounting for less overall activity, and their percentage of total usage continues to decline.

Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace.

The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021.

In its Cryptocurrency Crime and Anti-Money Laundering Report released June 13, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 and Q1 2022 netted attackers $2.4 billion.

Over half of that figure came from just two events, the largest being the late March 2022 Ronin Network exploit worth about $650 million and the $610 million August 2021 hack of the Poly Network, most of which was returned by the anonymous hacker.

Within a similar time period, anti-money laundering (AML) related fines in the banking sector increased dramatically with 80 institutions fined in 2021, up from just 24 in 2020 according to Kyckr.

While the total dollar amount of the fines fell from 2020, last year saw the banks pay $2.7 billion worth of fines for AML or Know Your Customer (KYC) related violations, the largest single fine totaling around $700 million.

While significant sums have been exploited in crypto, CipherTrace detailed the rapidly expanding crypto ecosystem, noting the total crypto market activity for 2020 was around $4.3 trillion, which grew to approximately $16 trillion of activity just in the first half of 2021.

CipherTrace says that the growth of the crypto market also brings with it increased scrutiny from the world's regulators, who are “starting to take decisive action to ensure that the space isn’t just a modern-day wild west.”

Some of the most significant regulatory events cited in the report include the United States President Biden’s crypto executive order in March to study blockchain technology, Dubai establishing a virtual assets regulator, and the European Union’s proposed anti-money laundering laws.

CipherTrace added organizations are going to have a “very real incentive to shape up” or face “heavy losses at the hands of the government,” adding it expects the threats existing in crypto will be the focus of future regulatory efforts.

Report: $1.3 Billion in Crypto Stolen in Q1 2022, 97% Stemmed From Defi Exploits

April 28, 2022 Bitcoin.com

ImmuneFi report $10B in DeFi hacks and losses across 2021

January 7, 2022 Coin Telegraph

ImmuneFi report B in DeFi hacks and losses across 2021

Coin Telegraph

The research reveals that crypto losses in the nature of exploits and rug-pulls saw a 137% rise in comparison to figure calculated in 2020.

Decentralized finance, or DeFi, security platform and bug bounty service ImmuneFi published an official report on Thursday, which calculated the total volume of losses in the cryptocurrency markets in 2021. According to its report, the company found that losses resulting from hacks, scams and other malicious activities exceeded $10.2 billion dollars over the past year.

Responsible for protecting over $100 billion worth of assets for a number of well-established DeFi protocols, including Synthetix, Chainlink, SushiSwap and PancakeSwap, among others, ImmuneFi has regularly facilitated seven-figure pay-outs to whitehat hackers and other good-willed entities for preventing protocol compromises.

According to the report, across 2021, there were 120 instances of crypto exploits or fraudulent rug-pulls, the highest-valued hack being Poly Network at $613 million, followed by Venus and BitMart with $200 million and $150 million, respectively.

Other notable entries to the list were Alpha Finance and Cream Finance, who were both hacked for $37.5 million, Yearn.finance’s $11 million, Furucombo’s $14 million evil contract exploit, as well as the infamous Alchemix reverse rug in which the platform’s users claimed a welcome fortune due of $6.5 million after a withdrawal issue arose with one of the platform’s smart contracts synthetic assets, alETH.

The year 2021 saw a stark rise in both the frequency and volume of security breaches in comparison to the previous year, which recorded 123 incidences totaling $4.38 billion, a 137% increase.

We've just released our report for 2021 on crypto losses stemming from hacks and scams.

In total, the DeFi ecosystem saw a loss of $10,210,188,549

Read more facts and figures here:https://t.co/gCWiOqjhhZ pic.twitter.com/zEX28yg0vD
— Immunefi (@immunefi) January 7, 2022

In conversation with Cointelegraph, CEO and founder of Immunefi, Mitchell Amador, spoke of his optimism for the future of on-chain security, despite what he described as a “year of dramatic losses” for the industry.

“Despite the appearance of entirely new vulnerabilities in the onchain economy, the community is adapting rapidly. At Immunefi alone, we saved double the amount lost to exploitation this year, and security best practices are circulating throughout the community.”

Amador cited ImmuneFi’s role in facilitating Polygon’s (MATIC) recent $3.47 million pay-out to two whitehat hackers for their instrumental role in averting what was described as a “critical” vulnerability in the network’s proof-of-stake Genesis contract, placing almost all of the MATIC token supply of $10 billion at risk.

In September last year, ImmuneFi organized what was reported at the time as being the largest bounty in the history of DeFi to renowned white hat programmer Alexander Schlindwein for averting a potential $10-million bug crisis in automated market maker, or AMM, protocol Belt Finance.

Schlindwein received a compensation of $1.05 million in total, $1 million of which was granted by Belt Finance with ImmuneFi acting as the middleman, and the remaining $50,000 offered by Binance Smart Chain’s Priority One program.

In October, ImmuneFi announced a $5.5 million capital raise from a number of institutional investors, including Blueprint Forest, Electric Capital, with the intention of expanding its security services across the DeFi industry in a concerted effort to lower the prevalence and financial impact of benevolent security exploits in the space.

Immunefi to bolster DeFi security service with new funds

October 26, 2021 Coin Telegraph

Coin Telegraph

The platform has paid out more than $7.5 million in bug bounties since inception in December 2020.

DeFi security platform Immunefi has announced a $5.5 million funding from a panoply of eleven institutional investors including Blueprint Forest, Electric Capital, Framework Ventures and Bitscale Capital, in addition to a series of private individuals.

Immunefi will utilize the funds to advance its services in DeFi security, providing asset protection to smart contract protocols, as well as implementing financial incentives to benevolent hackers.

The service is reportedly responsible for protecting more than $50 billion in protocol assets from projects such as Synthetix, Chainlink, SushiSwap and PancakeSwap. It has paid out $7.5 million in bug bounties throughout its history.

According to analytical data from REKT Database, the DeFi space has experienced malicious hacks totaling more than $1.74 billion in its entire lifespan, a vast proportion of which has been witnessed in the months since July 2021.

The $609 million hack of cross-chain protocol Poly Network in early August this year bears the undesirable crown for the industry's largest-ever hack. However, in welcomely unusual circumstances, Mr. White Hat — as they came to be known — returned all of the available funds, the remaining balance being the $33 million USDT tokens initially frozen.

Over the past year, the prevalence and severity of financial breaches within the DeFi space have established a surging demand for security services such as Immunefi.

Founder and CEO of Immunefi, Mitchell Amador, spoke of the importance of offering DeFi protective measures:

“DeFi is unique because vulnerabilities in code represent a possibility of a direct loss of users’ money. Bug bounty programs are open invitations to security researchers to find those vulnerabilities in exchange for a reward, and have proved one of the most effective ways to deal with critical security holes.”

In late September, a $1.05 million bug bounty fee was paid to renowned white hat programmer Alexander Schlindwein in the aftermath of the Belt Finance saga, for his instrumental role in preventing a potential $10 million downfall for the protocol. The claim was facilitated through Immunefi’s specialist bounty program.

More recently, white-hat hacker, Gerhard Wagner, pocketed a cool $2 million for diligently advising a solution to a “double-spend” flaw on the Polygon network, preventing a potentially catastrophic $850 million, the former of which now stands as an industry record.

Immunefi’s Amador also commented on the potential impact a service such as Immunefi could have on the wider technology landscape:

"We believe that by helping launch such programs on Immunefi, we contribute not only to protecting DeFi projects for today, but also to shaping the tech industry for the future.”

DeFi hacks

Share this video