In the month of April, the cryptocurrency community faced a series of scams, exploits, exit scams, and flash loan attacks, which resulted in a loss of $103 million, as reported by crypto security and auditing firm CertiK. This brings the total loss for the year up to $429 million.
Several significant exploits took place during April, such as the $25 million heist due to an exploit of multiple MEV bots, a $22 million hot wallet exploit at Bitrue exchange, and the $13 million GDAC Exchange attack. In total, CertiK estimates that about $74.5 million was lost to crypto and DeFi exploits in April, which is nearly half of the $145 million lost in the first four months of 2021.
Moreover, flash loan attacks appeared to be gaining momentum, accounting for $20 million in losses. The most notable flash loan attack took place on Yearn Finance, where a hacker exploited a bug in an old smart contract. Additionally, CertiK highlights that April saw $9.4 million lost to exit scams, with Merlin DEX’s $2.7 million loss being the most significant.
Exit scams such as the Merlin DEX occurred even after being audited by CertiK. In response, the firm proposed a compensation plan and a 20% white hat bounty for the rogue developer if they returned 80% of the stolen funds.
The crypto space experienced over 50 scams, hacks, exploits, and rug pulls in April alone, with a significant portion being meme coin rug pulls. Among these prominent scams, SushiSwap lost over $3 million due to a smart contract bug, while Ethereum Layer-2 blockchain Optimism and Hundred Finance experienced a security breach that resulted in $7.4 million in losses.
As the month closed, Polygon lending protocol 0VIX announced a suspension of its Proof-of-Stake (PoS) and zkEVM operations due to an exploit causing a $2 million loss. The attacker allegedly used the vGHST token and, as a result, the protocol paused oToken transfers, minting, and liquidations.
In conclusion, the month of April has shown that despite attempts to mitigate risks, the crypto and DeFi ecosystems are still vulnerable to a wide range of scams and exploits. As the industry matures, it is crucial for protocols, exchanges, and other stakeholders to work together in enhancing security measures to avoid further losses and fostering trust among users.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.