The protocol assured users that the remaining funds are safe, and it already has a reimbursement plan in development. Meanwhile, a report from Immunefi revealed that overall losses from crypto hacks have dropped 40% year-over-year, though centralized exchanges remain particularly vulnerable. Cyvers’ findings show that crypto losses in 2024 have already surpassed $2 billion.
Hackers Steal $2 Million from Bedrock
Bedrock, a multi-asset liquid staking protocol, confirmed that it was the victim of a security exploit involving uniBTC, which is a synthetic Bitcoin token used in decentralized finance (DeFi). The hack resulted in the loss of about $2 million in funds.
In a statement that was shared on Sept. 27 on X, Bedrock acknowledged the exploit and assured its users that the situation has been handled. The team is currently investigating the root cause of the incident and reassured users that all of the remaining funds are safe. Bedrock also announced that a reimbursement plan is already being developed and will be released soon, alongside a detailed post-mortem report.
According to the protocol, most of the losses happened in decentralized exchange liquidity pools. Bedrock also pointed out that the underlying wrapped Bitcoin (BTC) tokens and standard Bitcoin held in reserves were not affected by the exploit.
The platform offers synthetic tokens like uniBTC, uniETH, and uniIOTX to allow users to earn yield through staking, and it has attracted a lot of attention since its launch in February of 2023 by Singapore-based blockchain firm RockX. Its design focuses on appealing to institutional investors, and prioritizes Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.
Bedrock is currently ranked as the eighth-largest liquid staking protocol in the market, with over $243 million in total value locked (TVL), according to DefiLlama data. Liquid staking and restaking sectors have rapidly gained traction since the launch of the ETH restaking protocol Eigenlayer in April. Liquid restaking protocols now account for more than $11.4 billion in TVL.
Crypto Hack Losses Drop 40% in Q3 2024
Losses from crypto hacks and scams dropped by 40% year-over-year to $413 million in the third quarter of 2024, according to a report from blockchain security platform Immunefi. This is a big decrease from the $685 million lost during the same period in 2023, and a 28% reduction compared to the second quarter of this year.
Despite the overall decline, the third quarter still saw some major hacks. The largest was the $235 million hack of the WazirX crypto exchange, followed by a $52 million loss at BingX. These two incidents alone accounted for more than 69% of the total losses in Q3.
Top 10 Losses in Q3 of 2024 (Source: Immunefi)
Rug pulls and other fraudulent activities represented only a minor portion of the total losses, with only $3 million lost across three incidents. This was a decrease of 86.4% compared to the previous year.
Decentralized finance exploits also saw a sharp decline. Losses in DeFi amounted to about $103 million across 31 incidents. This was a 79.2% drop from the $500 million in losses that was recorded in Q3 2023. While DeFi saw more frequent incidents, centralized exchanges (CeFi) still faced larger-scale losses due to key management issues.
Immunefi’s founder, Mitchell Amadour, shared that private key management is still a very critical infrastructural challenge in CeFi, as centralized exchanges often suffering more severe consequences from a single exploit.
DeFi vs CeFi analysis (Source: Immunefi)
Crypto losses have been on a downward trend before Q2 of 2024, thanks to improved wallet software that better identifies scam addresses and warns users. While Q1 saw a 23% drop in losses, they spiked by 115% in Q2 due to private key hacks at centralized exchanges.
Overall, the report suggests that stronger key management policies and practices are essential to prevent these kinds of incidents in the future.
Crypto Hacks Cost the Industry $2+Billion in 2024 So Far
In 2024, losses from cryptocurrency hacks and scams have already surpassed the total losses from 2023, and reached an all-time high of $2.1 billion in the first three quarters, according to findings by Web3 cybersecurity company Cyvers. As was the case in Immunefi’s report, CeFi operators were hit especially hard, and experienced a 984% year-on-year increase.
A lot of the damage happened in the second quarter, where $401 million was lost, largely due to five major incidents. The largest of these was a $305 million hack on the Japanese exchange DMM, which involved a private key compromise. Turkish exchange BtcTurk also suffered a major loss of $55 million during the same period.
While CeFi saw a sharp rise in vulnerabilities, losses in the DeFi sector dropped by 25% year-on-year in Q2. However, DeFi is still very susceptible to attacks due to the complexity of smart contracts and decentralized protocols. In the first three quarters, DeFi losses totaled $1.6 billion across 51 incidents, while CeFi operators lost $742.6 million in 16 incidents during the same timeframe.
Smart contract vulnerabilities led to $380.4 million in losses across 79 incidents in 2024, which was a slight decrease from the $429.6 million lost in 28 incidents during the same period in 2023.
Cyvers believes it is extremely important to proactively address emerging threats in the cryptocurrency space, like AI-driven attacks and vulnerabilities related to quantum computing. The company also called for the implementation of cross-chain security protocols, real-time threat detection technologies, and stronger regulatory frameworks to mitigate these risks. Additionally, global regulators, including the International Organization of Securities Commissions, were urged to prioritize cybersecurity efforts as well.
Crypto CEO Accused of Paying Cops to Extort Victim
Crypto crime is not only limited to hacks and exploits. Federal prosecutors alleged that Adam Iza, the owner of the crypto trading platform Zort, Inc., paid Los Angeles Sheriff’s Department (LASD) deputies to access sensitive police information and use it to extort a victim for cryptocurrency.
According to an FBI affidavit that was filed in a Los Angeles federal court, Iza, who is also known as Ahmed Faiq and “The Godfather,” paid $280,000 a month to three LASD deputies for unlawful access to police data. Iza allegedly used this information to coerce an individual, identified only as E.Z., into handing over a laptop containing cryptocurrency.
Iza amidst to paying police (Source: CourtListener)
In one incident that was reported by the Riverside County Sheriff’s Department in November of 2021, E.Z. claimed that Iza tried to kidnap them to get access to their crypto. E.Z. fled the scene after being confronted by armed men, both of whom were former LASD deputies working for Iza. E.Z. later reported receiving intimidating messages showing their personal information from a police database, including photos of their family and car.
The FBI investigation revealed that one of the LASD deputies involved unlawfully included E.Z.’s phone number in a search warrant despite having no connection to the case at all. Payments to the deputies from Iza and his then-girlfriend’s businesses occasionally amounted to almost $200,000.
Iza sharing E.Z’s personal information (Source: CourtListner)
The complaint also alleges that Iza and E.Z. broke into another person’s home. Iza impersonated an FBI agent and stole a laptop containing cryptocurrency while holding the victim at gunpoint for the password. Iza has been charged with conspiracy against rights and tax evasion, and it is alleged he concealed tens of millions of dollars in income between 2020 and 2022.
This article was originally Posted on Coinpaper.com