REPORT | Over $300 Million Lost to Scams and Hacks in Q1 2024 – 100% on DeFi and 51% on Ethereum

In Q1 2024, DeFi continues to be the main target for exploits, compared to CeFi. DeFi represented 100% of the total losses, while CeFi has not witnessed a single attack.

The cryptocurrency industry has incurred losses of $336.3 million due to hacks and scams during the first quarter of 2024 so far, says a new report by ImmuneFi, a Web3 bug bounty and security services platform.

With close to $100 billion in total value locked in Web3 protocols, DeFi continues to be a prime target for hackers. ImmuneFi’s report highlights that in Q1 2024, DeFi accounted for 100% of the exploits identified by the platform, contrasting starkly with centralized (CeFi) platforms, which reported zero exploits during the same period.

The bulk of the losses were attributed to just two projects, amounting to $144.5 million, which represents 43% of the total losses. The largest single attack, totaling $81.7 million, targeted the cross-chain bridge protocol Orbit Bridge, coinciding with New Year’s celebrations.

January 2024 stood out as the month with the highest losses in Q1 2024, tallying $133 million overall.

Wrapping up the quarter, a recent exploit of Blast-based NFT game, Munchables, amounting to $62 million, marked the second-largest attack. Notably, the funds were swiftly recovered within 24 hours after the hacker agreed to surrender the private keys to the wallet containing Munchables’ assets.

During Q1 2024, a total of $73.9 million (22% of the stolen funds) from seven exploits were successfully recovered. Additionally, there was a notable decrease in the number of attacks, with a decline of 17.6% from 74 in Q1 2023 to 61 in Q1 2024.

Nonetheless, the total losses of $336.3 million in Q1 2024 mark a 23.1% reduction compared to the losses of $437.5 million reported in the same quarter of the previous year.


“While it’s positive that overall losses have decreased, it’s essential to note that DeFi faced significant challenges, accounting for 100% of total losses in Q1 2024,” ImmuneFi founder and CEO, Mitchell Amador, said.

“Particularly, the ecosystem witnessed a considerable volume of losses due to private key compromises, emphasizing the critical need to secure both code and protocol infrastructure.”


Hacks overwhelmingly contributed to the losses, constituting 95.6% ($321.6 million) of the total across 46 incidents. In contrast, instances of fraud, scams, and rug pulls accounted for only 4.4% ($14.7 million) over 15 incidents.

Ethereum reclaimed its position as the most targeted chain, surpassing BNB Chain. Together, these two networks bore the brunt of the majority of total losses, accounting for a combined 73%.

ImmuneFi says it disbursed over $95 million in bounties and safeguarded more than $25 billion in user funds across various protocols such as Chainlink, The Graph, Synthetix, and MakerDAO.




Follow us on Twitter for latest posts and updates

Join and interact with our Telegram community