Crypto exploits, exit scams and flash loan attacks showed little sign of stopping in April, stealing more than $103 million from crypto projects and investors that month.
On April 30, crypto security and auditing firm CertiK released its roundup of crypto exploits, scams, and hacks for April, showing that lost funds totaled $103.7 million in April, bringing year-to-date total losses to $429.7 million.
The month was particularly impacted by major crypto breaches, such as the loss of $25.4 million on April 3 due to a bug in several MEV trading bots, the theft of $22 million from a hot wallet bug on the Bitrue exchange, and the loss of $22 million from South Korea's GDAC exchange. The hack resulted in a loss of $13 million. According to CertiK, losses from crypto and DeFi exploits totaled $74.5 million that month, roughly half of the $145 million worth in the first four months of the year.
It also lost about $20 million this month to flash loan attacks, mostly caused by Yearn Finance after hackers exploited old smart contracts on April 13. The blockchain security firm noted that the total amount of funds lost to exit scams reached $9.4 m million for the month, with the biggest exit scam of the month being Merlin DEX, which lost $2.7 million. On April 26, CertiK reported that it was investigating a “potential private key management issue” at the exchange.
Additionally, the exit scam occurred after an audit of the protocol by CertiK, which warned of centralization issues. CertiK launched a compensation plan after the attack, in which it urged the rogue developers to return 80% of the stolen funds and offer a 2 0% white hat bounty. According to De.Fi's Rekt database, more than 50 cryptocurrency exploits, scams, hacks and frauds occurred in April. Also, a large part of this is memecoin rug pulling.
The most recent was Polygon-based Ovix protocol, which lost $2 million in a flash loan attack on April 28.
