Q1 Crypto Attacks Up, Money Lost Is Down: Report

Though total losses are down 64% from 2022’s first quarter, the number of attacks has risen to its highest level in past two years, Immunefi data shows


Brian A Jackson/Shutterstock modified by Blockworks


The number of crypto attacks spiked during the first quarter, though the total losses accumulated over the span are down, according to a report by Web3 security platform Immunefi.

The two major exploits during the first three months of 2023 — ones that targeted Euler Finance and BonqDAO — accounted for $317 million of the $477 million seen during the quarter. 

The $477 million of crypto losses was considerably lower than the first quarter of 2022, in which roughly $1.2 billion was lost, according to Immunefi. 

“Projects have significantly increased their security measures through audits and bug bounties, but blackhats have kept pace,” Immunefi CEO Mitchell Amador said in a statement. “Losses are currently down, but mostly because the amount of funds in crypto has decreased, making hacks less devastating.”

Despite the drop in losses, the number of incidents has risen from 25 in 2022’s first quarter to 73 in the first three months of 2023. This increase reflects the highest quarterly activity the sector has seen in the past two years, Immunefi data shows.

The nearly 200% year-over-year increase could be “a random anomaly,” Immunefi communications lead Jonah Michaels told Blockworks. Or, he added, it could be a result of lower prioritization of security during the bear market and a growing hacker community attracted to the possibility of big gains.

“In the Web2 world, blackhats fight over databases of credit cards and other information that can be difficult to monetize,” Michaels said. “In the Web3 world, blackhats can steal hundreds of millions in the blink of an eye. It’s not hard to understand why they might be attracted to Web3.” 

The most targeted chains

BNB Chain is the most targeted chain, with 33 incidents last quarter. Ethereum followed with 22 incidents.

Adrian Hetman, Immunefi’s tech lead triager, said BNB Chain “lacks a security-first approach and attracts many users looking for a quick way to earn money.”

Attackers exploited BNB Chain last October for $100 million. While decentralized chains are not designed to be stopped, according to a BNB Chain statement at the time, it sought to limit the damage by contacting community validators one by one to halt transactions. The blockchain added it was seeking to expand the validators to boost further decentralization.

A BNB Chain spokesperson did not immediately return a request for comment Tuesday. 

Arbitrum, which had no incidents in last year’s first quarter, endured eight incidents in the months leading up to the launch of its ARB token, followed by Polygon and Optimism with five and three incidents, respectively.

“This quarter should reinforce the importance of security,” Michaels told Blockworks. “To projects, we would recommend they hire someone to focus on security full-time. To whitehat hackers, we would recommend that they double down on their efforts to responsibly disclose bugs before blackhats get their first.”

A rise in recovery

Euler was hit with a flash loan attack last month in what amounted to a $200 million exploit. 

The recovery of $177 million by Euler Finance and about $250,000 by SperaxUSD represent roughly 40% of the total losses endured during the first quarter. 

The recovery level is nearly equal to how much was recovered in all of 2022, making up about 5% of the nearly $4 billion lost last year. 

Euler notified its community Tuesday that additional funds had been returned, bringing the recovery totals up to about $200 million. 

“A plan for the restoration of user assets will be laid out in the coming days for review and consideration by the Euler community,” according to a company statement.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Templates.png


ZKPs enable efficient offchain transaction processing and validation, resulting in increased throughput and reduced fees. Solana's ZK Compression leverages ZKPs to minimize onchain storage costs, while Sui's zkLogin streamlines user onboarding by replacing complex key management with familiar OAuth credentials.


Plus, is Polymarket this cycle’s breakthrough mainstream app?


The crypto asset manager lowered its planned fee from 0.25% to 0.15%, undercutting its competitors


Plus, a look at planned ETH ETF fees and how they differ from their BTC counterparts


North Korea suspected in breach of Indian exchange’s multisig wallet


Plus, Sanctum’s CLOUD token has officially launched — but not without problems


It’s not yet clear whether Donald Trump is pumping bitcoin. But an unofficial memecoin is still seeing benefit.