The month of April witnessed a significant surge in crypto exploits, exit scams, and flash loan attacks, with over $103 million stolen from crypto projects and investors, most of the time to Decentralized Finance (DeFI) ones, thereby accounting for half of 2023’s total losses as per CertiK report.
Combining all the incidents in April we’ve confirmed ~$103.6M lost to exploits, hacks, and scams.
Exit scams were ~$9.3M.
Flash loans were ~$19.8M.
See the details below 👇 pic.twitter.com/jflvMPiJGQ
— CertiK Alert (@CertiKAlert) April 30, 2023
Crypto security and auditing firm, CertiK, revealed that the total funds lost in April brought the year-to-date loss to $429.7 million.
A detailed analysis shows that April experienced a string of major crypto exploits, including a $25.4 million loss from an exploit of multiple MEV trading bots on April 3, a $22 million theft in a hot wallet exploit at Bitrue exchange.
Other losses included a $13 million loss from a hack of South Korean GDAC exchange. The total amount lost to crypto and DeFi exploits in April reached $74.5 million, accounting for nearly half of the $145 million exploited within the first four months of 2023.
However, flash loan attacks contributed to April’s losses, with about $20 million stolen. Yearn Finance was a primary target when a hacker exploited an old smart contract on April 13.
Meanwhile, exit scams saw a total loss of $9.4 million, with Merlin DEX being the top exit scam, losing $2.7 million. Interestingly, the exit scam transpired after CertiK had audited the protocol and warned about centralization issues.
Recall that CertiK launched a compensation plan, thereby urging the rogue developer to return 80% of the stolen funds and offered a 20% white hat bounty.
It is noteworthy that CertiK raised another alarm on April 30 regarding the movement of stolen funds into Tornado Cash.
We have detected movement of stolen funds into @TornadoCash from EOA 0x384…e2Ae7.
300 ETH has been deposited into the mixer.
Wallet has been involved in phishing activity.
See more on this incident 👇https://t.co/u8oTr5LPUr
— CertiK Alert (@CertiKAlert) April 30, 2023
Reviewing Crypto Hacks and Scams in 2023
While 2022 was notorious for a significant amount of crypto hacks and scams, it appears 2023 is not taking a different direction given emerging atrocities within the crypto industry.
Accordingly, the DeFi’s Rekt Database revealed that more than 50 crypto exploits, scams, hacks, and rug pulls occurred in April, with a significant portion being memecoin rug pulls.
The most recent case involved the Polygon-based Ovix protocol, which lost $2 million in a flash loan attack on April 28.
In light of the foregoing, it is hoped that more security measures, rigorous auditing, and a proactive approach to identifying and mitigating potential vulnerabilities in crypto projects and exchanges will be put in place.