The crypto industry experienced losses totaling $572.7 million in Q2 due to hacks and fraud, as reported by the web3 bug bounty platform Immunefi. The top two exploits were DMM Bitcoin and BtcTurk, accounting for $305 million and $55 million in losses, respectively.
According to Immunefi’s latest report, the industry saw 72 incidents in Q2, leading to a 70.3% increase in losses compared to the $336.3 million in Q1, and a 112% increase from Q2 2023’s $265.5 million. Year-to-date, over $900 million has been stolen through hacks and fraud, marking a 24% rise from the same period last year.
With nearly $100 billion in total value locked in web3 protocols, as per DeFiLlama data, decentralized finance (DeFi) has been a prime target for hackers. However, Q2 saw a shift with centralized finance (CeFi) becoming the main target, accounting for 70% ($401.4 million) of the losses, while DeFi accounted for 30% ($171.3 million).
The majority of the losses came from two major exploits: a $305 million attack on the Japanese cryptocurrency trading platform DMM Bitcoin and a $55 million theft from the Turkish crypto exchange BtcTurk on June 23. May saw the highest monthly losses in Q2, totaling $358.5 million. Additionally, $28.7 million (5%) of the stolen funds in Q2 were recovered from four exploits: Bloom, ALEX Lab, Gala Games, and YOLO Games.
“This quarter highlights how infrastructure compromises can be the most devastating hacks in crypto, as a single compromise can lead to millions in damages,” Immunefi founder and CEO Mitchell Amador said. “This was evident during this quarter, where losses surged primarily due to hacks targeting CeFi infrastructure, surpassing DeFi, despite a smaller number of hacks in that sector. Robust measures to safeguard the entirety of the ecosystem are crucial.”
Hacks Dominate Fraud with Ethereum and BNB Chain the Most Targeted Networks
Hacks accounted for 98.5% ($564.2 million) of the total losses in Q2 across 53 incidents, whereas fraud, scams, and rug pulls accounted for only 1.5% ($8.5 million) over 19 incidents. Ethereum and BNB Chain were the most targeted networks, as in Q1. Ethereum suffered 34 attacks, representing 46.6% of the chain losses, followed by BNB Chain with 18 attacks, representing 24.7%. Other affected networks included Arbitrum, Blast, Optimism, Solana, Polygon, Fantom, Linea, Mantle, and TON.
Earlier this month, Immunefi surpassed $100 million in payouts to ethical hackers and researchers, resulting from over 3,000 bug bounty reports over three years. Immunefi claims to operate the largest blockchain security community, with over 45,000 researchers, saving more than $25 billion in user funds across protocols like Polygon, Optimism, Chainlink, The Graph, Synthetix, and MakerDAO from being stolen.
The highest white hat hacker bounty facilitated by Immunefi was a $10 million award for discovering a vulnerability in Wormhole’s cross-chain protocol.