Crypto losses due to hacks and scams surpass $1 billion year-to-date: Immunefi

The crypto industry has clocked up over $1.19 billion in losses due to 149 hacks and scams year-to-date following a further $269.4 million worth of exploits in July, according to the latest report from web3 bug bounty and security services platform Immunefi.

The year-to-date tally represents a 16.3% increase compared to the same period in 2023, which saw $1.02 billion in losses.

July’s losses from 14 specific incidents represent a 15.9% decrease year-over-year but a 90% increase month-over-month — the second-highest monthly loss in 2024 after May’s $358 million. The majority of the losses came from one exploit alone, the $235 million hack on WazirX, suspected to have been carried out by North Korean hackers, with the centralized Indian crypto exchange facing a backlash over its “socialized loss” plan following the incident. The DEX aggregation and bridging protocol LI.FI is the largest DeFi exploit in July, incurring losses of $10 million .

CeFi hacks dominate, with Ethereum and BNB Chain again the most targeted networks

Hacks dominated the losses in July, accounting for 98.9% ($266.4 million) of the total across 12 incidents, compared to cases of fraud, scams and rug pulls at only 1.1% ($3 million) over two specific incidents.

The dominance of hacks came mainly from the WazirX exploit, with the sole CeFi attack representing 87% of July’s lost funds, contrasting to the $34.4 million lost in 13 DeFi incidents.

Of the total $1.19 billion lost year-to-date, CeFi exploits also dominate, accounting for $636 million (53.4%) of the losses from just six incidents. DeFi represents $554 million in losses (46.6%) over 143 specific incidents.

Ethereum and BNB Chain were again the most targeted networks, as they have been for most of 2024, representing 71.4% of total on-chain losses. Ethereum suffered the most individual attacks with seven incidents, representing 50% of the losses on targeted chains, followed by BNB Chain with three incidents, representing 21.4%. Scroll and Base suffered one incident each.

Last month, Immunefi surpassed $100 million in ethical hacker and researcher payouts. The payouts span three years and result from over 3,000 bug bounty reports, the largest of which was a $10 million award for a vulnerability discovered in Wormhole’s cross-chain protocol.

Immunefi claims to operate the largest blockchain security community with more than 45,000 researchers, saving over $25 billion in user funds across protocols like Polygon, Optimism, Chainlink, The Graph, Synthetix and MakerDAO from being stolen.