DeFi protocols suffered substantial losses of $21.4 million from hacks in February, according to data from multi-chain TVL aggregator DefiLlama. This represents a staggering increase of 2,793% from the estimated total loss of $740,000 in January.
Apart from the pervasive market instability last year, the DeFi landscape was plagued by a surge of illicit activities, such as hacks and fraudulent schemes. According to a January report from Immunefi, losses incurred from hacks in 2022 amounted to $3.7 billion, representing a significant uptick of 58% from the previous year’s figure.
Notably, such hacks were rampant last October, with a staggering $711 million stolen. However, there was a consistent decrease from that month until the end of 2022. The new year started on a positive note. January registered only $740,000 in losses from exploits, the lowest monthly amount in the past two years.
However, February brought a resurgence of hacks, scams and rug pulls. The most significant fund loss came from the exploit on Avalanche’s Platypus DeFi protocol which suffered a flash loan attack on Feb. 16. The hackers carted away $8.5 million in stolen funds. Shortly after the exploit, French authorities arrested two suspects concerning the hack.
Other hacks from February include the dForce Network exploit ($3.6 million), the Hope Finance smart contract hack ($1.86 million), and the Orion protocol exploit ($3 million).
March has seen $840,000 stolen so far
Additionally, March began with a rug pull orchestrated by the newly-launched ArbiSwap platform, with $100,000 in stolen funds reported on March 2.
Moreover, PeckShield, a blockchain security resource, recently discovered a persistent exploit that has been ongoing since March 1. The hackers leveraged a vulnerability in the SwapXProxy token approval functionality by deploying a fraudulent phishing contract address.
PeckShield reported that the ongoing exploit has resulted in the theft of up to $700,000 within the past five days. The security platform has advised investors to revoke their allowance to four addresses that are believed to be associated with the exploit.