Exit Scams Surge Dramatically in February, Surpassing $58 Million in Losses

The mysterious withdrawal of $56.5 million from BitForex users' deposits emerged as the most significant security incident affecting the Web3 community last month

Thieves running away with Bitcoins
Risk on Blast was yet another massive exit scam, resulting in a loss of nearly $1.3 million

Blockchain cybersecurity firm CertiK has calculated the losses experienced by Web3 projects and cryptocurrency users in February, noting a minor decline in damage caused by phishing scams compared to January. However, the total amount of stolen funds remains significant, reaching nearly $160 million. According to CertiK, the Web3 community has already lost over $343.5 million this year.

Last month witnessed an unexpected shift in statistics. The number of rug pulls and their magnitude surged, leading to losses that surpassed $58 million, over fourteen times more than the total damage inflicted by exit scams in January, estimated at only $4.1 million. Meanwhile, the amount of money stolen in flash loan attacks declined significantly, totaling less than $0.2 million, whereas, in January, this type of exploit was responsible for the loss of nearly $15.3 million.

Read also: LockBit Remains Ransomware Leader Despite Law Enforcement Pressure

Unusually high losses due to exit scams last month, as per CertiK statistics, are attributed to the damage caused to users of the popular cryptocurrency trading platform BitForex.

On February 23, BitForex's deployers unexpectedly withdrew $56.5 million from customers’ deposits, prompting widespread concern and investigation. While this mysterious incident is still under scrutiny, many security researchers, including CertiK, as well as cryptocurrency users, suspect the incident to be a rug pull. Shortly after the event, the platform went offline, and the project's team has remained unresponsive. This exploit came after another puzzling event - Jason Luo, BitForex’s former CEO, announced his departure from the company in January after a six-year tenure.

Major cybersecurity incidents in February 2024
Source: CertiK, X

Reportedly, BitForex has previously faced regulatory hurdles. In 2019, the platform attracted scrutiny from Japanese regulators due to allegations of inflating trading volume and operating without proper licensing.

The last post from the official BitForex account on X published two days before the massive withdrawal of users’ funds, was filled with questions from customers struggling to access their wallets. Since then, BitForex users have reported being blocked by the platform.

On the day of the incident, the team behind VeVe digital collectibles, whose utility token OMI relied on BitForex cryptocurrency exchange services, claimed on X that "According to the exchange, they are currently undergoing unscheduled maintenance." The team promised to inform its X community of any results from their attempt to contact the exchange directly.

However, it appears the project has also failed to reach out to its exchange partner. "Our efforts to contact the team at BitForex are yet to be answered, and at the time of writing, it is unclear if they will be," VeVe posted on February 26.

Unfortunately for OMI holders, BitForex retained 7% of the token supply, while holding 18% of the TRB supply, according to ZachXBT’s data.

The BitForex exploit not only marked the largest exit scam in February 2024 but also emerged as the most damaging Web3 security incident of the month. The second-largest exploit involved PlayDapp, a popular gaming platform, which fell victim to a significant hack on February 9. The attack facilitated by the exposure of the platform’s private keys allowed the hacker to mint 200 million PLA (PlayDapp) tokens, valued at over $31 million.

The exploit of the FixedFloat automatic cryptocurrency exchange ranked as the third-largest incident last month, causing damage worth $26 million. Other significant exploits affected Jihoz.Ron, Seneca, and DuelBits.

The losses incurred in the BitForex incident far exceeded the second-largest February exit scam that affected Risk on Blast investors, although the scam GambleFi project also caused considerable damage, capped at 420 ETH worth nearly $1.3 million. Additionally, the rug pull was reportedly the first exit scam on the Blast L2 network.

CertiK reported on February 26 that "the project's X account and website were deleted, and funds were distributed to multiple sources including Bybit and MEXC," whereas Juice, another Blast-based project, claimed to have interfered in the situation and managed to "have over $200,000 of the stolen funds that were sent to MEXC frozen."

Crypto influencer Duo Nine emphasized that Blast was doing "zero diligence," as the network labeled the potential of Risk on Blast before the project’s presale as "undeniable."

Interestingly, some cryptocurrency users reported that the scam project’s chatbots were still active on February 28, despite the committed exit scam.

"'Risk on Blast' is providing a much-needed service that benefits everyone involved in the crypto space," the chatbot continued to say.

Other large February rug pulls mentioned by CertiK, although resulting in much lower damage, were the scam BaseCraft, Not Found, and Detto Finance projects.

Read also: Remote Seizure of Cryptocurrency Assets Sets Precedent in Taiwan's Judicial History

In its monthly statistics, CertiK highlighted major exploits conducted through the flash loan attack strategy. This malicious technique involves borrowing a large amount of funds with the help of a flash loan, which can be acquired without collateral, and subsequently manipulating the market or exploiting smart contract vulnerabilities.

According to CertiK, the largest exploit of this type last month affected BirnsDefi, which lost $64,000. Additionally, ZoomerCoin, Azuma ERC404, Synthetic, and RabbitERCX also experienced significant losses due to flash loan attacks.

Fortunately, some projects hacked last month were fortunate enough to recover a portion of the stolen funds. CertiK reports the recovery of about $6.4 million by Seneca and BlueBerry FDN.