April Sees Decline in Losses from Crypto Hacks, Down 67% From March

According to PeckShield, the total value of cryptocurrency that was compromised by hacking dropped by 67% to $60.2 million in April.

In April 2024, losses due to crypto hacks saw an impressive decrease, with losses totaling $60.2 million. Hedgey Finance suffered the biggest loss of $44.7 million because of a vulnerability on the Arbitrum Network. Fixed Float, Grand Base, and Pike Finance also suffered exploits in April. Despite these events, year-to-date losses from crypto-related hacks and frauds have decreased by more than 25% compared to 2023.

Additionally, authorities have been actively cracking down on crypto crimes. The Indian Enforcement Directorate seized millions worth of assets from a scam app and the FBI recently arrested a man involved in a $43 million Ponzi scheme.

Crypto Hackers Steal Much Less in April

In April of 2024, the total value of cryptocurrency that was compromised by hacking dropped by 67% to $60.2 million, according to a report by the on-chain security firm PeckShield. This is a big drop when compared to the $187.6 million in crypto that was stolen in March. The report also revealed that April 2024’s total stolen crypto was down from the $360.8 million that was recorded in April of last year.

Most of April's losses stemmed from 40 individual hacking incidents. The largest of these involved Hedgey Finance, a token infrastructure platform, which lost $44.7 million because of a vulnerability in its token claim contract on the Arbitrum Network. This incident happened on Apr. 19 and ended up accounting for the bulk of the month's stolen assets.

The second major incident involved the Fixed Float crypto exchange, which reported a loss of $3 million due to an issue with a third-party service provider. Grand Base and Pike Finance suffered losses as well, with $2.67 million and $1.6 million stolen respectively.

These breaches not only lead to major financial losses but they also continue to undermine trust in the security of cryptocurrencies, which has a big negative impact on their mainstream adoption. On the bright side, the total value of hacks and rug pulls in the crypto space has seen a decrease of more than 25% year-to-date compared to 2023, with $401 million lost in 2024 versus over $536 million during the same period last year, according to crypto bounty platform Immunefi.

This report also revealed a 46% reduction in losses due to hacks and fraud in April 2024 compared to April of 2023. Hacks are still the main cause of these losses, responsible for more than 94.3% of the funds lost during the month.

Pike Finance Addresses Security Flaw

DeFi protocol Pike Finance recently provided some clarification about its recent vulnerability exploit. Initially, Pike attributed the $1.6 million exploit to a vulnerability in the USDC Coin (USDC), but later decided to change their statement to correct misunderstandings. The protocol confirmed that the exploit was a result of their own security shortcomings, specifically in the smart contract functions associated with the Cross-Chain Transfer Protocol (CCTP), provided by USDC-issuer Circle.

The vulnerability was first identified by Pike’s auditing partner, OtterSec, after an incident that happened earlier on Apr. 26 that resulted in a $300,000 loss. However, Pike’s developers did not fix the flaw in time, which allowed an attacker to exploit the same vulnerability again on Apr. 30. This attack drained approximately $1.68 million in digital assets from the platform, affecting the Ethereum, Arbitrum, and Optimism networks. The stolen assets included $1.4 million in ETH, $150,000 in OP tokens, and about $100,000 in ARB tokens.

Pike admitted that the attacks were due to an "improper integration" of third-party technologies and a misalignment in their smart contract, which allowed attackers to bypass administrative controls to withdraw funds.

Indian Agency Cracks Down on Crypto Scam

People and companies are also not just sitting back and letting crypto crimes happen. The Enforcement Directorate (ED), an Indian law enforcement agency, recently seized assets worth about $10.5 million from an online scam app named E-Nuggets. This operation was made possible through the ED’s cooperation with major crypto exchanges like Binance, ZebPay, and WazirX. The app stored cryptocurrencies valued at approximately $10 million across 70 different wallet accounts on these exchanges.

The ED intervened by contacting the exchanges to freeze and transfer the digital assets from these wallets to the agency's own wallet. The agency's investigations revealed that E-Nuggets was posing as a gaming platform and promised users very high returns on investments through a number of real-money games. After the investments were made, the app stopped working and left investors with no means to recover their funds.

The ED also seized additional assets worth more than 163 crores, or $19.5 million, including cash, more cryptocurrency, account balances, and office spaces. The investigation began in 2022 after some of the app's funds were converted into digital assets, and unearthed 2,500 dummy bank accounts and found $2.2 million in cash.

The mastermind behind the scam, Aamir Khan, along with his associate Romen Agarwal, has been arrested and is currently under custody.

FBI Arrests Man in $43 Million Ponzi Scheme

The U.S. is also actively targeting crypto criminals. The Federal Bureau of Investigation (FBI) and a New York court, recently arrested Idin Dalpour for orchestrating a Ponzi scheme that defrauded investors of $43 million. Damian Williams, the U.S. Attorney for the Southern District of New York, and James Smith, the Assistant Director in Charge of the New York Field Office of the FBI, charged Dalpour with fraudulent activities that included deceptive investment opportunities in a Las Vegas hospitality venture and a cryptocurrency trading enterprise.

Dalpour allegedly pulled in investors with promises of high returns and falsely claimed his business ventures in hospitality and cryptocurrency were profitable. He manipulated his investors by offering them a minimum of 42% annual returns, supported by fake insurance and escrow safeguards.

The scheme involved Dalpour soliciting investments for an entity he controlled, where he claimed to buy cryptocurrency at wholesale prices and sell it at a profit to retail investors. However, instead of conducting legitimate business, he used the incoming funds to pay returns to earlier investors, to cover personal expenses including gambling losses, and to pay for his children's private school tuition.

The scheme was exposed when a group of victims confronted Dalpour in November of 2023, which then led to his confession and acknowledgment of the scheme's severity.

U.S. officials have been on a mission recently to crack down on Ponzi schemes, especially those tied to crypto. This included many high-profile cases, including the SEC's takedown of a $300 million Ponzi scheme under CryptoFX, and the conviction of promoters linked to the collapsed IcomTech. Additionally, Irina Dilkinska, a former executive of the infamous OneCoin scheme, was recently sentenced to four years in prison for her role in laundering money through the scam.

What is a Ponzi Scheme?

A Ponzi scheme is a type of investment fraud where returns are paid to earlier investors using the capital of newer investors, rather than from profit earned by the operation of a legitimate business. This model creates the illusion of a profitable business by promising high returns with little risk to investors.

The scheme relies very heavily on word-of-mouth as satisfied early investors unwittingly recruit even more participants by sharing their success stories. However, the scheme is destined to fail once the influx of new investors slows down, leading to a collapse when it becomes unsustainable to continue paying the promised returns.

Ponzi schemes are very similar to pyramid schemes as both types of scams fund payments to earlier participants through the contributions of new investors. The critical difference lies in the structure; pyramid schemes typically require participants to recruit more investors actively, and they usually collapse when it becomes difficult to recruit enough new participants.

There are many red flags that might indicate a Ponzi scheme. These include guaranteed promises of high returns with little risk, consistent returns irrespective of market conditions, investments that are not registered with the SEC, and sellers who are not licensed to trade securities. Some other warning signs include secretive or very complex investment strategies, a lack of official documentation provided to investors about their investments, and difficulties in withdrawing money.