Crypto Scam and Exploit Losses Fall to $28.8M in March Following February Surge

In March, losses from crypto scams, exploits, and hacks fell to $28.8 million, a significant drop from February's surge to $1.5 billion following the Bybit hack. According to blockchain security firm CertiK, code vulnerabilities led to the largest losses, totaling over $14 million, while wallet compromises accounted for more than $8 million in theft. The biggest incident of the month was the $13 million smart contract exploit of decentralized lending protocol Abracadabra.money on March 25.

After accounting for returned funds, a total of $28.8 million was stolen through exploits, hacks and scams in March. Source: CertiK

In a separate report on March 27, CertiK explained that the attacker exploited a flaw in the liquidation process of Abracadabra.money. The attacker was able to borrow funds, trigger a liquidation, and then borrow again without repaying the initial loan. This occurred because the liquidation process failed to overwrite records in RouterOrder, which were mistakenly counted as collateral, enabling the attacker to falsely borrow additional funds after the liquidation.

The team behind Abracadabra.money has offered a 20% bounty, double the standard 10%, in exchange for the return of the stolen funds, according to CertiK. However, no public updates have been provided about whether any funds have been returned as of now.

The second-largest loss in March occurred with the restaking protocol Zoth, which suffered a wallet compromise. The attacker managed to withdraw over $8.4 million in crypto assets.

Although March’s total losses amounted to over $33 million, some funds were recovered. Notably, decentralized exchange aggregator 1inch successfully retrieved most of the $5 million stolen in a March 5 exploit after negotiating a bug bounty agreement with the attacker.

The reported losses do not include an unknown Coinbase user who, according to crypto investigator ZachXBT, lost 400 Bitcoin (worth $34 million). Additionally, ZachXBT reported that phishing scams impersonating crypto exchanges could have led to over $46 million in losses.

On March 21, Australian federal police warned 130 individuals about a message scam targeting crypto users, using spoofed sender IDs of legitimate crypto exchanges. Similarly, on March 14, X users reported receiving messages pretending to be from crypto exchanges, attempting to trick users into setting up new wallets with pre-generated recovery phrases controlled by the fraudsters.