Losses to crypto scams, exploits, and hacks dropped to just $28.8 million in March, far from February’s spike to $1.5 billion in losses after the Bybit hack.
Code vulnerabilities accounted for the most losses, at over $14 million, while wallet compromises were used to steal over $8 million, blockchain security firm CertiK said in an April 1 post to X.
The most significant loss for the month was the $13 million March 25 smart contract exploit of the decentralized lending protocol Abracadabra.money.
After accounting for returned funds, a total of $28.8 million was stolen through exploits, hacks and scams in March. Source: CertiK
In a separate March 27 report, the blockchain security firm said, “The attacker was able to borrow funds, liquidate themselves, then borrow funds again without repaying them.”
“This was due to the liquidation process not overwriting records in RouterOrder that counted as collateral, allowing the exploiter to falsely borrow additional funds after liquidation,” CertiK said.
The protocols team has offered a 20% bounty, double the standard 10%, in exchange for the return of the funds, according to CertiK. So far, no public updates have been given on whether any funds have been returned.
The second highest monthly loss was restaking protocol Zoth after its deployer wallet was compromised and the attacker withdrew over $8.4 million in crypto assets.
March crypto losses reduced after hacker returned funds
Some of the stolen funds in March were returned. In total, CertiK says over $33 million was stolen for the month, but decentralized exchange aggregator 1inch successfully recovered most of the $5 million stolen in a March 5 exploit after negotiating a bug bounty agreement with the attacker.
The total figures, however, exclude an unknown Coinbase user who crypto sleuth ZachXBT claims lost 400 Bitcoin (BTC), worth $34 million. At the same time, ZachXBT said over $46 million could have been lost in March to phishing scams spoofing crypto exchanges.
Related: DeFi protocol SIR.trading loses entire $355K TVL in ‘worst news’ possible
Australian federal police said on March 21 that they had to alert 130 people of a message scam aimed at crypto users that spoofed the same “sender ID” as legitimate crypto exchanges.
X users also reported on March 14 of messages spoofing crypto exchanges trying to trick users into setting up a new wallet using pre-generated recovery phrases controlled by the fraudsters.
Magazine: Mystery celeb memecoin scam factory, HK firm dumps Bitcoin: Asia Express
