Report: September Poised to Be Worst Month for Crypto Fraud with Record Amounts Stolen
Summary
- US $332 million ($505 million) worth of cryptocurrency was lost in September alone, with most of the losses coming due to the US $200 million ($313 million) Mixin Network exploit.
- The crypto industry lost more in Q3 2023 than it did in the first two quarters combined.
- Exploits and rug pulls accounted for the vast majority of losses over the past three months.
September has been one of the most brutal months in cryptocurrency’s history for scams and fraud, with Certik’s monthly security report stating that over US $332 million ($505 million) had been lost. As the crypto world clambers to find a solution to the growing prevalence of illegal activity, hackers and fraudsters are ramping up their efforts to siphon funds from the burgeoning industry.
Certik’s September Report
Certik’s report breaks down the source of hacks and frauds into three major categories – exit scams, flash loans and exploits. By far the biggest issue experienced in September was exploits, a form of attack typically associated with decentralised exchanges.
Of the US $329 million ($516 million) stolen via exploits, US $200 million ($313 million) came from the catastrophic hack of Hong Kong-based decentralised protocol Mixin Network. The exploit was made possible due to the database of a third-party cloud service provider becoming compromised. Google and blockchain investigator SlowMist have been employed to look into the hack in an attempt to recover lost funds.
Exit scams and flash loans weren’t as prominent, but still something that crypto users had to watch out for, with US $1.9 million ($3 million) and US $0.4 million ($0.6 million) stolen respectively.
Beosin Global Web3 Security Report for Q3 2023
While security data for September was rather grim, Beosin’s security report for 2023 Q3 painted an even worse picture. Over the past three months, approximately US $889 million ($1.4 billion) has been lost by crypto investors. This figure is more than the first two quarters combined (US $663 million – AU $1 billion). Once again, hacks were the biggest culprit, with US $540 million ($847 million) worth of digital assets stolen from various decentralised protocols. Of the eight biggest hacks in the last quarter, North Korea’s cybercriminal organisation Lazarus Group was responsible for half of them.
Rug pulls were another prominent form of fraud over the past three months, accounting for US $282.9 million ($443.8 million) in losses. However, it’s worth noting that nearly US $250 million ($392 million) of this figure occurred in July’s rug pull of cross-chain bridge Multichain.
How Can Investors Avoid Being Scammed?
All up, the report concluded that the prevalence of crypto scams is continuing to increase and the public must remain vigilant in the projects they attach themselves to. Beosin recommended investors watch out for cryptocurrencies that announce things like “internal disputes” and to “pay close attention to project’s latest activity in a timely manner”.
In addition, 22 of the 43 major attack incidents occurred due to smart contract bugs and exploitations. Therefore, it’s a good idea for investors to stick to protocols and platforms that receive regular smart contract audits – as decentralised projects without such rigorous inspections can become a target for hackers.