CertiK records historic low with exploits and scams amounting to $25M in April.

April witnessed a remarkable decline in losses from crypto hacks and scams, as revealed by a report from Certik, a blockchain security platform. The report, seen by Cointelegraph, disclosed that only $25.7 million was lost due to attacks throughout the month, marking the lowest amount since CertiK began tracking this data in 2021.
According to the report, losses from hacks, exploits, and scams decreased by 141% compared to the previous month. This decline can be primarily attributed to the absence of private key compromises. In March, there were 11 attacks on protocols through private key compromises, whereas in April, there were only three.


Source:
CertiK
While this news brings relief to crypto users, there were still some notable hacks and scams during the month resulting in losses of hundreds of thousands or even millions of dollars. Memecoin Condom, for instance, “advertised a presale address on the Solana network” and exploited unsuspecting users to drain funds, resulting in the loss of approximately $933,000 worth of crypto.
Another significant hack occurred on April 1, when Bitcoin Lightning Network exchange FixedFloat suffered a loss of around $3 million. This was the second attack on FixedFloat in 2024, with the previous incident occurring in February.
Out of the total reported losses of $25.7 million for the month, a substantial portion, amounting to $21 million, was attributed to exploits. Only three of these breaches caused damages exceeding $1 million. Flash loan attacks resulted in $129,000 in losses, with the largest single incident causing $55,000 in damages. CertiK noted that this marked the lowest occurrence of flash loan attacks since February 2022. Additionally, there were 13 exit scams in April, reflecting a 40% decrease compared to March.
CertiK clarified that these figures did not include ZKasino, a project that hindered investors from withdrawing their deposited funds. Although the report considers the project to be embroiled in controversy, it has not yet labeled it as a scam. The security platform stated that it would update its figures if ZKasino is confirmed to be engaging in nefarious activities. ZKasino further aggravated its users when it transferred funds to the Lido protocol on April 22.
Shortly after CertiK’s report was published, the decentralized finance app Yield Protocol fell victim to an exploitation resulting in losses of $181,000. Yield had already been officially shut down by its developer, but due to the unchangeable nature of smart contracts, some users could still interact with them.
Magazine:
DeFi’s billion-dollar secret: The insiders responsible for hacks