The crypto industry was rocked to its core in April, with hacks and scams skyrocketing in value to an insane $364 million.
The majority of the stolen funds in April came from a highly targeted phishing attack against an elderly individual in the United States.
Despite the spike in losses, recovery efforts by ethical hackers helped recover around $18.2 million in April.
While April’s losses were huge, they were nothing compared to February’s $1.53 billion in losses.
The crypto industry was rocked to its core in April, with hacks and scams skyrocketing in value to an insane $364 million.
This marks a staggering 1,163% increase from the $28.8 million lost in March, according to a report from blockchain security firm CertiK.
The surge in total value lost was reportedly caused mostly by a single phishing attack that stole 3,520 Bitcoin from a single person.
This makes said event the fifth-largest crypto theft ever recorded.
The majority of the stolen funds in April came from a highly targeted phishing attack against an elderly individual in the United States.
Per reports, the victim lost 3,520 BTC (worth around $330.7 million at the time of the exploit), after an attacker used advanced social engineering tactics to access their wallet.
The report from CertiK | Source: Certik
The scale of this incident alone overshadowed all other exploits in April and caused the spike in the month’s overall figure.
When this one event is excluded from the overall, the total losses for April come down to around $34 million, which is still a 21% increase over the previous month.
Despite the spike in losses, recovery efforts by ethical hackers helped recover around $18.2 million in April.
One of the most noteworthy of these involved KiloEx, a DEX that suffered a $7.5 million exploit.
Interestingly, the attacker returned the full amount just four days after the incident after behind-the-scenes negotiations.
In the same vein, the ZKsync Association reclaimed $5 million worth of stolen tokens after an attack that targeted its airdrop distribution contract.
In this case, the hacker agreed to return the funds in exchange for a 10% bounty.
Meanwhile, Loopscale was exploited on 26 April through flaws in its token pricing mechanism.
The attacker initially stole $5.8 million worth of USDC and Solana tokens but then accepted a white hat bounty and returned the stolen assets.
While April’s losses were huge, they were nothing compared to February’s $1.53 billion in losses.
The largest incident during the month was a $1.46 billion exploit on Bybit from the Lazarus Group.
The second attack targeted Infini and drained a staggering $49.5 million from the protocol.
In comparison, March saw only $28.8 million in crypto losses.
One interesting trend in these monthly reports is the vulnerability of DeFi protocols. Despite growing awareness, many platforms still suffer from security loopholes in smart contracts, tokenomics and even front ends.
So far, phishing and social engineering attacks are becoming more and more pronounced in the crypto space, as seen by the massive Bitcoin theft in April.
The relatively successful recovery efforts in April raise an important question though.
Should the crypto industry be more open towards rewarding ethical hacking?
The three major recoveries from KiloEx, ZKsync and Loopscale showed attackers agreeing to return stolen funds in exchange for a bounty.
While this model is controversial, it could discourage full-scale thefts and allow more cooperation between attackers and victims, especially when millions of dollars are at stake.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.