DeFi Hacks Dominate May: $302 Million in Crypto Losses Reported

• The most notable incident was the Cetus exploit, which accounted for $223 million of the total losses
• Overall losses were lower by 16.9% when compared to April
• There were around 20 crypto hacks and incidents in May

The cryptocurrency sector experienced big security breaches last month, resulting in approximately $302 million in losses, predominantly due to DeFi exploits. The most notable incident was the Cetus exploit, which accounted for $223 million of the total losses.

The data was reported by CertiK (blockchain security firm), and it shows that the overall losses were lower by 16.9% when compared to April. Additionally, phishing scams dropped notably from $337 million to $47.6 million.

Apart from Cetus, there were around 20 crypto hacks and incidents in May, such as Cork Protocol ($12 million), BitoPro ($11.5 million), MobiusDAO ($2.1 million), Demex Nitron ($1 million), and so on.

Interestingly enough, it was stated that there was a decrease in losses stemming from code-related issues in recent years, underscoring the vital role of AI audits and proactive monitoring.

DeFi Vulnerabilities Persist; CeFi Also Faces Challenges

While DeFi platforms have implemented advanced security measures to mitigate risk, such as multi-party computation (MPC) and zero-knowledge proofs (ZKPs), the sector remains susceptible to elaborate exploits. 

In contrast, centralized finance (CeFi) platforms have faced increasing challenges, with losses surging to $694 million in 2024. This was primarily due to access control vulnerabilities and compromised private keys.

Cetus Exploit

Besides being the largest in May, the Cetus Protocol (decentralized exchange on the Sui blockchain) hack was also one of the biggest in history when it comes to DeFi. 

Reports say that the attacker exploited a vulnerability in Cetus’s smart contracts, specifically targeting a flaw in the ‘checked_shlw’ function responsible for overflow checks. This enabled the cybercriminal to manipulate liquidity calculations, allowing them to deposit minimal tokens and withdraw disproportionately large amounts from the liquidity pools.

It all happened rather quickly, with the hacker siphoning funds within a short timeframe. Reports seem to indicate that the portion of the stolen assets was converted into USDC and bridged to Ethereum, where they were further swapped for ETH.

In the immediate aftermath, Sui network validators acted swiftly to mitigate the damage. They successfully froze approximately $160 million of the stolen funds, preventing the attacker from accessing these assets.

In the end, all of these hacks emphasize the necessity of continuous advancements in security protocols and proactive measures to safeguard digital assets. Cybercriminals don’t rest, and the crypto industry should do all it can to, at the very least, reduce the impact of these malicious users.