In recent weeks, the crypto market has been rocked by an unrelenting wave of rug pulls, exit scams, and hacks, leaving the community increasingly concerned. A report by blockchain security firm Beosin sheds light on the alarming increase in losses attributed to these malicious activities, surpassing even the losses from decentralized finance (DeFi) hacks in May.
The native token of cross-chain bridge Synapse (SYN) witnessed a dramatic drop in value on September 5, triggering shockwaves in the DeFi space with the latest rug pull. The crisis unfolded after an unidentified liquidity provider on the platform sold approximately 9 million SYN tokens and withdrew all stablecoin liquidity from the bridge.
While the official Synapse team acknowledged the withdrawal of liquidity, they were quick to clarify that no security breach had occurred. Interestingly, the mysterious liquidity provider was traced back to Nima Capital, a long-term partner of the project that had previously locked up an astonishing $40 million worth of liquidity in SYN.
The magnitude of the problem becomes even more apparent when considering the overall losses in the crypto space in 2023. According to CertiK, the losses have exceeded $997 million, encompassing numerous exploits, hacks, and scams. Flash loan attacks accounted for approximately $261 million of these losses, while exit scams claimed over $137 million, and exploits cost more than $596 million.
Although significant losses were also experienced in August, these figures indicate a notable decrease compared to the previous month, which witnessed a total loss of approximately $486 million. CertiK noted that the Multichain exploit alone contributed a significant $231 million to this total.
Another alarming example is Stake, a crypto-based sports betting company accused of experiencing significant asset outflows in a series of suspicious transactions, potentially indicating a serious security threat. The initial $15.7 million movement included 6,000 Ethereum ($9.8 million) and $5.9 million worth of stablecoins, raising concerns about the security of funds on such platforms.
Furthermore, a joint advisory report from government agencies in the United States and the United Kingdom warning crypto users of new malware designed to target wallets and exchanges adds to the growing list of concerns. Sandworm, a cyber warfare group affiliated with Russia’s military intelligence agency GRU, is associated with this virus.
The report revealed that compromised mobile devices were used to obtain information, including data from popular exchange applications such as Binance and Coinbase, further exacerbating security concerns.
In a year filled with security vulnerabilities, Web3 suffered staggering losses of $1.25 billion in 211 incidents in 2023. Newly launched Ethereum Layer 2 Base projects fell victim to major vulnerabilities, resulting in a loss of $23.4 million in August alone. According to a report by Web3 bug bounty platform Immunefi, the Base network staked by Coinbase became one of the most targeted chains in the crypto world, along with Ethereum and BNB Chain.
Amidst this troubling backdrop, a fake white hat known as Kankodu recently took responsibility for submitting a bug bounty report that mistakenly revealed a vulnerability in Euler Finance. This led to a surprising $200 million attack on the decentralized lending protocol in March. Kankodu expressed remorse, stating that reporting the fix for a bug I mentioned resulted in the discovery of a function responsible for the attack.
While DeFi projects have also fallen victim to security vulnerabilities and attacks, the losses resulting from rug pulls overshadow those from DeFi exploits, highlighting a concerning shift in hackers’ and scammers’ strategies as they increasingly target unsuspecting individual users.
As the crypto community grapples with an increasingly volatile and dangerous environment, caution and enhanced security measures have become crucial. The rise in rug pulls, exit scams, and cyberattacks serves as a stark reminder of the need for robust measures to protect against such malicious activities and safeguard both investments and confidence within the ecosystem.