Losses Are 90% Lower Than Previous Quarter

More than $370M was lost to hacks and exploits during the first three months of 2023, down from a whopping $5B in the last quarter of 2022.

According to data from Rekt, $215M, or 57% of losses for the quarter, was stolen during the first three weeks of March. 

“It’s worth noting that January 2023 was one of the lowest months for hacks, with a total of $14.6 million lost, a sum that wasn’t registered in all of 2022,” said DappRadar. “This may be a positive sign that the industry is taking security more seriously and implementing better measures to prevent hacks and exploits.”

In 2022, losses cleared $1.1B in October and $3.9B in November, before dropping to $87M in December.

Euler Finance Fiasco

The $196M flash loan attack that targeted Euler Finance on March 13 accounts for more than half of the quarter’s losses.

Flash loans allow users to borrow funds from a DeFi protocol without collateral so long as the loan is repaid within the same block, eliminating any risk of the lending protocol sustaining losses. The technique is often used to facilitate arbitrage trades but also provides an avenue for opportunistic coders to perpetrate malicious exploits.

The hacker stole DAI, USDC, WBTC, and stETH from Euler using a multichain bridge that transferred assets between Ethereum and BNB Chain, before obfuscating the origin of the funds using Tornado Cash, a crypto mixing service.

However, the hacker has since returned the majority of the funds, having transferred roughly $177M worth of ETH and other assets back to Euler. On Monday, the attacker sent transactions to Euler containing encrypted messages apologizing for their actions and pledging to return the stolen assets.

BonqDAO Exploit

BonqDAO’s $125M oracle exploit in February was the quarter’s second-most expensive incident.

On Feb. 1, the attack’s perpetrator manipulated price data for the ALBT token on Bonq protocol, allowing the attacker to mint large sums of BEUR tokens against ALBT collateral. 

The hacker then swapped the ill-gotten BEUR for other tokens on Uniswap and walked away with around $10M in profits. They also triggered a wave of ALBT liquidations on Bonq after the token’s value crashed by half amid heavy selling.

Q1’s most expensive incidents also include the $45M CoinDeal fraud and the $16.5M taken by the Monkey Drainer phishing scheme.

BNB Chain Tops List By Number Of Exploits

BNB Chain remains the preferred chain for hackers and scammers, with Rekt identifying 18 incidents on the Layer 1 blockchain.

Ethereum ranked second with 10 hacks, despite representing the majority of Q1’s losses, while seven scams hit Arbitrum users amid anticipation for the Layer 2 network’s long-awaited airdrop. 

Rekt counts 47 incidents over the past three months in total. Smart contract exploits are the most popular form of attack this year, with 17. Rugpulls ranked second with eight, followed by flash loan attacks at six.