Losses from hacks and scams surged in April, with one single incident accounting for most of the damage.
In April, the crypto sector experienced a significant increase in losses due to exploits, scams, and hacks, totaling $364 million. This marked a staggering 1,163% surge from the $28.8 million recorded in March, according to a report by blockchain security firm CertiK on April 30.
The primary reason for this surge was a targeted attack on an elderly American, who lost 3,520 Bitcoin valued at $330.7 million. The attacker reportedly employed advanced social engineering tactics to access the victim’s wallet, making it one of the largest crypto thefts in history.
Excluding the aforementioned incident, April’s losses amounted to $34 million, still representing a 21% increase from the previous month. CertiK identified phishing, access control exploits, social engineering, and price manipulation as the main attack vectors.
Despite the significant losses, some of the funds were successfully recovered thanks to the efforts of affected protocols and white hat hackers. In April, approximately $18.2 million in stolen funds were recovered. This included the full repayment to KiloEx, which had fallen victim to a $7.5 million exploit but had the funds returned within four days.
ZKsync Association also managed to recover $5 million in stolen tokens following a breach involving its airdrop distribution contract. The attacker agreed to return all funds in exchange for a 10% bounty, highlighting the effectiveness of negotiation in recovering stolen assets.
Similarly, DeFi protocol Loopscale successfully reclaimed all the assets stolen in an attack that exploited vulnerabilities in its token pricing functions. Through direct negotiation with the attacker, the platform recovered $5.8 million, with the attacker agreeing to return the funds in exchange for a 10% whitehat bounty and immunity from legal action.
Although April witnessed a sharp increase in losses, February remains the costliest month of the year so far. In February, crypto losses surged to $1.53 billion, primarily due to two major incidents. The $1.46 billion exploit on crypto exchange Bybit accounted for the majority of the losses, while stablecoin issuer Infini lost $49.5 million in a separate attack.
Overall, the crypto sector continues to face security challenges, highlighting the importance of robust security measures and proactive response strategies to mitigate the impact of hacks and scams on the industry.