Crypto vulnerabilities, exit scams, and flash loan attacks continued in April, with over $103 million taken from crypto companies and investors. CertiK, a crypto auditing and security business, published its April summary of crypto vulnerabilities, scams, and hacks on April 30, reporting a total loss of $103.7 million in April, increasing the year’s total loss to $429.7 million.
The month was notably marred by major crypto exploits, such as $25.4 million lost due to the exploitation of several MEV trading bots on April 3, $22 million taken in a hot wallet vulnerability on exchange Bitrue, and a $13 million loss due to the South Korean exchange GDAC breach.
According to CertiK, the amount lost from crypto and DeFi exploits in the month was $74.5 million, accounting for more than half of the $145 million total uncovered in the first four months of this year.
Additionally, around $20 million was lost to flash lending attacks throughout the month, mostly by Yearn Finance, when a hacker exploited an obsolete smart contract on April 13.
The blockchain security firm says that the total cash lost due to exit scams reached $9.4 million in a month, with Merlin DEX losing $2.7 million as the top exit scam. CertiK said on April 26 that it was looking into exchanges for “potential private key management issues.”
In addition, exit fraud occurred after CertiK audited the protocol and warned about centralization issues. Following the attack, CertiK launched a compensation plan urging rogue developers to return 80% of the stolen funds in exchange for a 20% white hat bounty.
In April, there were more than 50 crypto exploits, scams, hacks and tapestry withdrawals, according to De. Rekt Fi Database. Besides, most of them are memecoin carpet pulls.
The latest is protocol-based Ovix Polygon, which lost $2 million in an April 28 flash loan attack.