Q1 Crypto Attacks Up, Money Lost Is Down: Report

Though total losses are down 64% from 2022’s first quarter, the number of attacks has risen to its highest level in past two years, Immunefi data shows

article-image

Brian A Jackson/Shutterstock modified by Blockworks

share

The number of crypto attacks spiked during the first quarter, though the total losses accumulated over the span are down, according to a report by Web3 security platform Immunefi.

The two major exploits during the first three months of 2023 — ones that targeted Euler Finance and BonqDAO — accounted for $317 million of the $477 million seen during the quarter. 

The $477 million of crypto losses was considerably lower than the first quarter of 2022, in which roughly $1.2 billion was lost, according to Immunefi. 

“Projects have significantly increased their security measures through audits and bug bounties, but blackhats have kept pace,” Immunefi CEO Mitchell Amador said in a statement. “Losses are currently down, but mostly because the amount of funds in crypto has decreased, making hacks less devastating.”

Despite the drop in losses, the number of incidents has risen from 25 in 2022’s first quarter to 73 in the first three months of 2023. This increase reflects the highest quarterly activity the sector has seen in the past two years, Immunefi data shows.

The nearly 200% year-over-year increase could be “a random anomaly,” Immunefi communications lead Jonah Michaels told Blockworks. Or, he added, it could be a result of lower prioritization of security during the bear market and a growing hacker community attracted to the possibility of big gains.

“In the Web2 world, blackhats fight over databases of credit cards and other information that can be difficult to monetize,” Michaels said. “In the Web3 world, blackhats can steal hundreds of millions in the blink of an eye. It’s not hard to understand why they might be attracted to Web3.” 

The most targeted chains

BNB Chain is the most targeted chain, with 33 incidents last quarter. Ethereum followed with 22 incidents.

Adrian Hetman, Immunefi’s tech lead triager, said BNB Chain “lacks a security-first approach and attracts many users looking for a quick way to earn money.”

Attackers exploited BNB Chain last October for $100 million. While decentralized chains are not designed to be stopped, according to a BNB Chain statement at the time, it sought to limit the damage by contacting community validators one by one to halt transactions. The blockchain added it was seeking to expand the validators to boost further decentralization.

A BNB Chain spokesperson did not immediately return a request for comment Tuesday. 

Arbitrum, which had no incidents in last year’s first quarter, endured eight incidents in the months leading up to the launch of its ARB token, followed by Polygon and Optimism with five and three incidents, respectively.

“This quarter should reinforce the importance of security,” Michaels told Blockworks. “To projects, we would recommend they hire someone to focus on security full-time. To whitehat hackers, we would recommend that they double down on their efforts to responsibly disclose bugs before blackhats get their first.”

A rise in recovery

Euler was hit with a flash loan attack last month in what amounted to a $200 million exploit. 

The recovery of $177 million by Euler Finance and about $250,000 by SperaxUSD represent roughly 40% of the total losses endured during the first quarter. 

The recovery level is nearly equal to how much was recovered in all of 2022, making up about 5% of the nearly $4 billion lost last year. 

Euler notified its community Tuesday that additional funds had been returned, bringing the recovery totals up to about $200 million. 

“A plan for the restoration of user assets will be laid out in the coming days for review and consideration by the Euler community,” according to a company statement.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (1).jpg

Research

Jupiter has emerged as the undisputed liquidity backbone of Solana, commanding over 90% of spot DEX aggregation and 80% of perp trading volume. But behind the numbers lies a far more ambitious play: a cross-chain, vertically integrated super-app spanning swaps, synthetics, NFTs, memecoins, and launchpads. This report explores Jupiter’s rapid rise, the monetization upgrades reshaping its revenue profile, and the risks that could unwind its dominance, from token dilution to competition. With annualized revenues nearing $300M, the upside is undeniable, if it can navigate the turbulence.

article-image

Mining outfits have gone bust in the wake of prior halvings. Not so this time around.

article-image

Zora’s announcement that its token is for “fun only” sparked a debate about the need for such tokens

article-image

In recent weeks, Helium has hit new all-time highs while passing major protocol milestones

article-image

Financial advisers in a January survey said equity ETFs were their top choice for gaining crypto exposure in 2025

article-image

“Why put a target out there that’s really speculative, not knowing exactly where this environment is going to go?” CarMax CEO Bill Nash said

article-image

While the head of Base may support legal sex work, Coinbase policies prohibit said workers from using its exchange.