A recent report from Beosin, a blockchain security firm, revealed that in the last month, losses due to exit scams and rug pulls were greater than those from decentralized finance (DeFi) attacks and exploits. In May, losses from exploits were 79% lower than in April, demonstrating a continued decline for two consecutive months.
Losses Due to Rug Pulls Exceed DeFi Exploits
In May, rug pulls caused over $45 million in crypto asset losses across six incidents. The largest exit scam was Fintoch, a DeFi lending protocol suspected to be a Ponzi scheme, which disappeared with 31.6 million USDT ($31.6 million) in user funds on May 24. The second-largest rug pull amounted to approximately $5.9 million, stolen by Inferno Drainer, a multi-chain scam service provider, affecting about 5,000 victims. The developers of the decentralized exchange (DEX) Swaprum executed another noteworthy rug pull on May 19, withdrawing $3 million in Ether (ETH) tokens from the protocol’s liquidity pools.
On the other hand, DeFi exploits caused $19.6 million worth of stolen crypto assets. The largest exploit occurred on the Arbitrum-based liquidity protocol Jimbos, which compromised over 4,000 ETH worth about $7.5 million. The Ethereum-based crypto mixer Tornado Cash was also hacked, resulting in losses of roughly $2 million.
DeFi protocol Deus Finance, which has been attacked multiple times, was targeted again on May 5, using a public burn vulnerability on its stablecoin DEI (DEI). The attacker exploited the DEI token contracts on the BNB Smart Chain (BSC) and Arbitrum network and stole more than $6 million.
Increasing Awareness to Prevent Fraud
The blockchain security firm also noted an increase in hardware wallet-related security incidents in May. Beosin warns against a new type of coin theft that involves shared or public charging devices to implant malicious programs to steal private keys.
“The amount involved in rug pulls exceeded that in attacks this month, and new ways of stealing coins such as using shared rechargeables to steal private keys also emerged. Hackers and scammers are gradually shifting their attacks from various project parties to ordinary users,” Beosin said.
The firm recommends that users increase their awareness of anti-fraud measures, learn various methods to secure their assets, and conduct due diligence on projects before investing in them. The largest exit scam in May was executed by Fintoch, which absconded with users’ funds worth $31.6 million.
