In the first quarter of 2024, Web3 has seen a total of $336 million lost to hackers and fraud, with nearly half of the capital stolen in January alone. This represents a 23% decrease compared to the first quarter of 2023, according to a report by Immunefi. The team noted that almost $100 billion in capital has been locked across Web3 protocols as of March 2024, making it an attractive target for blackhat hackers. Despite the significant losses, $73,885,000 has been recovered from stolen Web3 capital in seven specific situations, including exploits from Munchables and Seneca.
The report by Immunefi looked at the volume of crypto funds lost due to hacks and scams in the first three months of the year. They found 61 incidents where blackhat hackers exploited crypto protocols or performed rug pull scams. In total, $336,311,217 was lost in the first quarter of 2024, with hacks responsible for $321,645,400 across 46 incidents, and fraud behind $14,665,817 in losses. While there was a decrease in losses compared to the previous year, most of the loss occurred in January, emphasizing the need to secure both code and protocol infrastructure in DeFi.
Decentralized finance (DeFi) remains the main target for exploits, accounting for 100% of the total losses in the first quarter of 2024. In contrast, centralized finance (CeFi) has not experienced any attacks during this period. Ethereum was once again the most targeted chain, with 33 incidents and 51% of the total losses across targeted chains. BNB Chain followed with 14 incidents and 22% of total losses. Together, Ethereum and BNB Chain accounted for over half of the chain losses in the first quarter of 2024, with other affected chains including Arbitrum, Solana, and Bitcoin.
Two projects, Orbit Bridge and Munchables, suffered the most significant losses in the first quarter of 2024, losing a total of $144,480,000. The exploits targeted the bridging service of Orbit Chain and the non-fungible token (NFT) game Munchables on the Ethereum layer 2 platform Blast. Hackers continue to lead the way in causing fund loss in the Web3 ecosystem, with hacks accounting for 95.6% of losses compared to 4.4% from fraud. Immunefi, a bug bounty and security services platform, protects over $60 billion in Web3 user capital and offers over $155 million in available bounty rewards.
In conclusion, the first quarter of 2024 has seen a significant amount of capital lost to hackers and fraud in the Web3 space. Despite a decrease in losses compared to the previous year, the sector continues to face challenges in securing user funds and protocols. DeFi remains the main target for exploits, with Ethereum and BNB Chain being the most targeted chains. The report by Immunefi highlights the need for increased cybersecurity measures to protect against hacks and fraud in the Web3 ecosystem.
