The number of attacks in the crypto industry has risen 192% year-over-year from 25 to 73 this past quarter, per research from Immunefi.
Despite this hefty rise, the total amount of money lost is actually down by 64.4%—likely due to market conditions.
Immunefi assessed the total amount of crypto funds lost by the community due to hacks and scams by reviewing, validating, and classifying publicly available data. They have been conducting similar reports since 2021.
Crypto losses fall into two categories in this report: losses that are the result of a contract flaw, known as a hack or exploit; or losses caused by human behavior such as a rug pull, scam, or fraud.
Another key insight the study revealed was that the BNB Chain was the prime target for exploits and scams. In fact, Immunefi reports that 73.3% of all rug pulls that the security firm surveyed occurred on the BNB Chain.
A rug pull refers to instances when a project raises funds, for example, for a new token or NFT collection, promising certain benefits to users, but then the developers abandon the project and fail to deliver the promised benefits, but retain the buyers' funds.
"BNB Chain still has a serious issue with developers using forked code," Immunfi’s triaging team lead Adrian Hetman Tech said in the report. "Its community lacks a security-first approach and attracts many users looking for a quick way to earn money. That's why we continue to see the biggest number of exploits and rug pulls in this ecosystem."
Black hat hackers 'have kept pace'
A total of around $440 million were stolen in Q1 2023 but luckily 40.5% of that was recovered through two specific instances Euler Finance and SperaxUSD.
This figure is likely higher now that the Euler attacker has officially returned all funds as of April 3.
Hacks were the predominant cause of losses at 95.7%, in comparison to fraud, scams, and rug pulls which amount to only 4.3%.
"Projects have increased their security measures through audits and bug bounties in the past year, but blackhats have kept pace," a spokesperson from Immunefi told Decrypt via email. "They’ve been educating themselves on industry practices and improving their skills, and it’s showing in this spike in the number of successful hacks and rug pulls."
If black hat hackers are developing alongside the general crypto industry then surely the number of incidents shouldn't be increasing.
The question then arises: how are blackhats winning the war?
"In a bear market, blackhats are able to take advantage of projects that start deprioritizing security in favor of other budget items," the spokesperson said. "Blackhats only have to be right once in their attack, whereas developers have to be right in every step of the development process to make sure there isn’t a single hole. It’s a tough job, and almost an unfair fight."