De.Fi reports crypto investors lost $54M to rugpulls and scams in May.

In May 2023, the cryptocurrency market suffered from a series of scams and hackings, resulting in a total loss of over $54 million, according to a report by security firm De.Fi. This amount is almost half of the $101.5 million loss in April, indicating that users and developers are implementing better security measures. Unfortunately, no funds were recovered in May, whereas $2.2 million was recovered in April.

The majority of the incidents occurred within the BNB Chain ecosystem, with losses exceeding $37 million across ten cases. Ethereum-based projects experienced the least number of exploits, with losses just over $2 million.

Among the top ten cases, Fintoch suffered the highest loss of $31.7 million due to a smart contract exploit. Jimbo Protocol on Arbitrum experienced a loss of $7.5 million due to a rugpull, while Deus Finance on BNB lost $6.2 million in a smart contract exploit.

Other notable cases included Tornado Cash, Mother, WSB Coin, Linda Yaccarino, Block Forest, SNOOKER, and land, with losses ranging from $145,000 to $733,000.

Rug pulls remained the most prevalent type of cryptocurrency scam, accounting for twelve cases and losses totaling $37 million. There were nine cases of exploits resulting in losses of $8.8 million, while flash loan attacks, although less frequent with five cases, still resulted in significant losses totaling $8.9 million. Exit scams were responsible for two cases, resulting in a loss of $177,000.

A “rug pull” is a type of cryptocurrency scam where the developer or developers gain legitimacy on social media, hype up a project, raise a significant sum of money, and then drain liquidity after that project’s tokens are first offered to the public.

Flash loans, on the other hand, are a more sophisticated type of exploit that allows traders to borrow unsecured funds from lenders using smart contracts instead of third parties. Attackers typically take out flash loans to manipulate the prices of a project’s token, where the smart contract is unable to detect the manipulation, and then drain treasury funds.

Governance tokens were the most commonly targeted category, with 19 cases reported and losses totaling $3.3 million. Decentralized exchanges (DEX) were targeted in three cases, resulting in losses of $4 million. Stablecoins recorded the highest amount lost, reaching $6.2 million in a single case.

Other categories, such as yield aggregators, gaming and metaverse applications, non-fungible tokens (NFTs) and centralized crypto platforms reported no losses during this period. Borrowing and lending protocols remained unaffected as well.

This article was edited by Parikshit Mishra.