October saw $129.7 million in losses to cybercriminals. Crypto protocols and users were impacted tremendously due to sophisticated hacks.
Cybercriminals walked away with over $129.7 million after targeting crypto projects and users in October. The targeting manifested as exit scams, flash loan attacks, and exploits, according to Web3 cybersecurity firm CertiK.
The firm’s analysis reveals $1.2 million lost to exit scams, $1.5 million to flash loan attacks, and a whopping $127 million to exploits. Approximately $245,000 of those funds were returned by the cybercriminals.
Radiant Capital Hit With the Largest Hack
Out of those stats, the biggest loss belonged to Radiant Capital, a cross-chain lending protocol hit with a $50 million exploit. The hackers breached its BNB Smart Chain and Arbitrum implementations, siphoning away millions from the protocol. A post-mortem report from Radiant identified the hack to be highly sophisticated, targeting three of its core developers.
Despite them using hardware wallets and being from different parts of the world, the cybercriminals utilized a malware injection to get hold of their private keys. The rest was simple: the hackers used the keys to drain as much money as possible. Radiant believes more developers were targeted, while only three were successfully attacked.
The protocol revealed that the hack did not manifest in the front end, leading to its team not knowing it happened in real-time while the funds were being extracted silently via the backend. “The compromised devices presented no obvious warning signs beyond minor glitches and error messages during the signing process — issues commonly encountered when interacting with hardware wallets and Safe,” the post-mortem report read. “These seemingly routine error messages were the only indicators of a deeper issue, which, under normal circumstances, would not have raised immediate concern.”
Other major losses involved a crypto user losing 15,079 fwDETH to a phishing scam. That translates to about $36 million drained from their wallet on October 11 after the owner signed a permit phishing signature.
Cybercriminals’ relentlessness did not end just there. M2, a crypto exchange based out of the United Arab Emirates, suffered exploits across three wallets on the last day of October, resulting in $13.7 million worth of losses. Nevertheless, the exchange was appreciated for nipping the issue in the bud and ensuring its customers’ balances were restored soon after. The hackers extracted large amounts of BTC, ETH, and SOL from the exchange and immediately converted some of the proceeds to Ethereum-based wrapper tokens to launder via crypto mixers.
October’s cybercrime crypto losses topped what September saw, marking a 2.91% increase from the $127 million losses the latter witnessed.
