Financial losses due to crypto frauds, breaches, and hacks reached approximately $1.53 billion in February, with the $1.4 billion Bybit breach constituting the majority of the losses, as reported by blockchain security company CertiK.
The attack on Bybit by North Korea’s Lazarus Group on February 21 marked the most significant crypto hack to date, surpassing the $650 million Ronin bridge breach from March 2022, “which was also executed by Lazarus,” CertiK indicated in a post on X dated February 28 .
The lost crypto in February signifies an astonishing increase of nearly 1,500% compared to the $98 million reported by CertiK in January. Nevertheless, if we exclude Bybit’s losses, the total remaining crypto losses for last month amounted to over $126 million, still reflecting a 28.5% rise.
Bybit experienced the most substantial loss in February, succeeded by stablecoin payment provider Infini, and then the decentralized lending platform ZkLend. Source: CertiK
Bybit disclosed that the attackers gained access to a storage wallet. The FBI subsequently confirmed industry analysis indicating that North Korea was responsible for the attack and had begun to convert the pilfered crypto and distribute it “across thousands of addresses on various blockchains.”
CertiK remarked that the second most significant event of the month was the February 24 breach of the stablecoin payment firm Infini that resulted in a loss of $49 million.
In a report dated February 27 , CertiK noted that a crucial wallet utilized in the assault had previously participated in the development of Infini contracts and had retained administrative rights to redeem all Vault tokens.
“The breach reveals a significant vulnerability, illustrating how administrative privileges can represent a single point of failure,” the report from CertiK states. “One critical principle of blockchain safety is the understanding of how to secure your private keys.”
The Infini team presented the hacker a proposal to keep 20% of the stolen assets if the remainder was returned, including an assurance that the hacker wouldn’t encounter any legal repercussions.
A timeline of 48 hours was established, which has long elapsed, and according to Etherscan, the wallet used by the hacker still holds a balance exceeding 17,000 Ether (ETH) valued at $43 million.
Source: Infini
No public disclosure has been made regarding whether the hacker intends to accept the proposal and return any funds.
Related: Bybit hackers resume laundering activities, moving another 62,200 ETH
The decentralized lending protocol ZkLend encountered the third largest breach in February, losing $10 million to hackers on February 12.
In summary, CertiK reports that the primary category for losses in February was wallet breaches, followed by code vulnerabilities, which caused $20 million in losses, and phishing attacks, which led to hackers pilfering $1.8 million.
Financial losses due to crypto scams, breaches, and hacks exhibited a downward trend in the concluding days of 2024, with December documenting the lowest amount stolen at $28.6 million, contrasted with $63.8 million in November and $115.8 million in October.
