Crypto exploits, exit scams and flash loan attacks saw little signs of letting up in April, with more than $103 million of funds stolen from crypto projects and investors in the month.
On April 30, crypto security and auditing firm CertiK posted an April roundup of crypto exploits, scams and hacks, revealing total funds lost in April was $103.7 million, bringing the total year-to-date loss to $429.7 million.
The month was particularly marred with major crypto exploits, such as $25.4 million lost due to an exploit of several MEV trading bots on April 3, $22 million stolen in a hot wallet exploit at the Bitrue exchange and the hack of South Korean GDAC exchange leading to a loss of $13 million.
The total lost to crypto and DeFi exploits in the month amounted to $74.5 million, making up around half of the total $145 million exploited in the first four months of the year, according to CertiK.
The month also saw around $20 million lost to flash loan attacks, led mainly by Yearn Finance after a hacker exploited an old smart contract on April 13.
The blockchain security firm noted that total funds lost to exit scams reached $9.4 million in the month, with the top exit scam for the month being Merlin DEX, which lost $2.7 million. On April 26, CertiK reported that it was investigating a “potential private key management issue” at the exchange.
Furthermore, the exit scam occurred after the protocol was audited by CertiK, which warned about centralization issues. CertiK launched a compensation plan following the attack in which it urged the rogue developer to return 80% of the stolen funds with a 20% white hat bounty offered.
According to De.Fi’s Rekt Database, there were over 50 crypto exploits, scams, hacks and rug pulls in April. Moreover, a large portion of them was memecoin rug pulls.
The most recent was the Polygon-based Ovix protocol, which lost $2 million in a flash loan attack on April 28.