Crypto risk lingers as investors lose $54M on Rugpulls May 2023 scam

In a turbulent month for the cryptocurrency market, May 2023 witnessed a wave of fraud and hacking incidents that resulted in cumulative losses of over $54 million, according to a new report from security firm De.Fi.

The amount is nearly half of April’s loss of $101.5 million, suggesting better security practices among users and developers. However, no funds were recovered in May 2023 – compared to $2.2 million recovered in April.

The BNB Chain ecosystem accounted for the majority of incidents, with losses exceeding $37 million in ten cases. Ethereum-based projects had the least leverage at just over $2 million.

Among the top ten cases, Fintoch suffered the highest loss of $31.7 million due to a smart contract exploit. Jimbo Protocol on Arbitrum experienced a loss of $7.5 million due to a rug pull, while Deus Finance on BNB lost $6.2 million in a smart contract exploit.

Other notable cases include Tornado Cash, Mother, WSB Coin, Linda Yaccarino, Block Forest, SNOOKER and land, with losses ranging from $145,000 to $733,000.

Rye draft remained the most prevalent, accounting for twelve cases and losses totaling $37 million. There were nine instances of exploits resulting in losses of $8.8 million, while flash loan attacks, although less frequent with five instances, still led to significant losses totaling $8.9 million. Exit fraud was responsible for two cases, resulting in a loss of $177,000.

A “rug pull” is a colloquial term for a type of crypto scam that typically sees the developer, or developers, gain legitimacy on social media, hype up a project, and raise a significant amount of money only to drain liquidity after the project’s tokens is first offered to the public.

Flash lending, on the other hand, is a sophisticated type of exploit that allows traders to borrow unsecured funds from lenders using smart contracts instead of third parties. Attackers typically take out flash loans to manipulate the prices of a project’s token – where the smart contract is unable to detect the manipulation – and drain the treasury.

As such, governance tokens were the most targeted category, with 19 cases reported and losses totaling $3.3 million. Decentralized exchanges (DEX) were targeted in three cases, resulting in losses of $4 million. Stablecoins recorded the highest amount lost, reaching $6.2 million in a single case.

Other categories, such as yield aggregators, gaming and metaverse applications, non-fungible tokens (NFTs) and centralized crypto platforms reported no losses during this period. Borrowing and lending protocols also remained unaffected.