In May 2023, damage from fraud and hacking exceeded 54 million dollars (approximately 7.56 billion yen, converted to 140 yen to the dollar). A report by blockchain security firm De.Fi revealed.
That’s nearly halved from the $101.5 million it received in April, a sign that users and developers are improving their security efforts. However, while $2.2 million of damage was recovered in April, the amount recovered was zero in May.
Mostly BNB chains
The report summarizes incidents by blockchain and incidents by type, such as lag pulls, exploits, and flash loan attacks.
The damage, mostly to the BNB chain, exceeded $37 million. Ethereum suffered the least damage, just over $2 million.
Looking at the top 10, P2P blockchain financial platform Fintoch suffered a May record $31.7 million loss due to a smart contract exploit. Arbitrum’s Jimbos Protocol lost $7.5 million due to a lag pull, while Deus Finance, a DeFi (decentralized finance) protocol on the BNB chain, lost $6.2 million due to a smart contract exploit.
Tornado Cash, Mother, WSB Coin, Linda Yaccarino, Block Forest, SNOOKER, and land followed, with damage ranging from $145,000 to $733,000.
By type, ragpull remained the most common type, with 12 cases and $37 million in damages. 9 exploits for $8.8 million. Flash loan attacks, though small in number at five, resulted in a large loss of $8.9 million. Two exit scams cost $177,000.
Lag pull is slang for a type of exit scam. Typically, developers first gain credibility on social media, hype their projects, and raise a lot of money. After the tokens of the project are provided, the developers deprive the liquidity by selling a large amount of owned coins.
A flash loan attack refers to an attack that allows traders to borrow unsecured funds from lenders using smart contracts. Attackers typically manipulate project token prices and drain funds through flash loan attacks. As a result, governance tokens are often targeted, and in May there were 19 cases, with damage amounting to $3.3 million.
Three decentralized exchanges (DEX) were damaged, with a loss of $4 million. There was one stablecoin, but it was $6.2 million, which was the biggest loss per case.
Other categories — including yield aggregators (services that automatically optimize yield investments such as lending), gaming and metaverse applications, NFTs, and centralized crypto asset platforms — reported no losses. The lending protocol was also unharmed.
｜Translation: coindesk JAPAN
｜Editing: Rinan Hayashi, Takayuki Masuda
｜Original: Crypto Investors Lost $54M to Rugpulls, Scams in May: Blockchain Security Firm De.Fi