In the first two months of 2024, hacks across the Web3 space cost over $200 million, according to the latest report by Immunefi, the blockchain cybersecurity platform protecting over $60 billion in assets. In February, the losses amounted to nearly $70 million.
According to the ‘Crypto Losses in the February 2024 Report,’ Web3 has lost $200,478,412 to hacks and rug pulls in 2024 year-to-date.
This is across 32 specific incidents in two months.
The report stated that this represents a 15.4% increase when compared with the same period in 2023 at $173,693,675.
Jonah Michaels, Comms Lead at Immunefi, told Cryptonews that, this year, the team observed “an alarming volume of losses” due to private key and wallet compromises, representing close to 30% of the total losses YTD.
Furthermore, he said:
“We expect that 2024 will likely witness the most substantial losses in Web3 ever in terms of volume of funds. We are already seeing an increase of over 15% in losses year-to-date compared with 2023, as anticipated.”
February Sees 2x Decrease in Web3 Hacks Costs Compared to January
In February 2024, hacks and frauds cost Web3 users $67,065,795 across 12 specific incidents.
However, this represents an almost 2x decrease from January 2024. Registered losses at the time were $133,412,617.
Michaels commented that, in February of this year, there was a slight drop in the number of single incidents compared with January, decreasing from 20 to 12.
Furthermore, compared with 2023, February also witnessed the lowest number of incidents overall so far.
Per Michales,
“Generally, we have observed an average of 26 key incidents per month, based on our data for 2023. Despite this decrease in incidents, February still saw a considerable volume of losses, with notable exploits resulting in losses of as much as $32 million due to hacking.”
Comparing hacks and fraud, hacks continued to be the predominant cause of losses in February.
$65,413,795 was lost to hacks across ten specific incidents. Meanwhile, there was a loss of $1,652,000 related to fraud across two specific incidents.
Put differently, hacks accounted for 97.54% of the total losses this month, while fraud accounted for only 2.46%.
Michaels stated that,
“As activity and capital inflows increase in the ecosystem, along with a persistent rise in cryptocurrency prices, hacking will remain the primary challenge for the industry. Bad actors are closely monitoring protocols for opportunities to exploit them, from contract vulnerabilities to infrastructure compromises, and other sophisticated vectors.”
Moreover, most of the month’s sum was taken in two projects:
- crypto gaming platform PlayDapp lost $32,350,000,
- decentralized crypto exchange FixedFloat lost $26,100,000.
DeFi Hit Hard – Again
In February, decentralized finance (DeFi) was – yet again – the main target for exploits in terms of funds lost, compared to centralized finance (CeFi).
DeFi suffered $67,065,795 in total losses across 12 incidents. The sum primarily came from the high-profile attacks on PlayDapp, FixedFloat, and Duelbits.
Per Immunefi,
“In contrast, CeFi did not witness a single major exploit.”
Meanwhile, the most targeted chains in the same period were Ethereum, BNB Chain, and Bitcoin.
Among the three, Ethereum suffered the most individual attacks, with 12 incidents. This represents 85.71% of the total losses across targeted chains.
Bitcoin and BNB Chain witnessed one incident each, representing 7.14%.
Meanwhile, Immunefi offers over $157 million in available bounty rewards. It has so far paid out over $90 million in total bounties, while saving over $25 billion in user funds, it said.