Exploits, Hacks, and Scams Deplete Crypto Holdings by $332 Million in September: CertiK

The crypto market may have failed to post a bullish breakthrough in September, but that did not stop malicious entities from stealing funds.

According to the latest stats by CertIK, approximately $332 million in various digital assets has been lost to exploits, hacks, and scams in September

September Sees Record-Breaking Losses

Funds pilfered by exit scams were recorded to be around $1.9 million, while flash loans accounted for almost $0.4 million. Crypto-related exploits, on the other hand, stood at a whopping $329.8 million, according to the latest infographic shared by the blockchain intelligence platform.

CertiK attributed the largest portion of this month’s losses to the September 23rd attack on the Mixin Network, a Hong Kong-based decentralized cross-chain transfer protocol. This breach resulted in a $200 million loss, primarily due to a security breach within its cloud service provider.

#CertiKStatsAlert 🚨

Combining all the incidents in September we’ve confirmed ~$332M lost to exploits, hacks and scams.

Exit scams were ~$1.9M

Flash loans were ~$0.4M

Exploits were ~$329.8M

See more details below 👇 pic.twitter.com/DMFN9LWU8V

— CertiK Alert (@CertiKAlert) September 30, 2023

CoinEX suffered the second-largest major attack with $53.1 million in losses. North Korea’s notorious state-backed Lazarus Group was speculated to have orchestrated the attack. Other major incidents for the month were Stake.com and crypto exchange HTX, which are trailing closely behind with $41 million and $7 million, respectively, in losses.

Q3 Worst Hit By Crypto Exploits

Zooming out, September not only topped in crypto-related exploits but also solidified the third quarter as the worst-hit period for the crypto industry in terms of losses. According to another blockchain security firm, Beosin’s Global Web3 Security Report, crypto projects lost approximately $889 million to hacks, phishing scams, and rug pulls in Q3.

There were 43 significant attacks that led to a total loss of roughly $540.16 million. Within this, phishing scams contributed to losses of about $66.15 million, while 81 rug pulls resulted in a combined loss of approximately $282.96 million.

In Q3, the losses surpassed the cumulative total for the first two quarters of 2023. They amounted to approximately $330 million in Q1 2023 and $333 million in Q2 2023, ultimately soaring to $889.26 million in Q3.

DeFi continues to be the most targeted sector, with 29 attacks comprising 67.4% of the total incidents. Among various project types, public chains experienced the greatest losses, with Ethereum bearing the brunt, accumulating losses of $227 million. Ethereum also endured the highest frequency of attacks, totaling 16 incidents.

Additionally, there were 9 instances of private key compromises during this quarter, resulting in the most substantial losses among attack types, reaching $223 million.