Crypto fraudsters stole over $370 million in the first quarter
Losses are 90% lower than the previous quarter
More than $370 million was lost to hacks and exploits in the first three months of 2023, down from a whopping $5 billion in the last quarter of 2022.
According to data from Rekt, 215 million dollars, or 57% of losses for the quarter, were stolen during the first three weeks of March.
“It is worth noting that January 2023 was one of the lowest months for hacking, with a total of $14.6 million lost, a sum not recorded in all of 2022,” DappRadar said. “This could be a positive sign that the industry is taking security more seriously and implementing better measures to prevent hacks and exploits.”
In 2022, losses fell $1.1 billion in October and $3.9 billion in November, before falling to $87 million in December.
The Euler Finance Fiasco
The $196 million flash loan attack that targeted Euler Finance on March 13 accounts for more than half of the quarter’s losses.
Flash loans allow users to borrow funds from a DeFi protocol without collateral as long as the loan is repaid within the same block, eliminating any risk of the lending protocol suffering losses. The technique is often used to facilitate arbitrage trades, but also provides an opportunity for opportunistic coders to perform malicious exploits.
The hacker stole DAI, USDC, WBTC and stETH from Euler using a multi-chain bridge that transferred assets between Ethereum and the BNB Chain, before obfuscating the origin of the funds using Tornado Cash, a crypto mixing service.
However, the hacker has since returned the majority of the funds, having transferred around $177 million worth of ETH and other assets back to Euler. On Monday, the attacker sent transactions to Euler containing encrypted messages apologizing for their actions and promising to return the stolen assets.
BonqDAO exploit
BonqDAO’s $125 million oracle exploit in February was the second most expensive event of the quarter.
On February 1, the perpetrator of the attack manipulated price data for the ALBT token on the Bonq protocol, allowing the attacker to mint large sums of BEUR tokens against ALBT security.
The hacker then exchanged the ill-gotten BEUR for other tokens on Uniswap and walked away with around $10 million in profits. They also triggered a wave of ALBT liquidations on Bonq after the token’s value crashed by half during heavy selling.
Q1’s costliest events also include the $45M CoinDeal scam and $16.5M taken by the Monkey Drainer phishing scheme.
BNB chain top list by number of exploits
BNB Chain remains the chain of choice for hackers and fraudsters, with Rekt identifying 18 events on the Layer 1 blockchain.
Ethereum was second with 10 hacks, despite representing the majority of Q1’s losses, while seven scams hit Arbitrum users amid anticipation of the Layer 2 network’s much-anticipated airdrop.
Rekt counts 47 incidents in the last three months in total. Smart contract exploitation is the most popular form of attack this year, with 17. Rugpulls ranking second with eight, followed by flash loan attacks at six.