Crypto Scams, Exploits and Hacks' losses totaled nearly $1.53 billion in February, with $1.4 billion in Bybit hacks making up the majority of the losses, said blockchain security company Certik.
The February 21 attack on Bybit by the North Korean Lazarus Group more than doubled the $650 million Ronin Bridge Hack in March 2022, and “it was also carried out by Lazarus,” he said in the X-Post on February 28th.
The lost code amount in February is a jump from the $98 million recorded by Certik in January, nearly 1,500%. However, excluding Bybit losses, the remaining crypto losses totaled over $126 million last month, a 28.5% jump.
Bybit caused the biggest losses in February, followed by Stablecoin Payment Firm Infini, followed by decentralized money lending protocol Zklend. sauce: certik
Bybit said the attacker controlled the storage wallet. The FBI later confirmed an industry report that North Korea was behind the attack, beginning to convert stolen cryptography and spread it out “over thousands of addresses on multiple blockchains.”
Certik added that the second most important incident of the month was the February 24 hack of Stablecoin Payment Firm Infini, which stole $49 million.
In a report on February 27th, Certik said that the critical wallets used in the attack were previously involved in the development of Infini contracts and held the admin rights used to redeem all vault tokens.
“The exploit highlights key vulnerabilities and shows how administrator privileges become a single point of failure,” reads Certik's report. “One of the basic aspects of blockchain security is understanding how to protect your private key.”
The Infini team provided the opportunity for hackers to hold 20% of the stolen loot.
According to Etherscan, there was a 48-hour deadline, which has passed for a long time. The wallet used by hackers still has a balance of 17,000 ether (ETH) worth $43 million.
sauce: Infini
There has been no public disclosure about whether the hackers will accept the offer and return the funds.
Related: Bibit Hackers resume washing activities and move another 62,200 ETH
Decentralized Money Lending Protocol ZKLEND suffered the third biggest exploit in February, losing $10 million to hackers on February 12th.
Overall, Certik said the top category of losses in February was wallet compromise, with code vulnerabilities resulting in $20 million losses, followed by hackers stealing $1.8 million, resulting in phishing.
On the last day of 2024, losses from crypto fraud, exploits and hacks decreased, stolen for $28.6 million in December, compared to $63.8 million in November and $115.8 million in October.
magazine: SCB Tips $500K BTC, Sec Delays Ether ETF Options, etc.: Hodler's Digest, February 23rd – March. 1
