The month of September has been one of the worst for cryptocurrencies in terms of cybersecurity incidents. According to data from the cryptocurrency-focused security data company CertiK, last month saw losses of approximately $332 million in hacking attacks, scams, and exploits. This amounts to approximately R$1.6 billion in the current exchange rate.
“Exit scams” accounted for approximately $1.9 million (R$9.6 million) of these losses. In the world of cryptocurrencies, an exit scam refers to a practice where the operators of a cryptocurrency project or platform abruptly shut down their operations and disappear with investors’ funds.
Meanwhile, flash loan attacks resulted in losses of approximately $400,000 (or R$2 million). Flash loans allow for the borrowing of a large amount of cryptocurrency without collateral, as long as the funds are returned in the same transaction. While this activity is not illegal, as it is intended for arbitrage trading and capital efficiency improvement, hackers regularly abuse flash loans to exploit vulnerabilities in crypto protocols.
Lastly, exploits (vulnerability exploitations in cryptocurrency protocols) accounted for approximately $329.8 million (R$1.7 billion). When considering only this type of incident, September was the worst month of the year, according to CertiK.
According to CertiK’s post on the social network X (formerly Twitter), combining all the incidents of the month, Mixin Network experienced the largest losses after a $200 million attack on September 25. The protocol even offered a $20 million reward to recover some of the stolen funds from the hackers. However, it seems that the hacker was not interested in negotiating a deal.
Other notable incidents in September included the $53.1 million hack on CoinEX, the $41 million attack on Stake.com, and a $24.2 million phishing attack.
In total, the incidents in September brought the annual total of cryptocurrencies lost to hackers to over $1.3 billion (R$6.6 billion).