In June of this year, the world’s largest crypto bug bounty platform, Singapore-based Immunefi, released a report revealing that over $500 million worth of cryptocurrencies were stolen through hacking and scams in the second quarter of this year. Two incidents accounted for the majority of the stolen funds.
The latest report indicates that the total cryptocurrency losses in the second quarter of 2024 exceeded $572 million. A total of 53 hacking incidents resulted in over $564 million in losses, while 19 fraud incidents caused the remaining $8.45 million in losses. Hacking accounted for 98.5% of the losses, with fraud making up 1.5%. Two major hacking incidents during the quarter resulted in losses of $360 million, representing 62.8% of the total losses.
The first incident was a hacking attack on Japanese cryptocurrency platform DMM Bitcoin on May 31, causing approximately $305 million in losses. The second incident occurred on June 23, targeting the Turkish cryptocurrency exchange BtcTurk, leading to the theft of $55 million.
Overall, identified cryptocurrency losses exceeded $920 million, showing a 24% increase compared to the same period last year, which is a significant rise.
The primary targets of these exploits were centralized finance entities (CeFi). In centralized finance, all cryptocurrency transactions are processed through central exchanges, contrasting sharply with decentralized finance (DeFi), where transactions do not involve exchanges.
Centralized finance losses accounted for 70% of the total losses, while decentralized finance made up the remaining 30%.
Immunefi CEO Mitchell Amador highlighted, “Infrastructure leaks are the most destructive types of hacking attacks in the cryptocurrency space, as a single leak can result in the loss of millions of dollars.”
“The situation in this quarter underscores that infrastructure leaks are major contributors to the increased losses, particularly targeting centralized finance infrastructure, surpassing decentralized finance, despite fewer hacking incidents in that area. Therefore, taking strong measures to protect the entire ecosystem is crucial.”
According to the U.S. Federal Trade Commission (FTC) based in Washington, payments made via cryptocurrencies are often irreversible. Hence, recovering stolen cryptocurrencies after hacker attacks can be extremely challenging.
Data released by Immunefi showed that only $26.7 million was recovered from four incidents in the second quarter, accounting for just 5% of the total losses. This represents a slight increase from the recovery rate of 3.9% in the second quarter of 2023.
A Pew Research Center survey from April 2023 revealed that 17% of U.S. adults have invested, traded, or used cryptocurrencies.
Notably, in the past year, the U.S. Department of Justice has arrested several individuals involved in cryptocurrency hacking incidents.
In May, two brothers were arrested for allegedly stealing $25 million worth of cryptocurrencies. Deputy Attorney General Lisa Monaco revealed that these individuals attempted a “technologically sophisticated, cutting-edge scheme planned for months and executed in seconds” to carry out the heist.
They were accused of manipulating and tampering with procedures used to verify transactions on the Ethereum blockchain, allowing them access to certain pending transactions and ultimately stealing people’s cryptocurrencies.
In April, former security engineer Shakeeb Ahmed was sentenced to three years in prison for infiltrating two decentralized cryptocurrency exchanges and stealing over $12 million in cryptocurrencies.
In one incident, he attacked the cryptocurrency exchange Nirvana Finance, stealing $3.6 million in funds, almost wiping out all the company’s assets. Consequently, Nirvana Finance was forced to shut down.
Meanwhile, cryptocurrency scams have also caused significant losses to the general public. According to the FTC, Americans lost over $10 billion due to scams last year, with losses from fraudulent bank transfers and cryptocurrencies exceeding all other forms of losses combined.
Samuel Levine, Director of the FTC’s Consumer Protection Bureau, stated, “Digital tools have made it easier than ever to perpetrate fraud against hardworking American citizens, as seen in the data released today.”
He added, “The FTC is working diligently to take action against these scams.”
According to a report released in 2023 by the Institute for Marketplace Trust based in Virginia, investment/cryptocurrency scams topped the list as the “most dangerous scams” last year. Over 80% of the victims of these scams reported monetary losses.