In April alone, hackers stole more than $370 million in crypto from several web3 projects, according to a cybersecurity firm, with nearly $100 million being stolen over the weekend.
In the last month, there were 31 hacks affecting crypto or web3 projects, including Beanstalk, Fei Protocol, Deus Finance, and Bored Ape Yacht Club, according to a tally by CertiK, a company that specializes in cybersecurity in the crypto space. These hacks were of different kinds, from exploiting protocols to phishing users directly.
Just over the last weekend, decentralized finance (DeFi) platforms Saddle Finance and FEI Protocol (which merged with Rari Capital last year) were hacked and lost $10 million and $80 million, respectively. Saddle’s hack could have been worse, as cybersecurity company BlockSec took advantage of the same vulnerability the hackers used to secure almost $4 million in crypto, according to Saddle.
Fei Protocol offered $10 million as a bounty to the hacker if they return the stolen funds.
“To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds,” Fei Protocol wrote on Twitter.
Do you have information about other crypto hacks? Do you research vulnerabilities on cryptocurrencies and their networks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email firstname.lastname@example.org
Saddle is trying to do the same. On Twitter, the company wrote that it is trying to reach out to the hacker “to negotiate a bounty.”
“**If you are the attacker please DM us to discuss**,” the company wrote.
While this may seem like a pointless and desperate attempt to recover the stolen funds, such tactics have worked in the past. Last year, after stealing a whopping $600 million from cryptocurrency platform Poly Network, a hacker whom the company called “Mr. White Hat” eventually returned all the money. Earlier this year, a hacker who stole more than $3 million from users of blockchain service Multichain offered to return 80% of the stolen funds to the victims—and they eventually returned some of the stolen money.
Since the beginning of this year, crypto hackers have stolen $1.6 billion, counting the $1.3 estimated by Chainalysis in the first three months, and the April total.
Subscribe to our cybersecurity podcast, CYBER.