Crypto traders have lost $303 million worth of digital assets in cryptocurrency exploits and hacker attacks this month, security audit firm CertiK tweeted, putting July on track to be the worst month this year so far in terms of stolen value.
The report comes as decentralized finance (DeFi) investors are still reeling from this weekend’s exploit of decentralized exchange Curve Finance, a key infrastructure in the DeFi ecosystem. Since Sunday, Certik confirmed some $52 million in digital assets as having been siphoned from the protocol using a vulnerability in some versions of the popular smart contract coding language Vyper.
Earlier this month, roughly $125 million of assets were drained from blockchain bridging protocol Multichain. The platform then shuttered operations and said that Chinese authorities had detained chief executive Zhaojun in May.
Ari Redbord, head of legal and government affairs of blockchain intelligence firm TRM Labs, said in a CoinDesk TV interview in May that DeFi protocols are the most vulnerable parts of the crypto ecosystem, adding that exploits are still happening at an “unprecedented” speed and scale.
Of the $303 million this month, investors lost about $285 million in exploit attempts and hacks including the Multichain and Curve attacks, per CertiK’s data. Roughly $8.7 million of assets were drained abusing flash loans. This is a sophisticated exploit venue that lets traders borrow unsecured funds using smart contracts instead of third parties. These types of loans are legal, but attackers sometimes use them to manipulate the price of smaller, less liquid tokens for gains. The most notable example was DeFi protocol Conic Finance being drained of 1,700 ether (ETH), worth $3.26 million at the time, using flash loans.
Exit scams cost investors about $8.6 million. Otherwise known as “rug pulls,” these cons consist of developers hyping up a new project to raise money then draining liquidity.