Table of Contents
- No Let Up From Major Exploits
- $20 Million Lost To Flash Loan Attacks
- Major Exploits And Scams In April
Crypto security and auditing firm CertiK has stated that crypto scams, exploits, exit scams, and flash loan attacks have resulted in a loss of $103 million during the month of April.
The figures were published during CertiK’s April roundup of crypto scams and exploits, bringing the total loss during the current year to $429 million.
No Let Up From Major Exploits
According to CertiK, April saw a barrage of major crypto exploits that hit the ecosystem.
“Combining all the incidents in April, we’ve confirmed ~$103.6M lost to exploits, hacks, and scams. Exit scams were ~$9.3M. Flash loans were ~$19.8M.”
The security and auditing firm listed out some of the major exploits, such as the $25 million lost thanks to an exploit of several MEV bots. This exploit occurred during the first week of the month, the 3rd of April to be precise. It also listed out an exploit where $22 million were stolen thanks to a hot wallet exploit that occurred at the Bitrue exchange and the hack of South Korea-based GDAC Exchange, which resulted in a loss of $13 million.
According to CertiK, April saw a total of around $74.5 million lost to crypto and DeFi exploits. This figure is close to half of the $145 million lost during the first four months of the ongoing year, according to CertiK.
$20 Million Lost To Flash Loan Attacks
CertiK also stated that April saw $20 million lost to flash loan attacks. The biggest contributor to this figure was Yearn Finance, which saw a hacker exploit a bug in an old smart contract on the 13th of April. CertiK also highlighted that $9.4 million were lost to exit scams in April. The most significant exit scam to occur during April was that of the Merlin DEX, which ended up losing $2.7 million.
CertiK has reported that it was investigating a “potential private key management issue” at the exchange on the 26th of April. This exit scam occurred after the Merlin DEX was audited by CertiK, which had warned the protocol about key centralization issues. Following the exploit, CertiK outlined a compensation plan and urged the rogue developer to return 80% of the stolen funds while offering a 20% white hat bounty.
According to data from De.Fi Rekt, April saw over 50 scams, hacks, crypto exploits, and rug pulls, with a significant chunk of these being meme coin rug pulls.
Major Exploits And Scams In April
There were several other prominent scams to hit crypto in April. On the 9th of April, decentralized finance (DeFi) protocol SushiSwap lost over $3 million thanks to a bug in one of its smart contracts. According to PeckShield, the approval function in SushiSwap’s Router Processor 2 contract was at the center of the unusual activity on the protocol. Ethereum Layer-2 blockchain Optimism also reported a significant security breach that involved Hundred Finance on the 17th of April. According to CertiK, Hundred Finance lost $7.4 million thanks to the exploit. While the protocol did not disclose the attack’s methodology, CertiK described it as a flash loan attack.
The most recent exploit to occur during April was that of Polygon lending protocol 0VIX. The protocol announced that it was temporarily suspending its Proof-of-Stake (PoS) and zkEVM operations thanks to an exploit that resulted in a loss of $2 million to the protocol. An investigation revealed that the exploit was possible thanks to the attacker using the vGHST token.
“0VIX is working with its security partners to look into the current situation that seems to be related to vGHST. As a result, POS and zkEVM markets have been paused. This includes pausing oToken transfers, minting, and liquidations.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.