Crypto hacks dropped 44% YoY in January but surged ninefold from December

The crypto industry has begun the year with $73.9 million in losses due to 19 cyber attacks in January. Despite a 44% year-over-year drop in hacking incidents, the hacks grew ninefold month-over-month, according to the latest report from web3 bug bounty and security services platform Immunefi.

Although the situation looks dire, the figure is a huge fall compared to January last year, when hackers stole $133 million.

The crypto losses in January came from two major attacks. The most affected platform was a Singapore-based CeFi Phemex exchange, which hackers targeted and escaped with $69.1 million. The second incident was an exploit of the DeFi platform Moby Trade, which lost $2.5 million.

Other low-magnitude attacks were Orange Finance, IPC, UniLend Finance, The Idols NFT, Odos, Laura AI, Pika Infinity, and Sorra. There were no fraud-related cases in January.

Hackers exploited the Binance chain more than any other network

The month of January saw the Binance chain suffering the most. Of all the attacks, Binance accounts for 50% of the losses on the blockchain, with the platform exploited ten times. Ethereum was also vulnerable, accounting for 25% of the total attacks. Arbitrum and Base suffered two attacks each, followed by Optimism with a single attack.

On the other hand, centralized finance platforms were the most exploited, losing over $69 million, 93% of the total value lost in January. Decentralized finance appeared more secure, accounting for only 6.5%, with $4.8 million lost over 18 incidents.

While releasing the report, Mitchell Amador, founder and CEO of Immunefi, warned that CeFi platforms will be the most targeted platform by crypto bandits. He said. “The largest volume of losses will likely come from CeFi, as hackers target infrastructure, particularly through private key compromises. CeFi doesn’t generally suffer the most successful attacks, but when a breach occurs, it typically leads to catastrophic losses.”

Amador pointed out that the worst thing that can happen is for a hacker to get your private keys and then drain your account which is a major flaw of the CEFI. Whereas DeFi bugs are more common, the impact is small because not all the money is lost.

CeFi platforms are enhancing security to prevent exploitations

CeFi platforms are also vulnerable to phishing attacks and, therefore, require a multi-layer security approach. CeFi must factor in protective security protocols. It should also include security features that enhance key management, ensuring reduced reliance on a single private key. 

Furthermore, the platform must improve OpSec’s best practices, such as regular employee security training.

Amador also advised that the platforms should have bug bounty programs and real-time threat detection tools. These could be crucial in enhancing the security of these protocols and chains.

The Immunefi director advises the platforms to adopt these measures because they are already using them. The firm currently issues over $181 million worth of bug bounties for ethical hackers and manages over $190 billion worth of crypto user funds.

The firm has involved ethical hackers and researchers, paying them research bounties worth $112 million. The payouts began three years ago and are still critical. So far, the ethical hackers have come out with 3,000 bug bounty reports. The largest was a $10 million award for a vulnerability discovered in Wormhole’s cross-chain protocol.

Immunefi claims to operate the largest blockchain security community with more than 45,000 researchers, saving over $25 billion in user funds across protocols like Polygon, Optimism, Chainlink, The Graph, Synthetix, and MakerDAO (Sky) from being stolen.

Cryptopolitan Academy: How to Write a Web3 Resume That Lands Interviews - FREE Cheat Sheet