Over $204 million was lost in decentralized finance (DeFi) hacks and scams in the second quarter of 2023, according to a June 27 report from Web3 portfolio app De.Fi.
The report, titled “Q2 De.Fi Rekt Report,” was partially based on data from De.Fi’s “Rekt Database.” Over $208.5 million was initially lost during the quarter, but $4.5 million was recovered through prosecutions, deals with hackers and other recovery methods.
According to the report, the number of DeFi hacks in Q2 rose by “almost 7 times” year-over-year, with 117 incidents during the period compared with only 17 in the same quarter of 2022. A total of over $665 million was lost during the first half of 2023.
The top five hacks of the second quarter were against Atomic Wallet, Fintoch, MEV-Boost, Bitrue and GDAC. The June 3 Atomic Wallet exploit was responsible for $35 million, or around 17% of the total. Fintoch users lost $30.6 million from its alleged rug pull, and the MEV-Boost attack was responsible for $26.1 million. Together, these three attacks resulted in over 45% of the total losses for Q2.
De.Fi reported that the most common cause of losses was “access control issues,” or issues where an attacker gained unauthorized control of a wallet. This was responsible for $75.8 million of losses, or a quarter of the total. The second most common cause was exploits, totaling $55.3 million. Users lost $47.3 million through rug pulls or exit scams in Q2, as well.
Losses from DeFi hacks and scams were actually smaller in Q2 than in Q1, with CertiK reporting in April that over $320 million was lost from January to March.