Decentralized finance (DeFi) platforms are now being targeted by black hat hackers, according to a report from Immunefi.

The decentralized trading landscape has reportedly lost $265 million, representing about a 225.4% increase from its 2022 mark.

Two Exploits Account for 49.6% Loss

Titled Immunefi’s Crypto Losses in Q2 2023, the report reiterated the persistent challenges faced by the cryptocurrency industry, specifically the escalating prevalence of cybercrime.

The bug bounty and security services firm boldly stated that hackers were increasing their attempts to get illicit gains from the nascent industry with a particular focus on the DeFi sub-sector.

According to the report, the second quarter of 2023 witnessed hackers pilfering over $265 million across 81 separate incidents.

Out of this, crypto frauds emerged as the most prominent form of attack, exhibiting a staggering 225.4% increase compared to last year.

In Q2 2023, crypto frauds alone accounted for losses surpassing $44.9 million, contrasting with the $13,818,000 recorded in 2022.

These criminal activities transpired in 18 separate incidents. In addition, the number of single incidents witnessed a significant year-over-year spike of 65.3%, escalating from 49 to 81 in Q2 2023, with an 11% increase noticed across the two quarters.

Out of the losses suffered by crypto businesses and individuals, hacks constituted the largest proportion, accounting for 83.1% of thefts.

In contrast, frauds, scams, and rug pulls collectively contributed to 16.9% of the overall impact.

Providing insights into the crypto hacking landscape, Immunefi stated that the exploits of self-custodial software wallet Atomic Wallet and the Fintoch rugpull accounted for a 49.6% loss of the total value.

Atomic Wallet was the subject of a crypto hack that saw over $100 million cleared off its platform by the North Korean-linked Lazarus Group.

On the other hand, the Fintoch event recorded about $31.6 million, putting both events at shy of $132 million.

The Fintoch platform had promised investors 1% in daily interest for holding their virtual assets on the DeFi protocol.

It appears the team behind the ponzi @DFintoch has likely exit scammed with 31.6m USDT on BSC after the funds were bridged to multiple addresses on Tron/Ethereum and

people reported being unable to withdraw Fintoch advertised 1% daily ROI & claimed to be owned by Morgan Stanley pic.twitter.com/UD3KKfkG97 — ZachXBT (@zachxbt) May 23, 2023

While DeFi has been a clear bait for bad actors, the centralized finance (CeFi) landscape also felt the brunt of the cybercriminals.

Crypto exchanges recorded a net loss of $37 million, which was segmented into only two incidents.

Although minimal, it is still a huge leap for the CeFi space, given that no crypto hack was recorded in Q2, 2022.

The figures are not all that bad across the board. DeFi losses are down by 65.9% from the same period last year, while hack-focused losses are down by 66.4%.

BNB and Ethereum Were the Most Impacted Chains

The report also shed light on the most impacted blockchain protocols.

Out of the top three protocols, BNB Chain and Ethereum recorded the most losses, with 76.5% of funds lost on-chain.

Arbitrum came in a distant third – although this is still worrying – with 10 incidents, representing 12.1% of total losses recorded across the chain.

Polygon and ZKSync recorded two incidents each, while the remaining chains, like Optimism, Terra, Sui Network, and others, picked up the 6.2% balance tab, all with single incidents.

Nonetheless, a certain amount of the stolen funds have been retrieved. According to Immunefi, over $10.4 million has been retrieved so far, but this is still a low figure as it represents about 3.9% of the stolen funds.

In a snapshot shared, the highest retrieved amount is $5.5 million for the Deus Finance project. Meanwhile, Atomic Wallet has only been able to retrieve $1 million from the stolen funds.

Cybercrime Losses Still Expected to Rise

Even with robust security measures, black hat hackers seem to find new and even more sophisticated means to fleece businesses and individuals of their data, funds, and identity.

According to Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to rise from $8.44 trillion in 2022 to $23.84 trillion in the next five years.

This is a record figure, and with more people turning to the crypto landscape, users will need to be particularly cautious with exposing their wallets and data to bad actors.

Commenting on the Crypto Losses report, Immunefi’s founder and CEO Mitchell Amador reiterated the need for crypto investors to properly vet projects before interacting with them. This is due to the growing sophisticated methods bad actors are employing.

