Crypto Exploit and Scam Losses Drop to $28.8M in March After February’s Surge

Crypto scams, exploits, and hacks saw a notable decline in March, with total losses dropping to $28.8 million, a far cry from the alarming $1.5 billion recorded in February following the Bybit hack. Despite the reduction in losses, blockchain security firm CertiK reported that vulnerabilities in code and wallet compromises continued to account for significant thefts during the month.

Key Losses in March

The most significant loss in March came from a smart contract exploit on the decentralized lending protocol Abracadabra.money. On March 25, an attacker exploited a vulnerability in the protocol, resulting in a loss of over $13 million. According to CertiK, the attacker was able to borrow funds, liquidate them, and then borrow additional funds without repaying the original loan due to an issue with the liquidation process. The protocol’s team has since offered a 20% bounty for the return of the stolen funds, which is double the usual 10% bounty, though no public updates have been provided on whether any funds have been returned.

Another significant incident in March was the compromise of the deployer wallet for Zoth, a restaking protocol. This hack resulted in the attacker stealing over $8.4 million in crypto assets.

Recovery of Stolen Funds

Despite these losses, some stolen funds were recovered, helping to lower the overall impact for the month. CertiK reported that while over $33 million was stolen across various exploits and scams in March, 1inch, a decentralized exchange aggregator, successfully recovered the majority of the $5 million stolen in a March 5 exploit. This recovery was made possible after 1inch negotiated a bug bounty agreement with the attacker, facilitating the return of most of the stolen funds.

The total loss figures for March, however, do not account for an unknown Coinbase user who, according to crypto sleuth ZachXBT, lost 400 Bitcoin (BTC), worth approximately $34 million. Additionally, ZachXBT reported that $46 million could have been lost to phishing scams that spoofed legitimate crypto exchanges during March.

Rising Threat of Phishing Scams

Phishing attacks were another notable threat in March. On March 21, Australian Federal Police alerted 130 individuals about a message scam targeting crypto users. The scam involved fraudulent messages that spoofed the sender ID of legitimate crypto exchanges, tricking users into disclosing sensitive information. Furthermore, X users reported similar phishing attempts on March 14, with attackers attempting to deceive victims into setting up new wallets using pre-generated recovery phrases that were controlled by the fraudsters.

Conclusion

While March saw a drop in crypto exploit and scam losses, the industry continues to face significant security risks. The recovery of stolen funds by platforms like 1inch provides a glimmer of hope for affected users, but the rise of sophisticated phishing scams and the exploitation of code vulnerabilities remain ongoing threats. As the crypto industry continues to grow, it's crucial for platforms and users alike to remain vigilant in order to mitigate the risks of cyberattacks and fraud.