The month of April witnessed a significant surge in crypto exploits, exit scams, and flash loan attacks, with over $103 million stolen from crypto projects and investors, most of the time to Decentralized Finance (DeFI) ones, thereby accounting for half of 2023’s total losses as per CertiK report.Â
#CertiKSkynetAlert 🚨
Combining all the incidents in April we’ve confirmed ~$103.6M lost to exploits, hacks, and scams.
Exit scams were ~$9.3M.
Flash loans were ~$19.8M.
See the details below 👇 pic.twitter.com/jflvMPiJGQ
— CertiK Alert (@CertiKAlert) April 30, 2023
Crypto security and auditing firm, CertiK, revealed that the total funds lost in April brought the year-to-date loss to $429.7 million.Â
A detailed analysis shows that April experienced a string of major crypto exploits, including a $25.4 million loss from an exploit of multiple MEV trading bots on April 3, a $22 million theft in a hot wallet exploit at Bitrue exchange.
Other losses included a $13 million loss from a hack of South Korean GDAC exchange. The total amount lost to crypto and DeFi exploits in April reached $74.5 million, accounting for nearly half of the $145 million exploited within the first four months of 2023.
However, flash loan attacks contributed to April’s losses, with about $20 million stolen. Yearn Finance was a primary target when a hacker exploited an old smart contract on April 13.Â
Meanwhile, exit scams saw a total loss of $9.4 million, with Merlin DEX being the top exit scam, losing $2.7 million. Interestingly, the exit scam transpired after CertiK had audited the protocol and warned about centralization issues.Â
Recall that CertiK launched a compensation plan, thereby urging the rogue developer to return 80% of the stolen funds and offered a 20% white hat bounty.
It is noteworthy that CertiK raised another alarm on April 30 regarding the movement of stolen funds into Tornado Cash.
#CertiKSkynetAlert 🚨
We have detected movement of stolen funds into @TornadoCash from EOA 0x384…e2Ae7.
300 ETH has been deposited into the mixer.
Wallet has been involved in phishing activity.
See more on this incident 👇https://t.co/u8oTr5LPUr
— CertiK Alert (@CertiKAlert) April 30, 2023
Reviewing Crypto Hacks and Scams in 2023
While 2022 was notorious for a significant amount of crypto hacks and scams, it appears 2023 is not taking a different direction given emerging atrocities within the crypto industry.
Accordingly, the DeFi’s Rekt Database revealed that more than 50 crypto exploits, scams, hacks, and rug pulls occurred in April, with a significant portion being memecoin rug pulls.Â
The most recent case involved the Polygon-based Ovix protocol, which lost $2 million in a flash loan attack on April 28.
In light of the foregoing, it is hoped that more security measures, rigorous auditing, and a proactive approach to identifying and mitigating potential vulnerabilities in crypto projects and exchanges will be put in place.
