Losses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for the lion’s share of losses, said blockchain security firm CertiK.
The Feb. 21 attack on Bybit by North Korea’s Lazarus Group was the largest crypto hack ever, more than doubling the $650 million Ronin bridge hack in March 2022, “which was also conducted by Lazarus,” CertiK said in a Feb. 28 X post.
February’s lost crypto amount is a nearly 1,500% jump from the $98 million recorded by CertiK in January — but excluding Bybit’s losses, the remaining crypto losses last month totaled over $126 million, still a 28.5% jump.
Bybit had the largest loss in February, followed by stablecoin payment firm Infini and then the decentralized money lending protocol ZkLend. Source: CertiK
Bybit said that the attackers took control of a storage wallet. The FBI later confirmed industry reports that North Korea was behind the attack and had started to convert the stolen crypto and disperse it “across thousands of addresses on multiple blockchains.”
In a Feb. 27 report, CertiK said a key wallet used in the attack had previously been involved in developing Infini contracts and had retained admin rights used to redeem all Vault tokens.
“The exploit highlights a major vulnerability, demonstrating how admin privileges can become a single point of failure,” CertiK’s report reads. “One fundamental aspect of blockchain security is understanding how to protect your private keys.”
The Infini team did offer the hacker a chance to hold onto 20% of the stolen loot if the remainder was returned, along with a guarantee that the hacker wouldn’t face any legal consequences.
There was a 48-hour deadline, which has long since passed, and according to Etherscan, the wallet used by the hacker still has a balance of over 17,000 Ether (ETH) worth $43 million.
Overall, CertiK says the top category for losses in February was wallet compromises, followed by code vulnerabilities, which resulted in $20 million in losses and phishing, which saw hackers steal $1.8 million.
Losses to crypto scams, exploits and hacks were declining in the final days of 2024, with December registering the smallest amount stolen at $28.6 million, compared to $63.8 million in November and $115.8 million in October.
