Crypto lost to exploits, scams, hits $1.5B in February with Bybit hack: CertiK
Losses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for the lion’s share of losses, said blockchain security firm CertiK.
The Feb. 21 attack on Bybit by North Korea’s Lazarus Group was the largest crypto hack ever, more than doubling the $650 million Ronin bridge hack in March 2022, “which was also conducted by Lazarus,” CertiK said in a Feb. 28 X post.
February’s lost crypto amount is a nearly 1,500% jump from the $98 million recorded by CertiK in January. However, excluding Bybit’s losses, the remaining crypto losses last month totaled over $126 million, still a 28.5% jump.
Bybit had the largest loss in February, followed by stablecoin payment firm Infini and then the decentralized money lending protocol ZkLend. Source: CertiK
Bybit said that the attackers took control of a storage wallet. The FBI later confirmed industry reports that North Korea was behind the attack and had started to convert the stolen crypto and disperse it “across thousands of addresses on multiple blockchains.”
CertiK added that the second most significant incident of the month was the Feb. 24 hack on stablecoin payment firm Infini that stole $49 million.
In a Feb. 27 report, CertiK said a key wallet used in the attack had previously been involved in developing Infini contracts and had retained admin rights used to redeem all Vault tokens.
“The exploit highlights a major vulnerability, demonstrating how admin privileges can become a single point of failure,” CertiK’s report reads. “One fundamental aspect of blockchain security is understanding how to protect your private keys.”
The Infini team did offer the hacker a chance to hold onto 20% of the stolen loot if the remainder was returned, along with a guarantee that the hacker wouldn’t face any legal consequences.
There was a 48-hour deadline, which has long since passed, and according to Etherscan, the wallet used by the hacker still has a balance of over 17,000 Ether (ETH) worth $43 million.
Source: Infini
No public announcement has been made on whether the hacker plans to accept the offer and return any funds.
Related: Bybit hackers resume laundering activities, moving another 62,200 ETH
Decentralized money lending protocol ZkLend suffered the third-largest exploit for February, when it lost $10 million to hackers on Feb. 12.
Overall, CertiK says the top category for losses in February was wallet compromises, followed by code vulnerabilities, which resulted in $20 million in losses, and then phishing, which saw hackers steal $1.8 million.
Losses to crypto scams, exploits and hacks were declining in the final days of 2024, with December registering the smallest amount stolen at $28.6 million, compared to $63.8 million in November and $115.8 million in October.
Magazine: SCB tips $500K BTC, SEC delays Ether ETF options, and more: Hodler’s Digest, Feb. 23 –March. 1
