In May 2024, the industry suffered its biggest monthly losses ever, amounting to $107 million. However, June saw a drop to $78 million across 12 different incidents, which is a 27% reduction from the $107 million lost in June 2023. The Japanese exchange DMM Bitcoin took the biggest hit this quarter, losing $305 million to hackers. The exchange has since taken steps to reimburse customers affected by the incident. Other platforms affected include BtcTurk, Hedgey, Lykke, Gala Games and SonneFinance, with their combined losses totalling $164.2 million. Immunefi says that centralised crypto financial institutions were the most targeted, making up two-thirds of the successful attacks.
Grace Dees, a cybersecurity business analyst at Resonance Security, told Decrypt that centralised entities are often more vulnerable to hacks because they have large asset pools and centralised storage systems. "CEFi entities manage larger pools of assets than DeFi platforms, so they're more attractive targets for hackers," she said. Dees also pointed out that centralised repositories, wallets, private key management and security measures can create single points of failure, making it easier for hackers to access significant funds through a single breach. Dees also pointed out that regulatory pressure has made DeFi platforms take more precautions, which could make them less appealing to hackers.
Ethereum was the most exploited blockchain in the quarter, followed by the BNB chain and Arbitrum, which accounted for 44.4%, 25%, and 5.6% of incidents, respectively. Jonah Michaels, who handles communications at Immunefi, said that Ethereum is the main hub for DeFi activity and currently holds the highest amount of locked funds, making it the primary target for hackers. On top of that, Ethereum's linked to some big privacy chains and tech, which makes it easy for hackers to launder stolen funds. Altogether, $26,736,000 has been reclaimed from misappropriated funds in four cases, representing 5% of the total losses in Q2 2024.
